makoto
makoto

8 min read - Posted 30 Oct 18

Step by step guide “Claim your DNS domain on ENS”


This is a note I took while setting up matoken.xyz ENS address using NameCheap and Google Cloud DNS. Before continuing this blog post, make sure you read the original post by Nick Johnson Nick’s blog post is fairly concise and well written for people who have good understanding of how to administer DNS. If you are not so familiar with administering DNS like me, then this step by step guide with plenty of screenshots may help. (Warning: readers are expected to know how to work with command line tools and git).

0 — Pre-requisite

Before starting this, make sure you have the following.

  • go Ethereum installed on your local machine (Parity may work but I haven’t tried). Your node does not necessarily have to be in sync.

  • Ethereum account for “ Ropsten ” testnet with some Ether preloaded (NOTE: Ethereum account generated from Metamask won’t work as of writing this article).

  • .xyz registered domain and have admin access to change its record (I suggest creating a new domain rather than using your live domain so that you can mess with things. You can get the domain as low as £0.71 for the first year from NameCheap)

article image

1 — Setting up DNSSEC signing

Depending on your DNS provider, this may be really easy, or quite involved.

This is what Nick mentioned in the very beginning. I spent almost half a day figuring out but once you know it all, probably only takes 30 min to actually do it. 1.1 Does NameCheap supports DNSSEC? To figure that out, I read this article.

article image

Luckily .xyz domain is one of 14 domains NameCheap supports and enabling DNSSEC is as easy as sliding right… that’s what I thought at first.

article image

1.2 Does NameCheap support the SHA256?

Whatever provider you need, make sure you select RSA signatures and SHA256 hashing.

When you see your domain info using Verisign’s DNSSEC debugger , it tells you which algorithm each layer of DNS provider uses.

article image

Unfortunately, NameCheap uses ECDSAP256SHA256 for signing messages rather than RSASHA256. I couldn’t find any option to change that from NameCheap admin panel. I initially thought that I have to get another .xyz domain from Google domains (later found out they don’t sell .xyz domain) but he suggested to just change DNS provider.

article image

It turned out that it is relatively easy to specify “Custom DNS” from NameCheap admin panel rather than using their own DNS servers.

article image

1.3 Use Google Cloud DNS as custom DNS The good news is that Google recently started supporting DNSSEC.

article image

Setting up DNS from Google Cloud public DNS was quite easy. You just fill in “Zone name” (just an identifier you can make it up), DNS name (the domain name you purchased from NameCheap), then enable DNSSEC “ON”.

article image

Once created, it will show the list of Google Cloud DNS server names which you can copy & past to your NameCheap admin panel.

article image

1.4 Point Name Name servers to Google Cloud DNS from NameCheap control panel Now go back to your NameCheap control panel and choose “Custom DNS” which allows you to add name servers you saw from Google Cloud DNS

article image

article image

1.5 Add DS Record Is this it? Not quite. When I looked into https://dnssec-debugger.verisignlabs.com/matoken.xyz for the first time, I saw one error message.

article image

article image

Ah, I have to somehow tell NameCheap about something called “ DS Record ”. DS stands for “Delegation of Signing” and it provides information about a signed zone file(which you created at Google Cloud DNS). Enabling DNSSEC requires this information to complete the setup of your signed domain name (NameCheap). It took a while to find out where DS Record is on Google Cloud DNS panel. but clicking “Registar Setup” will get you to the necessary info.

article image

article image

Now go back to NameCheap and activate “DNSSEC” toggling button. It will show you DS record input field which you can paste from Google Cloud DNS.

article image

I probably waited 15 ~ 20 min for the record to be reflected on https://dnssec-debugger.verisignlabs.com/matoken.xyz

article image

You just finished the hardest part. The rest is relatively easy compared to what you have done so far.

2 — Adding a TXT record

To claim ownership of mydomain.xyz, create a TXT record in your DNS zone, _ens.mydomain.xyz, with text data of the form a=0x1234..., where 0x1234... is the Ethereum address you want to give control of the ENS record to.

This part is relatively straight forward. TXT is a type of DNS record literally provides the ability to associate arbitrary text with a host or other name. This is a bit similar how https://faucet.rinkeby.io request you to tweet with your Ethereum address so that you can prove that the twitter account owns the specific Ethereum address.

article image

3 — Interacting with the DNSSEC oracle

3.1 Setup go environment This part may be super easy if you use golang day to day. I don’t code golang but my Mac already had it installed. Maybe it was installed when I installed go-ethereum ? If golang is installed, you have to set two environment variable, GOROOT, GOPATH, put $GOROOT/bin into your $PATH, then create a folder with src , bin , and pkg folder

[~/src/dnsprove -  (master)] $ which go
/usr/local/bin/go
[~/src/dnsprove -  (master)] $ go version
go version go1.10 darwin/amd64
[~/src/dnsprove -  (master)] $ mkdir ~/work/golang
[~/src/dnsprove -  (master)] $ mkdir ~/work/golang/{src,bin,pkg}
[~/src/dnsprove -  (master)] $ echo export GOROOT=/usr/local/opt/go/libexec >> ~/.bash_profile
[~/src/dnsprove -  (master)] $ echo export GOPATH=$HOME/work/golang  >> ~/.bash_profile 
[~/src/dnsprove -  (master)] $ echo export PATH=$PATH:$GOROOT/bin:$GOPATH/bin >> ~/.bash_profile 
[~] $ . ~/.bash_profile 
[~] $ cd $GOPATH

3.2 Install dnsprove go get is go equivalent to npm install for node.js or bundle install for Ruby. After taking a while, you should see dnsprove command under $GOROOT/bin directory.

