Operated by USIDC

The Distributed DNS for the Open Internet

Eliminate downtime and centralized vulnerabilities with our Distributed Domain Name Resolution System, a resilient infrastructure built for reliable, efficient, and tamper-proof DNS. A zero-cost ecosystem for approved participants, powered by fully open code and guided by collective community leadership.

Apply for Access → Learn How It Works

Core DDNRS Nodes

EU-01

Frankfurt

ROOT

Northern Virginia

AS-01

Tokyo

US-03

San Jose

AS-02

Singapore

AF-01

Nairobi

EU-02

London

SA-01

São Paulo

OC-01

Sydney

3600+Total Nodes

99.98%Overall SLA

8.26 msAvg. Latency

The Process

How distributed resolution works

DDNRS replaces the traditional centralized DNS hierarchy with a peer-validated, distributed resolution protocol that is resilient by design at every layer.

Query Initiation

A resolution request is issued from the client. The DDNRS resolver selects the optimal entry node from the regional registry based on current latency and availability scores.

Peer Propagation

The query propagates across the distributed node mesh. Each peer maintains a partial copy of the global zone table, using Merkle-verified consensus to agree on authoritative records.

Cryptographic Verification

Records are signed with the zone owner's Ed25519 key. Clients verify every signature before accepting results, eliminating cache poisoning and DNS spoofing at the protocol level.

Verified Response Delivery

The verified result is returned with full audit metadata — node path, verification hash, and TTL. Records are cached locally with tamper-evident signatures for all subsequent lookups.

Platform Capabilities

Built for reliability at global scale

Decentralize your domain resolution. A high-performance DNS platform engineered for transparency and resilience, cutting the cord from centralized gatekeepers.

Decentralized Zone Authority

Zone records are anchored to cryptographic key pairs, not registrar accounts. You control your namespace directly — no central authority can suspend or redirect your domains without your private key.

Sub-20ms Global Resolution

With nodes across 3600 or more geographic regions, DDNRS routes each query to the nearest peer cluster, achieving resolution times consistently comparable to commercial managed DNS at zero cost.

End-to-End Record Signing

All zone records are signed with Ed25519 keys at publish time and verified client-side on every resolution — a strict superset of DNSSEC with no additional configuration required.

Automatic Failover and Healing

The node mesh continuously monitors peer health. On failure, queries are rerouted in under 200 ms. Zone data is always replicated across at least five independent nodes simultaneously.

DoH and DoT Transport Support

All DDNRS endpoints natively support DNS-over-HTTPS and DNS-over-TLS transports, protecting every resolution request from network-level surveillance and passive eavesdropping.

Developer-First API and SDKs

Manage zones, publish records, monitor resolution health, and query audit logs via a clean REST API with open source SDKs for Node.js, Python, Go, and Rust under the MIT License.

Technical Design

System architecture overview

▤ Application Layer —
DoH / DoT / DDNRS-RPC

↕

▤ Resolution Layer —
Peer Mesh Routing

↕

▤ Consensus Layer —
Merkle Zone Validation

↕

▤ Storage Layer —
Distributed Zone Store

A layered, peer-validated stack

DDNRS is designed with strict layer separation to allow independent upgrades and auditing of each subsystem. The protocol is fully open and specified in the DDNRS RFC series.

Application layer supports standard DNS wire format for drop-in compatibility
Peer mesh uses a modified Kademlia DHT for robust node discovery and routing
Merkle zone trees enable compact proofs of record inclusion and exclusion
Storage layer supports pluggable backends including LevelDB, LMDB, and RocksDB
All inter-node communication is encrypted with mutual TLS 1.3
Zone metadata anchored to a public, tamper-evident transparency log

Who Benefits

Designed for these real-world scenarios

DDNRS serves organizations and individuals that need resilient, sovereign DNS infrastructure beyond what registrar-tied or commercial providers can reliably offer.

Open Source Projects

Resilient Infrastructure for OSS Communities

Open source projects often lack the budget for managed DNS with SLA guarantees. DDNRS provides enterprise-grade availability at zero cost, sustained by a nonprofit community of contributors.

Developer Teams

Isolated Namespaces for Dev and Staging

Spin up isolated DNS namespaces for feature branches, staging environments, and local development clusters — with automatic teardown policies and full API control over the namespace lifecycle.

