Skip to content

Instantly share code, notes, and snippets.

@pinheadmz

pinheadmz/hns-tld-claim.md

Last active November 1, 2021 17:28
Show Gist options
  • Save pinheadmz/78f7602d7ebe9df68f3405ddaa921416 to your computer and use it in GitHub Desktop.
Save pinheadmz/78f7602d7ebe9df68f3405ddaa921416 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
hns-tld-claim.md

Claim a Handshake reserved name: ICANN TLD using HSM for DNSSEC signing (e.g. with CentralNic)

Demonstration with Bob Wallet: https://youtu.be/32Oi65rhdfE?t=886

  1. Install Bob Wallet https://bobwallet.io/

    • Must be at least version 0.9.0, due for release in November 2021
    • Launch Bob Wallet, it may take a few hours and around 20 GB of disk space to complete blockchain sync.
    • Create a new wallet one of two ways:

  2. Begin name claim: generate claim TXT

    • Search for the TLD in Bob Wallet and click "claim this name" to open claim dialog
    • Click "next"
    • Click fourth option "HSM / PKCS#11"
    • A TEXT STRING appears starting with the string "hns-claim".
      • This string contains a receive address from your wallet, it is not a private key
      • Click "copy" to copy the entire string

  3. Transmit this TEXT STRING to your DNSSEC HSM operator (e.g. CentralNic)

    • Because it is just a public receive address, sending via email is fine
    • To be extra careful, arrange a phone call or video with CentralNic and ask them to read the string back to you, etc

  4. The HSM operator now must sign the TEXT STRING with the DNSSEC key for your zone

    • See guide at https://github.com/pinheadmz/bns/blob/pkcs11/PROVE.md
    • On a computer with access to the HSM, access to the internet (for DNS requests) and Node.JS installed
    • git clone https://github.com/pinheadmz/bns
    • cd bns
    • git checkout pkcs11
    • npm install
    • Execute the PKCS11 signing command

Example:

./bin/bns-prove \
  --hsm-module /usr/local/lib/nshieldlib.so \
  --hsm-pin 12345678 \
  --hsm-slot 60957830 \
  -b \
  com \
  hns-claim:aakif5unuzgoaoztsqujbzfhc4cjnrya74r74ahuaeaaaaaaaaaklzaororjdpl6qzexi75h7ofhv447lownw5btzuxvs4ibaaaab752t3ca

  1. The output of this command is a signed HNS claim and now must be broadcast to the p2p network.

    • It can be sent back to the Bob Wallet operator to paste and submit from the claim dialog
    • It can be sent by hsd full node using the command hsd-rpc sendrawclaim <base64 string>
    • Because this blob is a signed transaction, it is safe to share with an HNS developer for support, etc

  2. When the claim is confirmed, Bob Wallet should indicate "Claimed Reserved Name" in the portfolio screen.

  3. AFTER 30 DAYS, the name can be registered with Bob Wallet.

    • Find the name in your portfolio or domain manager and click it to show its details.
    • Click "manage domain" from the domain details screen.
    • ADD ROOT ZONE DNS RECORDS
      • If you operate an ICANN TLD it is extremely important that the DNS records you enter MATCH the records in the ICANN root
    • Click "submit"

Once this REGISTER is confirmed in a block, your HNS claim reward will be spendable and your HNS root zone records will be active.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment