[CCBL] Domain Name System - Secret DNS


This is a community pool funding request for a domain name system built on Secret, an approved CCBL project.


Team Digiline started building for Secret Network during the HackAtom 7 Hackathon. We delivered a well developed POC of a 100% on-chain trading card game, Secret DreamScape. We then received community bootstrap funding to turn the POC into a fully functional MVP with playable NFTs, and executed that vision in only two months.

The game received little traction at launch. So with our newly built development experiences we went back to SCRT Labs and pushed for a grant to build a Remix-like editor for Secret Contract development. Our logic suggested that if the dApp user base is small then Secret Network needed more dApps, and the best way to attract more dev teams would be to build a better development experience.

We then received a grant to build Phase 1 of the Remix-like editor and it was delivered on time and on budget. After the Phase 1 launch, we expected to commence a Phase 2 build for the editor which would elevate the development experience further. However, the market took a nose dive and SCRT Labs chose not to fund development of Phase 2 until market conditions improved.

Respecting SCRT Labs risk calculus, we brainstormed what else could be deemed more important than the best developer experience during a bear market. We landed on a DNS built on Secret.


DNS is a foundational layer of the internet. It was originally designed to be decentralized but due to lack of blockchain technology, it became the hybrid centralized/decentralized system we have today. DNS is like a top layer of the internet and everyone relies on it equally to trust their data is not exploited or used in malicious hacks. Every time you visit a new website, you use DNS, exposing yourself to vulnerabilities and giving away your data. The DNS market which includes Domain Name Registrars and DNS Service providers is a multi billion dollar industry with an increasing CAGR likely due to Premium Domains and an exponentially growing internet. Despite this, the industry hasn’t changed much since the early 90s and it has some root problems that have never really been fixed. Instead, the industry has been growing by adding more layers of complexity alongside patchwork and duct tape solutions to the DNS system to attempt to fix the problems.

The core problems with DNS are characterized by the following categories, these are the same problems that any complex centralized system will have:

  • Security
  • Privacy
  • Ownership

The DNS market is ripe for disruption and Secret DNS aims to be the project to do so.

This proposal will discuss the problems with the current DNS system and how Secret DNS aims to solve them at the core level. No more patchwork. No more duct tape. No more layers of complexity. Just a simple, secure, private, and decentralized DNS system.

Overview of the current DNS system

The current DNS system is a hybrid decentralized/centralized system. The centralized system is called the root servers and there are 13 of them located around the world. These root servers are the top of the DNS hierarchy and they are responsible for resolving the top level domain (TLD) names to their authoritative nameservers. The TLD names are the names that end with a dot and a letter. For example, the TLD name for the domain name scrt.network is .network. These TLD names are managed by the Internet Corporation for Assigned Names and Numbers (ICANN). ICANN is a non-profit organization that manages the TLD names and they are the ones that approve new TLD names. No new TLDs can be created without ICANN’s approval. These authoritative nameservers control the domain names for the TLDs that they are responsible for. For example, one of the authoritative nameservers for the .network TLD is v0n0.nic.network. The TLD authoritative nameservers are responsible for resolving SLDs, or second level domains to their own authoritative nameservers. For example for scrt.network the nameservers are penny.ns.cloudflare.com and darl.ns.cloudflare.com.

❯ dig +noall +answer scrt.network NS
scrt.network.   86347   IN  NS  penny.ns.cloudflare.com.
scrt.network.   86347   IN  NS  darl.ns.cloudflare.com.

The part of DNS that is currently decentralized is what happens at the domains’ nameservers, which are the last level of the DNS hierarchy. These nameservers are responsible for setting the DNS records we’re all familiar with, such as A, CNAME, etc.

