Nostr Web Client

Can we do DNSSEC?

It actually does DNSSEC for the root domain dnspub.xyz and then I do a hop to an insecure subdomain ‘npub’ which is under my control. All of the DNS resolvers, do the DNSSEC check and are ok to continue to resolve. I plan to add in the RR_SIG record, but that’s a heavy lift in getting it right, but possible and the goal!

Reply to this note

Please Login to reply.

Discussion

SwBratcher 2mo ago 💬 1

I like the naming conventions you landed on. Clean and to the technical point. 🤙

Tim Bouma 2mo ago

It’s generic enough that if you want to slip in your own additional profile data, say, geohash, it would be immediately available as _geohash.[npub].npub.dnspub.xzy