Censorship-Resistant Apps

Publishing Without a Single Point of Failure

Applications in restricted environments need DNS that cannot be silenced by targeting one registrar. DDNRS has no central chokepoint that an adversary can seize, compel, or take offline.

Research and Education

DNS Protocol and Security Research

Universities and security researchers gain access to a live, open, fully instrumented resolution network with complete protocol introspection capabilities built into the node software.

Web3 and Decentralized Apps

Human-Readable Names for Decentralized Apps

Decentralized applications need naming that matches their architecture. DDNRS resolves both traditional DNS records and custom TLD namespaces controlled by on-chain key pairs.

Mesh and Private Networks

DNS for Private Infrastructure and IoT Fleets

Deploy DDNRS nodes within private infrastructure for naming in mesh networks, IoT device fleets, and air-gapped environments, with an optional sync bridge to the public overlay.

3600+

Global Nodes

99.98%

Overall SLA

8.26 ms

Avg. Resolution Latency

100%

Open Source

Access Application

Apply for DDNRS access

All access is granted through a reviewed application. We do not sell plans or subscriptions — this protects network integrity and ensures fair access for every participant.

Who may apply?Nonprofits, research institutions, open source projects, government agencies, schools, and independent developers with a legitimate, described use case.

What is not permitted?Commercial resale of DDNRS services, spam infrastructure, phishing, botnet command and control, or any use that violates the Acceptable Use Policy.

Is there any cost?DDNRS is entirely free for all approved participants, funded by donations and grants. There are no tiers, credits, or paid plans of any kind.

How long does review take?Applications are reviewed by the Technical Steering Committee within 5 to 10 business days of a complete submission.

Access Request Form

Full Name *

Email Address *

Organization or Project *

Project Website or Repository

Application Type *

Expected Monthly Query Volume *

Domain Namespaces to Manage *

List the domains or custom TLDs you intend to register in DDNRS, one per line.

Project Description and Intended Use *

Describe your project and how you plan to use DDNRS. This helps the committee evaluate fit with the network's mission.

Technical Contact Email *

Person responsible for integration and operations.

Country or Region

Our services are globally equitable.

Optional: I am also interested in…

Running a community node to strengthen the network Contributing to the open source codebase Participating in Technical Steering Committee governance Supporting DDNRS through a financial donation

I have read and agree to the Acceptable Use Policy and confirm that my intended use complies with the DDNRS mission and community guidelines.

Application submitted successfully. The Technical Steering Committee will review your request and reply within 5–10 business days to the email address you provided.

Fields marked * are required. Applications are reviewed in the order received.

Common Questions

Frequently asked questions

More questions? Reach the community via the public mailing list.

Is DDNRS compatible with standard DNS resolvers?

Yes. DDNRS nodes expose a standard RFC 1035-compliant DNS interface. Any system that can point its resolver at a DDNRS endpoint — including over DoH or DoT — works without modification. A lightweight resolver shim is also available for applications that want native DDNRS protocol support with full audit log access.

How is the network funded without charging participants?

DDNRS is supported through foundation grants, individual donations from the developer community, and in-kind infrastructure contributions from organizations that run community nodes. Financial reports are published quarterly in our public transparency portal for independent review.

Can I run my own DDNRS node to help the network?

Absolutely. The DDNRS node software is fully open source under the MIT License. Running a community node strengthens the network for all participants. Node operators must meet minimum uptime and bandwidth requirements and agree to the node operator agreement before joining the public mesh.

How does DDNRS prevent abuse of the network?

The application review process is the primary access gate. Approved participants receive scoped API keys with rate limits calibrated to their stated use case. All zone registrations are written to a public transparency log. The Technical Steering Committee retains authority to suspend zone delegations that violate the Acceptable Use Policy.

What happens if a large portion of nodes go offline?

DDNRS uses a replication factor of seven across geographically diverse nodes. The consensus protocol tolerates up to the floor of (N−1)/2 simultaneous node failures while maintaining full read availability. During a write-partition event, zones remain resolvable from cached data until consensus is completely restored.

Is my zone data visible to other network participants?

Zone records on the public DDNRS mesh are globally resolvable by design. For private namespaces you may deploy a private DDNRS cluster with access control lists that restrict zone visibility to authenticated resolvers only. Private cluster setup is fully documented in the operator guide.