The Problems

Lack of Privacy and Security

When you query a nameserver for a domain name, the nameserver will return the DNS records for that domain name. Additionally, the WHOIS and the RDAP protocols allow for storing additional information about a domain name. This additional information includes the domain name’s owner, the domain name’s technical contacts, and the domain name’s administrative contacts, along with their physical address, email address, and phone number. This information is stored in a centralized database and is completely public - a massive problem for privacy.

The WHOIS privacy protection services many major registrars offer are just a layer of duct tape. Those privacy protection services store your information in centralized databases, which are accessible by anyone with the resources to do so, including registrar employees, TLD companies, ICANN, and hackers.

Worse yet, there’s a more significant problem. DNS queries are not encrypted. Anyone who can see the traffic between you and the nameserver can see the domain name you’re querying - meaning that when you navigate to websites with HTTPS, an attacker may know what website you’re visiting, with a few exceptions. Numerous issues can still arise even when you inherently trust your DNS Recursive Resolver. For example, security researchers have found ways to intercept DNS queries over the network (Randall, A., Liu, E., Padmanabhan, R., Akiwate, G., Voelker, G. M., Savage, S., & Schulman, A. (2021). Home is where the hijacking is. Proceedings of the 21st ACM Internet Measurement Conference.). This has historically been used as a way to track users across browsers and IP addresses (Klein, A., & Pinkas, B. (2019). DNS Cache-Based User Tracking. Proceedings 2019 Network and Distributed System Security Symposium).

There have been attempts at solving DNS security issues with DNS over HTTPS (DoH) and DNS over TLS (DoT) . The problem with DoH lies in trust. In DoH, DNS queries are sent to a centralized entity (such as Google or CloudFlare). You’re now trusting yet another centralized entity to not look at or not store your data. DoT suffers from very much the same problems. DoT is essentially just a different implementation of the same idea as DoH.

We could keep listing issues with DNS for hours here and mention things such as DNS hijacking and DNS cache poisoning, but the above problems are probably enough to illustrate just how insecure the current implementations of DNS are.

Lack of Ownership

Ownership, as most of us understand the term, falls short in traditional DNS. If you were to purchase a domain name such as libertyandprivacyarerights.com, you’d be expected to pay an annual rent to a centralized for-profit entity, your registrar. The registrar then pays the TLD owner and ICANN, and then they can do whatever they want with the domain name. You don’t own the domain name; you only own the right to use it. This is a problem for freedom of speech and freedom of expression. In addition to that, you’re not allowed to transfer your domain name to another registrar without the permission of the registrar you’re currently using, and even when you do have the permission, i.e. the domain is “unlocked”, you’re still not allowed to transfer it to another registrar without a 60 day waiting period. A registrar can also charge you a fee to unlock your domain name and transfer it to another registrar.

The Solution

Secret DNS will provide all the features of traditional DNS. Plus, it will fix the existing problems of traditional DNS that all internet users today accept. Thanks to Secret Network, a truly decentralized and community-governed internet can be born.

Secret DNS is a decentralized, permissionless naming protocol in a separate, community-managed DNS root that will allow anyone to register a domain name, set the DNS records for that domain name, and create a TLD without the need for a centralized entity. Secret DNS will be a completely new DNS root managed by the community. The community will vote on the rules that govern the Secret DNS root, the fees charged for domain name registration and possibly renewal, and the ability to disable domain renewal costs at the TLD level.

Secret DNS aims to prove new ways the internet can be more secure, resilient, and socially beneficial.

Why Secret, and what about ENS and Unstoppable Domains?

  1. Ethereum-based DNS has no privacy controls. It would be possible to discover the owner of a domain and track all of their financial transactions.
  2. Unstoppable Domains does not offer all of the features of traditional DNS such as all record types and classes. Besides wallet address resolution, Unstoppable Domains only resolves IPFS content. Secret DNS will offer all the same experiences used with traditional DNS.
  3. Secret DNS is designed and funded from the ground up to be community owned and governed.

See the table below for a more granular comparison to all other options.

How is Secret DNS different?

