Skip to main content

Configure DNS

Every OA document's provenance can be verified and traced back to its creator or issuer. This is achieved by embedding an identityProof property in the document, which serves as a claim for identity. During the verification phase, the claim is checked against external records.

Example Issuer Identity

In this example above, the document's issuer is bound to horizontal-beige-goose.sandbox.openattestation.com.

In this guide, you will bind the document issuer's identity to a valid domain name. This domain will be displayed as issuer every time the document is rendered in an OA-compliant decentralized renderer.

You will be inserting a temporary DNS record on our DNS at sandbox.openattestation.com so you do not need your own domain to follow the guide. If you prefer to use your own domain name for the identity, you may skip the steps involving the CLI and instead read the DNS Configuration Guide.

In the DID method, you will only use the wallet address as signing credentials and bind it to a domain.

Creating temporary DNS proof

With your wallet address, run the following command:

open-attestation dns txt-record create --public-key did:ethr:0xaCc51f664D647C9928196c4e33D46fd98FDaA91D#controller

You need to prepend your wallet address with did:ethr: and append #controller to it.

Using the same uniresolver link as before, change YOUR_WALLET_ADDRESS below and view your own DID via:

https://dev.uniresolver.io/1.0/identifiers/did:ethr:YOUR_WALLET_ADDRESS

Check the values in the output. The public-key parameter in the creation command above MUST match the id property value:

[
  {
    "id": "did:ethr:0xaCc51f664D647C9928196c4e33D46fd98FDaA91D#controller",
    "type": "Secp256k1VerificationKey2018",
    "controller": "did:ethr:0xaCc51f664D647C9928196c4e33D46fd98FDaA91D",
    "ethereumAddress": "0xacc51f664d647c9928196c4e33d46fd98fdaa91d"
  }
]

Getting the response

Once the DNS TXT record has been successfully deployed, you will see the success message with the bound location.

✔  success   Record created at horizontal-beige-goose.sandbox.openattestation.com and will stay valid until Fri Nov 27 2020 14:12:03 GMT+0800 (Singapore Standard Time)

In the example above, the DID public key did:ethr:0xaCc51f664D647C9928196c4e33D46fd98FDaA91D#controller has been bound to the horizontal-beige-goose.sandbox.openattestation.com location.

Verification

Replace horizontal-beige-goose.sandbox.openattestation.com with your DNS name, and then run the following command to make sure the entry has been propagated to the DNS:

open-attestation dns txt-record get --location horizontal-beige-goose.sandbox.openattestation.com

It will display the list of the DNS TXT records associated to that location:

┌─────────┬────────────┬───────────┬──────────────────────────────────────────────────────────────────┬─────────┬────────┐
│ (index) │    type    │ algorithm │                            publicKey                             │ version │ dnssec │
├─────────┼────────────┼───────────┼──────────────────────────────────────────────────────────────────┼─────────┼────────┤
│    0    │ 'openatts' │ 'dns-did' │ 'did:ethr:0xaCc51f664D647C9928196c4e33D46fd98FDaA91D#controller' │  '1.0'  │ false  │
└─────────┴────────────┴───────────┴──────────────────────────────────────────────────────────────────┴─────────┴────────┘

Note: It will take some time (usually 10s to 15s) for the record to be correctly propagated to DNS.