Question: How to use DNS for Kademlia?

Hey all.

We are looking to make a SAFE-network compatible/interoperable network, which can augment the eventual SAFE network with our own infrastructure.

However we have slightly different goals and one of them is smooth accessibility for existing web clients. So we thought about using DNS as an alternative gateway to the Kademlia DHT.

I figured it would be great to ask here. How would you see DNS providing a compatible gateway to the existing SAFE network, so regular web users can take advantage of it? I am talking A/AAAA records with custom ports etc.

So far the designs thrown around were along the following lines:

  1. Have a domain like or top-level domain like .cloud

  2. Then $ would resolve to some IP address which is actually running an HTTPS gateway to the SAFE network. This IP address may change periodically after TTL has expired.

  3. Presumably the DNS can route to ANY computer running an https server serving as a gateway to SAFE network.

  4. This server is analogous to a ClientManager on the SAFE network. It can also serve as a PUSH server using websokets etc.

Has anyone developed such an https gateway server for SAFE and if not, what would be the problem?

It seems that, once developed, any SAFE node could theoretically run such a server as long as its https port wasn’t blocked. And of course nation-states could shut down IPs they find through such DNS queries so this layer may be shut down ultimately, but the rest of the SAFE network would be unaffected.

The great thing about such a proxy gateway is that, by hsing standard https, we become compatible with the entire Web and all the myriad resources that have been hosted on it. You can then move a site to something like and have regular browsers load it, while SAFE network clients could interpret it differently and route it directly through SAFE.

Another nice thing is that we can build our implementation on Layer 7 of the OSI stack, eg using something like the MutableData API to implement chatrooms and so on, and later swap in the SAFE backend, “snapping together” both sides and providing lots of apps that work natively with SAFE containers instead of these $HASH domains.

Any downsides or showstoppers?

@neo is this possible to do?

The way I can see it being done the easiest is to develop an ADD-ON for say firefox or chrome and then it will see *whatever* format you use as a reference to the SAFE protocol and access the client to get the files/pages.

Either set add-on to recognise a different protocol (SAFE:// instead of http://) or maybe safe.whateversite.tld as a reference to safe://whateversite or another format you choose

But is it actually compatible with SAFE network to do so? What do you see as possible showstoppers?

The idea is not to have a gateway, but to redirect requests to the SAFE network to the client rather than accessing a http/https server.

Maybe if your webpage has an image and its link is something like safe://somesafedomain/image.png then the addon would access the client and request the image from the sate address. All done in the browser and no gateway.

Or maybe your server could have a client installed and used do the requests itself before sending the page to the user.

But still safe does not work best this way and still has all the insecurities of the current web when doing this sort of thing

1 Like