# Traditional DNS ENS Domains Unstoppable Domains Handshake Secret DNS
Centralization Centralized to a very small amount of entities Technically controlled by a DAO, but not really decentralized Controlled by the main development team Completely decentralized Completely decentralized
Privacy Very limited and not very trustworthy Nonexistent: every domain is associated to the eth address of the user registering it Nonexistent: every domain is associated to the eth address of the user registering it Limited. Once someone knows you own a particular domain they can quickly find out all the other domains you own. Verifiably Private
Security Very low, for the reasons mentioned above Low, DNS queries can be tracked by the querying node or by MitM attacks Low, DNS queries can be tracked by the querying node or by MitM attacks High: DNS queries are entirely private and cannot be tracked (assuming that the resolving happens with hnsd). Very High: DNS queries are entirely private and cannot be tracked. Queries don’t even need to go to any other server to resolve to an answer.
Ownership Low Medium, the owner truly has control over the domain and decides what to do with it, but they still need to renew a domain to not lose control High, the owner truly has control over the domain and decides what to do with it High, the owner truly has control over the domain and decides what to do with it High, the owner truly has control over the domain and decides what to do with it
TLD-Creation Centralized, long laborious process Centralized process Centralized process Completely decentralized and community controlled. Completely decentralized and DAO controlled
Domain Creation Slow, may take up to a day with some registrars Fast, always takes a few minutes to a few hours Fast, always takes a few minutes to a few hours Extremely slow, may take days or weeks to get a domain, depending on how popular it is. Instantaneous, takes 6 seconds
Censorship and control Centralized, multiple entities have power to censor Centralized, but unlikely Centralized, but unlikely Not possible without a hard fork DAO controlled and discouraged for anything but the worst things imaginable

Deliverables, Timelines, and Ask


  • Root Contract - This contract replaces the traditional DNS root run by the 13 entities mentioned above. It will also manage TLDs and all the records for every domain, replacing every layer of the traditional DNS root as well as the TLD servers and domain nameservers.
    • Estimated delivery date: Oct. 20th
  • DAO contract - This contract adds the DAO controls so that DNS finally becomes a community managed service, enabling the community to own a foundational layer of the internet.
    • Estimated Delivery Date: Oct. 27th


  • A browser extension - will allow user to browse websites on Secret DNS.
    • Estimated Delivery Date: November 10th
  • A basic frontend registrar service - will be built that allows users to purchase domains.
    • Estimated Delivery Date: November 10th

All contract code will be open sourced at the conclusion of the project. Estimated date of November 10th.

Total ask $40,000. Amount of SCRT asked to be updated in this thread at time of going on-chain.

Funds will be used for product development, testing, design, quality control, and post MVP business development. We have a third and possibly fourth team member ready to join us for this effort if the proposal passes.

Expectations After Community Bootstrapped MVP

The community funds will provide us the development support we need to bootstrap a fully functional MVP. The MVP will need further support to grow and develop into a domain name system that becomes widely adopted. The end goal being native OS and native browser support.

After launch, we will hold an NFT sale. There will be 1337 NFTs each with a unique rarity score. The rarity score will be proportional to the amount of Secret DNS utility tokens (SDNS) that can be claimed by the owner of the respective NFT.


This is really exciting! SCG Ventures supports this proposal :100:.


You got my full support for this prop :star_struck:


Based on previous experience with the team I would like to see a marketing piece added to this proposal before making up my mind if I support this.

The community pool funded the team to build Secret Dreamscape, which afaik was technically executed well, but has not contributed to chain KPIs as the app is not used. Back in the day, and till this day, little (IMHO) has been done in marketing for Secret Dreamscape. I worry, that without having a better insight of what you will be doing differently in terms of marketing, the budget asked will result in a similar low impact.


Yes - Step 1 is build an extension and launch an MVP with that. We can also submit a PR to Brave but that will require a second phase of development that outside of scope for this MVP.

