Beta Downloads

Warning

The downloads on this page are not yet ready for general-purpose production use. We’d love to hear what works and what doesn’t (that’s why they’re posted here), but don’t use them in any situation where failure could result in consequences that you’re unwilling to accept. For example, don’t use them with wallets that contain coins or names that you aren’t willing to sacrifice to science.

The more people test these downloads, the faster they’ll be ready for release. However, there are no guarantees of when, or if, these downloads will be released in final form.

As usual, it is a good idea to verify the hashes and signatures of these downloads (especially the ones not hosted on namecoin.org). The more people reproduced the hashes, the better. If you’re paranoid, run them inside an isolated virtual machine.

Namecoin Core

• Namecoin Core 0.15.99-name-tab-beta1 (GNU/Linux ARM 64-bit)
• Namecoin Core 0.15.99-name-tab-beta1 (GNU/Linux ARM 32-bit)
• Namecoin Core 0.15.99-name-tab-beta1 (GNU/Linux x86 64-bit)
• Namecoin Core 0.15.99-name-tab-beta1 (GNU/Linux x86 32-bit)
• Namecoin Core 0.15.99-name-tab-beta1 (Source code tarball)
• Namecoin Core Gitian signatures
• Namecoin Core source code

Things to Test

• Full flow for registering names.
• Full flow for updating and renewing names.
• State display in the names list.
• The above with mainnet, testnet, and regtest networks.
• The above with encrypted locked, encrypted unlocked, and unencrypted wallets.

Known Issues

• Windows builds not working (should be fixed in Beta 2)
• macOS builds not working (should be fixed in Beta 2)

ConsensusJ-Namecoin

ConsensusJ-Namecoin is a lightweight SPV client that acts as a drop-in replacement for Namecoin Core’s name lookup functionality (e.g. for browsing .bit domains with ncdns). It synchronizes faster and uses less storage than Namecoin Core, but trusts Namecoin miners more than Namecoin Core does.

You need to have Java installed:

• If you’re using GNU/Linux, use your package manager.
• If you’re using Windows, download it from the Oracle website. Make sure you right-click the .exe installer, click Properties, and click Digital Signatures. It should be signed by Oracle America, Inc. If it is not, do not install it.
• We’re not sure about OS X. If anyone can contribute instructions for OS X, let us know.

If you’re using Windows, you will need to install the Microsoft Visual C++ 2010 Redistributable Package.

• ConsensusJ-Namecoin v0.3.2.1 (cross-platform JAR)
• ConsensusJ-Namecoin v0.3.2.1 Signature (Release signed by Jeremy Rand)
• ConsensusJ-Namecoin source code (use the consensusj-namecoin-0.3.2.1 branch)
• libdohj source code

Preliminary instructions are here.

Known Issues

• Relies on patches to ConsensusJ that are not yet upstreamed.
• Proxies are not yet supported.
• Build is not yet reproducible.

Electrum-NMC

Electrum-NMC is the Namecoin port of the lightweight Bitcoin wallet Electrum.

Preliminary Electrum-NMC documentation is here.

• Electrum-NMC v3.3.6 for GNU/Linux, Windows, and macOS (Python tar.gz)
• Electrum-NMC v3.3.6 for GNU/Linux, Windows, and macOS (Python zip)
• Electrum-NMC v3.3.6 for GNU/Linux (x86_64 AppImage)
• Electrum-NMC v3.3.6.1 for Windows (Standalone Executable)
• Electrum-NMC v3.3.6.1 for Windows (Portable version)
• Electrum-NMC v3.3.6.1 for Windows (Installer)
• Electrum-NMC v3.3.6 for Android
• Electrum-NMC v3.3.6 Signature (Release signed by Jeremy Rand)
• Electrum-NMC source code

Known Issues

• AuxPoW support is still experimental.
• P2SH and SegWit are not yet disabled in the GUI. Don’t use those features, since P2SH and SegWit aren’t enforced on Namecoin yet, meaning that coins sent to such addresses can trivially be stolen.
• Hardware wallets other than Trezor and Safe-T mini are untested and probably don’t work.
• Name transactions are not yet supported for hardware wallets.
• The Android version doesn’t yet have most of the Namecoin-specific GUI features.
• AppImage binaries have not yet been tested.
• macOS binaries are not yet available.
• Build reproducibility is not yet tested.

ncdns

ncdns is software for accessing .bit domain names. If you want to access .bit domain names, ncdns is most likely what you want to install.

See the ncdns documentation.

The ncdns Windows installer also automatically installs and configures a Namecoin client (Namecoin Core or ConsensusJ-Namecoin) and Dnssec-Trigger/Unbound, and sets up TLS certificate validation in any supported web browsers that are installed (see documentation for a list of supported browsers). It’s basically all you need for browsing .bit domain names.

Before running the ncdns Windows installer, you will need to install the following:

• Visual C++ Redistributable for Visual Studio 2012
• Visual C++ Redistributable for Visual Studio 2015

ncdns plain binaries are also available for most major operating systems. These are useful for advanced users or for users who are not on Windows. Using these will require setting up Namecoin Core and a recursive DNS resolver (e.g. Unbound) separately; they can sometimes be used for TLS certificate validation, but additional setup is required.

• ncdns v0.0.9.2 GNU/Linux (64-bit x86) plain binaries
• ncdns v0.0.9.2 GNU/Linux (32-bit x86) plain binaries
• ncdns v0.0.9.2 Windows (64-bit x86) installer
• ncdns v0.0.9.2 Windows (64-bit x86) plain binaries
• ncdns v0.0.9.2 Windows (32-bit x86) installer
• ncdns v0.0.9.2 Windows (32-bit x86) plain binaries
• ncdns v0.0.9.2 macOS (64-bit x86) plain binaries
• ncdns v0.0.9.2 Signature (Release signed by Jeremy Rand)
• ncdns v0.0.9 plain binaries for GNU/Linux (non-x86), DragonFlyBSD, FreeBSD, NetBSD, OpenBSD, and Solaris (hosted by GitHub)
• ncdns Windows Installer Source Code
• ncdns rbm Build Harness Source Code
• ncdns Source Code

Known Issues

• Build is not yet reproducible.

certdehydrate-dane-rest-api

certdehydrate-dane-rest-api is a dependency of ncp11 and the Chromium version of DNSSEC-HSTS.

• certdehydrate-dane-rest-api v0.0.1 for GNU/Linux (64-bit x86)
• certdehydrate-dane-rest-api v0.0.1 for GNU/Linux (32-bit x86)
• certdehydrate-dane-rest-api v0.0.1 for Windows (64-bit x86)
• certdehydrate-dane-rest-api v0.0.1 for Windows (32-bit x86)
• certdehydrate-dane-rest-api v0.0.1 for macOS (64-bit x86)
• certdehydrate-dane-rest-api v0.0.1 Signature (Release signed by Jeremy Rand)
• certdehydrate-dane-rest-api rbm Build Harness Source Code
• certdehydrate-dane-rest-api Source Code

Known Issues

• Build is not yet reproducible.

cross_sign_name_constraint_tool

This tool applies a name constraint exclusion to a DER-encoded TLS trust anchor via cross-signing, without that trust anchor’s consent. The intended use case is to disallow a CA from issuing certificates for a domain name that it has no legitimate business issuing certificates for. For example:

• Disallowing a public CA from issuing certificates for the .bit TLD used by Namecoin.
• Disallowing a public CA from issuing certificates for a TLD controlled by your corporate intranet.
• Disallowing your corporate intranet’s CA from issuing certificates for a TLD allocated by ICANN.

Namecoin users will probably want to use cross_sign_name_constraint_tool to disallow any non-Namecoin CA’s that they have manually imported to their system from signing .bit certificates. For CA’s that are on your system by default, you probably instead want tlsrestrict_nss_tool (see below) or tlsrestrict_chromium_tool (bundled with ncdns, see above).

• cross_sign_name_constraint_tool v0.0.3 binaries for GNU/Linux, DragonFlyBSD, FreeBSD, NetBSD, OpenBSD, Solaris, Windows, macOS (hosted by GitHub)
• cross_sign_name_constraint_tool Source Code at GitHub.

Known Issues

• Build is not yet reproducible.

DNSSEC-HSTS

DNSSEC-HSTS enforces TLS for Namecoin websites that support TLS, which protects against sslstrip attacks. Firefox users need both the WebExtensions Component and the Native Component. Chromium users need the WebExtensions component and certdehydrate-dane-rest-api (see above), but not the Native Component.

• DNSSEC-HSTS WebExtensions Component v0.0.1 for Firefox
• DNSSEC-HSTS Native Component v0.0.1 for GNU/Linux (64-bit x86)
• DNSSEC-HSTS Native Component v0.0.1 for GNU/Linux (32-bit x86)
• DNSSEC-HSTS Native Component v0.0.1 for Windows (64-bit x86)
• DNSSEC-HSTS Native Component v0.0.1 for Windows (32-bit x86)
• DNSSEC-HSTS Native Component v0.0.1 for macOS (64-bit x86)
• DNSSEC-HSTS v0.0.1 Signature (Release signed by Jeremy Rand)
• DNSSEC-HSTS rbm Build Harness Source Code
• DNSSEC-HSTS WebExtensions Component Source Code
• DNSSEC-HSTS Native Component Source Code

Known Issues

• Build is not yet reproducible.

ncp11

ncp11 enables Namecoin TLS in applications that support PKCS#11, such as Tor Browser.

• ncp11 v0.0.1 for GNU/Linux (64-bit x86)
• ncp11 v0.0.1 for GNU/Linux (32-bit x86)
• ncp11 v0.0.1 for Windows (64-bit x86)
• ncp11 v0.0.1 for Windows (32-bit x86)
• ncp11 v0.0.1 for macOS (64-bit x86)
• ncp11 v0.0.1 Signature (Release signed by Jeremy Rand)
• ncp11 rbm Build Harness Source Code
• ncp11 Source Code

Known Issues

• Build is not yet reproducible.

tlsrestrict_nss_tool

This tool applies a name constraint exclusion to an NSS sqlite database for all CKBI (built-in) TLS trust anchors, without those trust anchors’ consent. The intended use case is to disallow public CA’s from issuing certificates for TLD’s with unique regulatory or policy requirements, such as:

• The .bit TLD used by Namecoin.
• A TLD controlled by your corporate intranet.

Namecoin users will probably want to use tlsrestrict_nss_tool to disallow all CA’s that are on their system by default from signing .bit certificates. For CA’s that you manually imported yourself, you probably instead want cross_sign_name_constraint_tool (see above).

• tlsrestrict_nss_tool v0.0.3 binaries for GNU/Linux, DragonFlyBSD, FreeBSD, NetBSD, OpenBSD, Solaris, Windows, macOS (hosted by GitHub)
• tlsrestrict_nss_tool Source Code at GitHub.

Known Issues

• This tool will probably prevent HPKP from working as intended, unless HPKP is applied to user-defined trust anchors. Firefox is capable of doing this (though it’s not the default); Chromium is not (as far as we know).
• Build is not yet reproducible.

dns-prop279

This is a tool that permits Namecoin naming (or any other naming method that speaks the DNS protocol) to be used with Tor, via the draft Prop279 pluggable naming API. .bit domains can point to IP addresses (A/AAAA records), DNS names (CNAME records), and onion services.

See the Namecoin Tor resolution documentation

• Binaries distributed with ncdns v0.0.8 plain binaries for GNU/Linux, DragonFlyBSD, FreeBSD, NetBSD, OpenBSD, Solaris, Windows, and macOS (hosted by GitHub).
• Source code at GitHub.

Known Issues

• Prop279 is still an early draft, and might change heavily. dns-prop279 will change accordingly.
• tor doesn’t implement Prop279 (see above point); the StemNS or TorNS shim is required if you want to use or test dns-prop279.
• dns-prop279 doesn’t follow the current Namecoin Domain Names specification for onion service records (we might amend the specification to match dns-prop279’s behavior).
• dns-prop279 doesn’t properly return error codes; all errors will be treated as NXDOMAIN.
• dns-prop279 hasn’t been carefully checked for proxy leaks.
• Using dns-prop279 will make you stand out from other Tor users.
• Stream isolation for streams opened by applications (e.g. Tor Browser) should work fine. However, stream isolation metadata won’t propagate to streams opened by the DNS server. That means you should only use dns-prop279 with a DNS server that will not generate outgoing traffic when you query it. ncdns is probably fine as long as it’s using a full-block-receive Namecoin node such as Namecoin Core or libdohj-namecoin in leveldbtxcache mode. ncdns should not be used with headers-only name lookup clients such as Electrum-NMC. Unbound is also not a good idea.
• Nothing in dns-prop279 prevents the configured DNS server from caching lookups. If lookups are cached, this could be used to fingerprint users. ncdns has caching enabled by default.
• DNSSEC support hasn’t been tested at all, and is probably totally unsafe right now. Only use dns-prop279 when you fully trust the configured DNS server and your network path to it.
• Build is not yet reproducible.

ncprop279

ncprop279 enables Namecoin naming (but not DNS naming) to be used with Tor, via the draft Prop279 pluggable naming API. ncprop279 is somewhat smaller and more efficient than dns-prop279. .bit domains can point to IP addresses (A/AAAA records), DNS names (CNAME records), and onion services.

See the Namecoin Tor resolution documentation.

• ncprop279 v0.0.1 for GNU/Linux (64-bit x86)
• ncprop279 v0.0.1 for GNU/Linux (32-bit x86)
• ncprop279 v0.0.1 for Windows (64-bit x86)
• ncprop279 v0.0.1 for Windows (32-bit x86)
• ncprop279 v0.0.1 for macOS (64-bit x86)
• ncprop279 v0.0.1 Signature (Release signed by Jeremy Rand)
• ncprop279 rbm Build Harness Source Code
• ncprop279 Source Code

Known Issues

• Prop279 is still an early draft, and might change heavily. ncprop279 will change accordingly.
• tor doesn’t implement Prop279 (see above point); the StemNS or TorNS shim is required if you want to use or test ncprop279.
• ncprop279 doesn’t follow the current Namecoin Domain Names specification for onion service records (we might amend the specification to match ncprop279’s behavior).
• ncprop279 hasn’t been carefully checked for proxy leaks.
• Using ncprop279 will make you stand out from other Tor users.
• Stream isolation for streams opened by applications (e.g. Tor Browser) should work fine. However, stream isolation metadata won’t propagate to streams opened by the Namecoin client. That means you should only use ncprop279 with a Namecoin client that will not generate outgoing traffic when you query it. A full-block-receive Namecoin node such as Namecoin Core or libdohj-namecoin in leveldbtxcache mode is probably fine. A headers-only name lookup client such as Electrum-NMC should not be used.
• ncprop279 probably caches lookups. This could be used to fingerprint users.
• Build is not yet reproducible.