dnssdh

dnssdh is a proposed protocol concept intended to enhance the integrity and resilience of the Domain Name System by combining cryptographic hash commitments with distributed storage of DNS data. The name is often described as DNS Security through Shadow Data Hashing, though actual implementations vary and the term is not part of a formal standard. The core idea is to provide verifiable references for DNS records beyond what is offered by DNSSEC alone, by publishing compact, signed hashes of zone data and distributing copies of these hashes and records across multiple trusted nodes.

In typical architecture, a dnssdh system includes an authoritative zone server, resolvers equipped to handle dnssdh

Operation involves bootstrapping trust via a public-key infrastructure, signing of records, and periodic refreshes of hash

As of now, dnssdh remains a topic in research and experimental deployments rather than a formal standard.