It’s great to see community members asking these questions, and I hope the community will contribute possible answers on this forum. While marketing is not within the scope of this CCBL project, we are happy to provide ideas collected by some key leads within the community so far.

  • Develop a partnership with Akash. At the very least, it would make sense for Akash to promote Secret DNS. The synergies of an Akash + Secret DNS + Secret tech stack are unquestionable.
  • Promoted social media ad campaigns. Reddit and Twitter.
  • Organic user-generated content campaign. Lean on the Agents and broader Cosmos community for this one. We created a survey to share that should help identify early customers and the best TLDs. Please share with your contacts within the Cosmos; early participation helps! https://forms.gle/YbFJjMJXZshV7h987

There is a thriving ecosystem of talent here. It’d be great to see more ideas openly shared. After the MVP release, we will announce more details about the NFT sale and how it may encourage more community participation.

Re: The Team’s marketing efforts for Secret DreamScape:

Here’s what was accomplished (and some failures) with the minimal marketing budget Secret DreamScape received from the community pool.

  • A web-property was built to market, purchase, and view a customer’s Secret DreamScape NFT collection.
  • We created an organic following of ~700 Twitter followers.

Some trials and failures included:

  • We attempted to pay for paid social media influencer marketing but realized prices were generally far outside our budget.
  • Attempted to pay for some paid promoted social media ads (Twitter and Reddit) but were denied service due to violating those platforms’ Terms of Service. We could try these campaigns again now that the NFT hype has simmered. Also, communicating the need for crypto in on-chain transactions is hopefully understood by more non-technical people in the space today.

I’d like to briefly highlight that as of proposal #101 (the latest iteration of the CCBL) the upper limit for CCBL spends is 25k SCRT or 100k USD, whichever limit is hit first stands as the upper limit. With the current valuation this proposal would fall outside of the CCBL boundary conditions.

That of course does not prevent this proposal from going on-chain :slight_smile:


This proposal is now on-chain. At current price of Secret and with 10% volatility buffer, the total ask is 46,554.2 SCRT.

Looking forward to more discussion and idea sharing here and on the gov call.

1 Like

They could partner with Decentr browser to start… to have the extension already integrate

1 Like

Honestly I think it’s absurd you are asking for a volatility buffer when you are close to 100% over the theoretical community agreed limit. For that reason I don’t support.

1 Like

The volatility buffer is encouraged by the 2022 Secret Network Charter and Code of Conduct, which has been agreed upon by the community in prop #81:

2022-Q1 Secret Network Charter - Google Docs
For spend proposals, a 10% volatility buffer should be incorporated to offset potential downturns in the valuation of SCRT. If immediately upon closure of the voting period the value of the ask is 10% below the original ask (in USD, without volatility buffer) another spend proposal should be placed on-chain immediately for the difference. For time-limited proposals, such as those of committees, the funding duration can instead be adjusted to prevent ‘proposal fatigue’.

Furthermore, the CCBL amount is just a guideline and doesn’t prevent projects that go over that amount from going on chain.

Considering the network’s #1 need (high quality dApps that can’t be built on any other chain), we believe the value of this project far exceeds the amount requested, and that value will be returned to the community through a stronger price in SCRT.

1 Like

Quite rich to bring up prop #81 as justification but then completely ignore the limits on #101 lol.

1 Like

How does this differ from Handshake/HNS (handshake.org) ?

Thanks for the comparison with ENS/UD, but this is more similar to HNS so would love a comparison/redundancy review with it, rather.

1 Like

Curious what you think about integrating Handshake for this. Handshake provides a potential solution to this with blockchain based DNS and domain names. Created by Joseph Poon (Co-invented Lightning network), JJ, Reimplemented bitcoin in node.js “bcoin” and recently reimplemented Bitcoin in C “Mako”, Andrew Lee founder of purse dot io and a second Andrew Lee from Private internet access.