[~/work/golang] $ cd src/
[~/work/golang/src] $ git clone https://github.com/arachnid/dnsprove
Cloning into 'dnsprove'...
remote: Counting objects: 24, done.
remote: Compressing objects: 100% (6/6), done.
remote: Total 24 (delta 0), reused 3 (delta 0), pack-reused 18
Unpacking objects: 100% (24/24), done.
[~/work/golang/src] $ cd ..
[~/work/golang] $ go get
[~/work/golang] $ ls src/github.com/arachnid/dnsprove/
LICENSE        README.md    dnsprove.go    oracle        proofs
[~/work/golang] $ ls bin/
dnsprove

3.3 run dnsprove I usually use rinkeby testnet so rostpen was not in sync. I initially tried to sync with --light but it often fails to find a peer node to sync. To work it around, you can use Infura RPC end point.

bin/dnsprove --rpc="https://ropsten.infura.io"  --address=0xd7296b6044ffd0565062345c2eaa4017024b2d22 --keyfile=YOUROWNKEYFILE TXT _ens.matoken.xyz.

Until this far, I was using an Ethereum address generated by Metamask, but I realised that I have to pass --keyfile which Metamask does not have. That’s why I mentioned at the pre-requisite section that your account has to be generated with geth so that it has keyfile. Anyway, if all goes well, it should see the following output (it also asks to send 4 transactions).

article image

4— Claiming your domain in ENS

In Nick’s original post, he assumed that you have local geth node in sync so that you can claim the domain from geth console. However, I used Infura remote node so my local node is not in sync? How do I work around? 4.1 Encode your name through node console. The workaround Nick suggested was to first generate the encoded string from node console then copy & paste the outcome to MyCrypto .

[~/work/golang/src/dnsprove -  (master)] $ node
> function encodeName(buf, off, name) {
  if(name == ".") {
    buf.writeUInt8(0, off++);
    return off;
  }
for(var part of name.split(".")) {
    buf.writeUInt8(part.length, off++);
    buf.write(part, off)
    off += part.length;
  }
  return off;
}
function hexEncodeName(name) {
  if(!name.endsWith(".")) name = name + ".";
  var buf = new Buffer(name.length + 1);
  var off = encodeName(buf, 0, name);
  return "0x" + buf.toString("hex", 0, off);
}
undefined
>  hexEncodeName("matoken.xyz")
'0x076d61746f6b656e0378797a00'
>

4.2 Call claim function from MyCrypto Once the name was encoded, go to MyCrypto, copy the Contract Address and ABI interface

article image

Once MyCrypto recognise the ENS contract, you can pick claim function with passing the encoded name as an argument.

article image

article image

4.3 Verify the result Once the transaction is confirmed, Go to manager.ens.domains with network pointed to Ropsten network.

article image

Tada! You can see that matoken.xyz is assigned to the owner name I added onto TXT record on Google Cloud DNA. Conclusion Currently it is still quite a lengthy process, but it is cools to be able to claim ENS address tied into your DNS name. I encourage you to try out with different providers and share the knowledge so that it will be easier for ENS team to come up ways to make your on boarding process a lot easier. (Special thanks to Nick Johnson for helping me completing this work and also reviewing this blog post).

Created with Sketch.Content is"CC-BY-SA 4.0" licensed
Article On-chain
Article Author
0 Comments
Related Articles
Claiming your DNS on ENS via Web (3/3: The code)

The Theory The Demo 3. The Code Previously In the second blog post, I showed you how the demo web app works. In this final blog post, I will explain how this demo code was built by assembling the multiple ENS related libraries. NOTE: The library API are evolving and it will more likely become out of date fairly quickly 3. The code Before diving into the code, let me quickly explain various components which this demo code uses. ENS = The main smart contract repository which contains various smart

makoto
Makoto Inoue

30 Oct 18

Claiming your DNS on ENS via Web (2/3: The Demo)

The Theory 2. The Demo The Code Previously In the first blog post, I talked about the theory behind how DNSSEC can prove that a certain Ethereum address belongs to a domain and how ENS can use the mechanism by submitting the proof into DNSSEC Oracle smart contract. In this blog post, I will show you how the actual process works on the web. 2. The Demo I have been working for the past few months making it easier to retrieve the proof from DNS and submit into the DNSSEC Oracle smart contract, and

makoto
Makoto Inoue

30 Oct 18