OnionDNS: A seizure-resistant top-level Domain

The Domain Name System (DNS) provides the critical service of mapping canonical names to IP addresses. Recognizing this, a number of parties have increasingly attempted to perform “domain seizures” on targets by having them delisted from DNS. Such operations often occur without providing due process to the owners of these domains, a practice made potentially worse by recent legislative proposals. We address this problem by creating OnionDNS, an anonymous top-level domain (TLD) and resolution service for the Internet. Our solution relies on the establishment of a hidden service running DNS within Tor, and uses a variety of mechanisms to enable a high-performance architecture with strong integrity guarantees for resolved records. After discussing the details of our DNS architecture, we present our anonymous domain registrar and detail the protocol for securely transferring the service to another party. We also conduct a performance analysis demonstrating the service is fast with an average request latency between 1 and 2 seconds over Tor. In doing so, we demonstrate that the delisting of domains from DNS can be mitigated in an efficient and secure manner.