Here are a few links to check out if your interested, including a recent talk from Namescon a couple months ago where Mathew gives a great educational talk on handshake.

Article written by the Cosmos’ own Chjango Unchained - https://www.decentralizedinter.net/blog/a-foundation-for-the-third-internet-era

handshake dot org


I think the project itself is interesting and would really like to vote “yes” to fund such a project.
But the proposal is only about developing a product and it completely neglects all other aspects of a succesful project. Who are your potential customers, how do you want to reach them, how to convince them etc.

I have no doubt, that you can create the product and believe in your technical knowledge, but I doubt this project will ever take off and contribute to any Secret Network KPI and in a few months, we will have a third proposal for a new product without any kind of business plan.


I would like to see this developed and i think Digiline can do a great job at that but i must say i am a bit disappointed so far with the how and what you have delivered so far.

We can be nice and whatever but truly Secret Dreamscape was a flop. It is now a nice open source codebase but since there is no team to actually work on it and market it the game is not played. This 100% on the way things were executed imo. Besides that the NFT sale only made the whole ordeal worse. This have the idea that the game would actually be supported but truly these people are left holding worthless cards.

For Secret IDE i think its a shame that there is no 2nd development phase, i know this is not your fault but it ties into my next point. This is that i think the Digiline business structure is wildly unsustainable. You guys try to be a consistent entity in this ecosystem but dont have any sustainable funding. this is now the 3rd project where a yes/no from the pool/Scrt labs basically determines the succession. Secret-DNS doesnt change this and i expect another ask to come after this for yet another not supported product.

So then we come to Secret DNS. I think it is strange that you guys parade for 2 months that this is coming but for some reason only put a proposal on the forum for the exact 7 days and then go to the pool immediately. didnt do anything wrong but more feedback could have been gathered if more time was spent actually having it on the forum. Besides this it seems to me like this is yet another project for digiline to bag an x amount of SCRT for only developing something. You guys are not tied to the success of this project and for this reason i dont think it actually will succeed. Normally this is not a problem for a CCBL but you are going way beyond the funding boundaries set by the CCBL. NOTE: I hope you guys dont actually go through with selling another batch of NFTs if you cant guarantee value in further developing this project.

I wish Digiline would set up a sustainable business structure like others in this ecosystem and built products that provide value to their business. this way digiline can keep supporting their products and have a healthy place in this ecosystem. I think the community has 0 guarantees that Secret-DNS will have a long term future which is a failure imo. Therefore i wont support this proposal.


Secret DNS and HNS have their pros and cons, and we believe that the decisions made with Secret DNS may make a better product in the long run.

Handshake is a great project; as you’ve hinted, Secret DNS is very similar to it. There are, however, a few crucial distinctions.

  1. Future Proofed. With Secret DNS, we decided to get away with certain DNS paradigms and decided to move those entirely on-chain. For instance, DNS record management happens entirely on-chain. This means that with Secret DNS, DNS queries never have to jump to too many servers (except when looking up certain records, such as CNAME, for obvious reasons). When running a Secret node, you can execute DNS queries entirely on your local network without contacting any server. HNS uses the nameserver paradigm from traditional DNS, so even when running hnsd, you will still have to send a request to another server to make a query. With Secret DNS, you don’t. You can perform DNS queries in sub-ms time if you run a local secret node.

  2. Privacy, privacy, privacy. On HNS once someone knows your wallet address, they know all the domains you own automatically. On Secret DNS, that’s not possible.

  3. DAO-Control. While HNS is an open-source project, and everyone can contribute to it, it’s hard for non-technical people, and even technical people can only go so far. Sadly not everyone can code yet :slight_smile: Secret DNS’s token provides more utility at MVP launch via DAO governance.

  4. Batteries Included. Secret DNS combines the features of HNS, namebase, and registrar services for SLDs, all in one place.

