📬 Subscribe
Claims Lingo
Domain Hierarchy

A Top Level Domain (TLD) is at the highest level of the DNS hierarchy.

For example, in the domain name www.example.com, the top level domain is com.

A Second Level Domain (SLD) is a domain directly below a top level domain.

For example, in the domain name www.example.com, the second level domain is example.

A Decentralized Second Level Domain (dSLD) is a second level domain that is self-custodied by the registrant, providing trustless domain ownership and management.

For example, Impervious Registry offers dSLDs.


A Registry is a system to manage TLDs, set the rules for that TLD, and work with registrars to to sell domain names to the public.

Handshake registries include NB Registry, Impervious Registry, etc.

A Registrar is the group that sells domain names to the public.

Handshake registrars include Namecheap, Porkbun, etc.

A Registrant is a person or entity who registers a domain name. Traditionally, a registrant enters into a contract with a custodial registrar. With dSLDs, a registrant self-custodies and self-manages the domain name.

When a Handshake top-level domain is submitted to an active registry to be made accessible to SLD / dSLD buyers and speculators

When a Handshake top-level domain has been staked to a registry and there are active SLD / dSLDs registered to it

When a Handshake top-level domain has been staked to a registry and sent to a script address where its name records are frozen and ownership has been removed.

Locked TLDs are renew-only and renew-by-anyone, meaning the only action one can take on the name is to renew it and that renewal can be performed by anyone.


A Resolver is a server on the Internet that converts domain names into IP addresses.

The DNS resolver contacted by your computer is usually chosen by your ISP (Internet service provider). However, you can configure your network to use a different DNS provider, if you choose.

Fingertip is a Handshake-compatible resolver.

A DNS query is a request that you send to a DNS server. It contains 2 fields: the name (like example.com), and the type (like "A").

The authoritative nameserver is usually the resolver’s last step in the journey for an IP address. The authoritative nameserver contains information specific to the domain name it serves (e.g. google.com)

A recursive resolver (also known as a DNS recursor) is the first stop in a DNS query. The recursive resolver acts as a middleman between a client and a DNS nameserver. After receiving a DNS query from a web client, a recursive resolver will either respond with cached data, or send a request to a root nameserver, followed by another request to a TLD nameserver, and then one last request to an authoritative nameserver.


An SSL certificate is required to enable SSL on your site and build a secure connection between a browser and your server to encrypt sensitive information, such as credit card details or private data.

Typically, SSL certificates are provided by trusted third-party Certificate Authorties

A trusted third party that stores, signs, and issues digital certificates.

CAs are commonly used to sign SSL certificates used in HTTPS, the secure browsing protocol.

DANE enables trustless HTTPS via peer to peer certificate not reliant on Certificate Authorities.

Name Records

A very common type of DNS record. It contains an IPv4 address, like

A common type of DNS record. It contains an hostname address, like example.com.

When you make a DNS query, you get 0 or more records in response. Every record has at least 4 fields: the name, the TTL, the type, and one or more content fields. For example the IP address in an A record is its content.

On-Chain Records are the subset of name records managed directly on the Handshake blockchain: NS, GLUE4, GLUE6, DS, TXT. These records are public and require on-chain transaction fees to add or update.

All other name records are managed off-chain.

Off-Chain records are any name records set via an external nameserver. They do not require gas fees to add or update. Common name records that cannot be added on-chain include A, MX, and CNAME records.

Nameservers are used for hosting domain name records.

Handshake manages just a small set of name records on chain: NS, GLUE4, GLUE6, DS, TXT. All other records are managed off-chain via a nameserver.

You can run your own nameserver like Handout or use a public nameserver like HSHub

Stands for Time To Live. This is a DNS record field. It's an number of seconds. DNS resolvers use it to decide how long to cache the record.


A full node is a program that fully validates transactions and blocks. Almost all full nodes also help the network by accepting transactions and blocks from other full nodes, validating those transactions and blocks, and then relaying them to further full nodes.

The light client can trustlessly resolve Handshake names using only 10mb of memory and near zero CPU. It’s the most secure way to use Handshake because it doesn’t require trusting any third party resolvers that can inspect your DNS traffic.

The root zone is where TLDs are managed.

Traditionally, the DNS root zone is managed by an organization named ICANN. Handshake is an alternative root zone trustlessly managed via a public blockchain.

The Urkel Tree is Handshake's data structure, a base-2 merkelized trie designed for the DNS.

Performance - Stores nodes in flat files instead of an existing key-value store like LevelDB. Urkel is its own database. In benchmarks, this results in a 100x+ speedup.

Simplicity - Maintains only two types of nodes: internal nodes and leaf nodes.

Storage - Internal nodes are small. This is important as internal nodes are frequently rewritten during updates to the tree.

Proof Size - Sibling nodes are a constant size of 32 bytes. This results in an extremely compact proof size.

A covenant is a special purpose smart contract that allows for dynamic consensus-level behavior typically absent in highly-constrained UTXO-based state machines like Bitcoin.

Handshake covenants are designed to enable on-chain auctions for unowned names and on-chain management of owned names.


Custodial wallets are wallet services offered by a centralized business such as a Namebase. Custodial wallets have less user responsibility regarding private key management.When a user outsources wallet custody to a business, they are essentially outsourcing their private keys to that institution. The individual user is not responsible for protecting the private key to the wallet and therefore places trust in the business keeping the private key safe.

Non-custodial wallets do not require the outsourcing of trust to an institution, so no institution can refuse to complete transactions. These transactions are essentially censorship-resistant, as the user controls the private key.

Bob Wallet is a non-custodial Handshake wallet for self sovereign management of Handshake names and coins.

A seed phrase is a group of random words generated by your crypto wallet when you first set it up, and it's incredibly important to keep a record of these words. It’s important to note, private keys and seed phrases are not the same, although both would allow an intruder to spend your coins within that wallet.


Dollarydoos are the base unit of Handshake.

1 HNS = 1,000,000 dollarydoos

0.000001 $HNS = 1 dollarydoo

Community Created

A method to utilize Handshake dSLDs bridged to Ethereum, to enable airdrops into user controlled wallets for idenity-based asset distribution.

Handshake top-level domains bridged to Ethereum and tokenized as NFTs. When staked in a registry, NFTLDs represent control over the subdomain namespace, its rules, and its registration fees.


A Vickrey Auction is sealed-bid second-price format where bidders do not know the bid amounts of other people in the auction. The highest bidder wins at the second-highest price. This sealed-bid second-price auction is designed to incentives bidders to bid their true willingness-to-pay.

Handshake utilizes an on chain auction system to trustlessly manage distribution of unowned names.

Handshake name auctions use a version of Vickrey Auctions that include bids (true bid amount) and blinds (added mask amount). The total (bid + blind) is publicly displayed during the auction.

Other users do not know true bid amounts, only the maximum possible bid amount of other bidders.

Bids in on-chain auctions are locked for the duration of that auction to prevent double-spending in other auctions. Once an auction has concluded, locked HNS from losing bids or blinds can be returned.

For names won in auctions, winning bid amounts are burned and effectively removed from circulation.

HNS Burned is a measure of total auction winnings and a deflationary pressure on Handshake's token supply.


An XPUB, or extended public key, is a special kind of public key used to derive other public keys.

XPUBs are designed to use a new receiving address for every transaction, affording users greater privacy.

HIP-2 Servers use XPUBs on Handshake to name your wallet with a fresh address on every request

Brontide is a secure messaging protocol used on Handshake and the Lightning Network. This allows users to have a secure encrypted socket connection to HSD nodes and hides your resolver requests.