  5. More features. For example: rather than relying on .well-known directories hosted on some server, Secret DNS integrates the same features as HIP-0002 entirely on protocol, meaning that if someone wants to attach their wallet to their domain, the entire wallet resolution can happen in one query (using the custom class WT) rather than a query + a web request, making the whole ordeal faster. There are more technical features we’ve been planning, but we will reserve them for a later discussion.

Full disclosure: Digiline does support the idea behind HNS, and we’re the owners of certain domains on HNS such as digiline/, we, however, believe that Secret DNS is an improvement over HNS.

1 Like

Thank you for expressing your disappointment with Secret DreamScape. We can empathize with anyone in the community who feels the same about SD. Here’s some additional context for our point of view:

Truly what can be done if no one was willing to play the game? The game is experimental (a mashup of poker and scrabble) all built on a niche blockchain that most crypto enthusiasts have not even heard of. We launched a fully functional, stable build with all features needed to party-up with friends…and not a single friend group from the community attempted to play the game. The logical deduction, using @winston 's previous words, “let’s not throw more good money after bad”.

Let’s break this down into two scopes. The Digiline business model and current status of Secret IDE.

  1. Secret IDE. We never stopped working on Secret IDE. Secret IDE is in maintenance mode where new community requested features and bug fixes can and will still be built. Some post Phase 1 release highlights include:
  • It is now entirely available on web (as a beta) without having to download anything or install docker.
  • We’re also integrating localsecret into Secret IDE web, and adding more features (such as an explorer for the aforementioned localsecret instance).
  • We partnered with Secret University to integrate Secret IDE into the courses on Secret University.
  • Fixed several bugs reported by @Cashmaney and other community members.

You are correct that the development on the Secret Contract Debugger on Secret IDE has been delayed because it’s not feasible to work on that without any funding, so, we decided to delay Phase 2 as requested by @guy , but we have never stopped working on Secret IDE.

  1. Digiline business model. We believe web3 privacy is a problem that must be addressed now, which is why we want to work with the Secret community before any other blockchain community. In our humble opinion, it is better to focus on building tools and products for Secret (and to a certain degree, the Cosmos) to help this community become the sustainable force it must be.

I apologize if the last 6 calls to action for the community members in the weekly governance calls came off as parading. That was not the intent. Our intentions were only to ask for community participation, especially with respect to filling out the Secret DNS Cosmos Community Survey.

Regarding Community Pool Spend

I understand that the community pool funds are meant to bootstrap teams to build projects; ideally, those projects become self-sustainable. However, since Digiline joined the community almost 12 months ago, we have seen only two other dApp projects receive funding from the pool, Cover and the Crowdfunding CCBL.

Based on where the Network is today, we believe the community pool should fund teams that will build useful dApps and open source them - without expecting lean development teams to figure out every other nuance to starting sustainable businesses. Otherwise, the pool risks sitting on too much dry powder, letting perfect be the enemy of good.

  1. Your ask exceeds the 25k SCRT limit so it’s better for us to vote NO to your request. However, we’re still open to hearing your expected expenses/budgets to better understand your need/market requirements. We also think that it is possible to deliver a DNS solution for 25k SCRT given how much tooling already exists in this area.

  2. How do you intend to use the proceeds of your NFT sales? (Asking from the perspective of the SCRT community funding your development efforts)

Greetings Community,

One month ago the chain voted to fund the development of Secret DNS. Progress is moving along nicely and we expect to deploy to testnet for beta testers soon. We encountered one significant blocker in developing the browser extension, and as a result, were forced to abandon browser extension development. To compensate for this miss, we put in overtime hours to accelerate the development of the longer term solution that would have eventually replaced the browser extension anyway: a DNS Resolver that can resolve domains on Secret DNS. We have also addressed the community’s concerns over marketing by working with a marketing team to help create content to push people towards Secret DNS, and we’ll share more about that in the near future.