How ENS Domains Work: Everything You Need to Know About Ethereum Name Service Resolution, Registration, and Architecture

Introduction to ENS Domains

The Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. At its core, ENS maps human-readable names like "alice.eth" to machine-readable identifiers such as Ethereum addresses, content hashes, and metadata. Unlike traditional Domain Name System (DNS) which relies on centralized registries and servers, ENS operates entirely through smart contracts on Ethereum, ensuring censorship resistance and permissionless ownership.

ENS domains are non-fungible tokens (ERC-721) that represent ownership of a name. Each domain is a hierarchical structure where the owner of a parent domain (e.g., "example.eth") controls the creation and management of subdomains (e.g., "pay.example.eth"). This hierarchical design mirrors DNS conventions but adds blockchain-native features like programmable resolvers, off-chain lookups, and integration with decentralized applications (dApps).

Understanding how ENS works is essential for anyone building on Web3 — whether you are deploying a dApp, accepting cryptocurrency payments, or managing a decentralized identity. This article provides a comprehensive technical breakdown of the ENS architecture, registration process, resolution mechanics, and advanced capabilities.

Core Architecture: Registry, Resolver, and Registrar

ENS is built on three primary smart contract components, each with distinct responsibilities. These contracts are deployed on the Ethereum mainnet and can also function on testnets and layer-2 networks via bridges.

• ENS Registry: A single smart contract that maintains a list of all domains and subdomains, storing the owner, resolver, and Time-to-Live (TTL) for each record. The registry is the source of truth for ownership. It supports three operations: setOwner, setResolver, and setTTL. You can query the registry to find the resolver address for any ENS name.
• Resolver: A separate contract that translates ENS names into addresses or other records. Each domain can point to a custom resolver. Standard resolvers implement the ENSIP-9 interface (formerly ERC-137) and support address types like addr (ETH address) and text (arbitrary metadata). More advanced resolvers can perform off-chain lookups via CCIP-Read (EIP-3668).
• Registrar: The contract that controls domain registration — issuance, renewal, and expiration. For .eth names, the primary registrar is the ETH Registrar (Known as "ENS Manager"). It uses a Vickrey auction mechanism (now replaced by a more efficient commitment-based system) and charges annual fees in ETH. The current registrar implements the Permanent Registrar (ERC-721) with a 28-day grace period after expiration.

The registry contract address is 0x00000000000C2E074eC69A0dFb2997BA6C7d2e1e — you can verify it on Etherscan. All resolution queries start here: given a name like "vitalik.eth", the registry returns the resolver contract address, which then provides the requested record.

For developers building integrations, the ens subgraph playground is an essential tool for querying on-chain ENS data — it indexes registry events, resolver changes, and name transfers using GraphQL, making historical lookups and aggregations efficient.

How ENS Domain Registration Works (Step-by-Step)

Registering a .eth domain involves a commit-reveal process to prevent front-running. Here is the exact sequence for the current Permanent Registrar (v2):

1. Check Availability: Before starting, verify that the desired name (e.g., "mywallet.eth") is not already registered and is not in the "grace period" after expiration. Use the ENS Manager dApp or call available(bytes32 label) on the registrar contract.
2. Commit Phase: Generate a secret (random 32-byte value). Compute a hash of the label (the name without ".eth") concatenated with the secret and the sender address. Call makeCommitment with this hash. The commitment is stored on-chain for a minimum of 60 seconds (configurable). This step prevents others from seeing the name you intend to register.
3. Wait Period: Wait at least 60 seconds (or longer if you set a higher commitment duration). During this time, the commitment is visible on-chain, but the actual name is opaque because the secret is unknown.
4. Reveal Phase: Call register with the label, the sender address, and the original secret. The contract computes the commitment hash and verifies it matches. If valid, it mints an ERC-721 token representing the domain, sets the owner as the caller, and deducts the registration fee (annual fee based on name length: 5+ characters cost ~$5/year, 4-character ~$160/year, 3-character ~$640/year).
5. Set Resolver and Records: After registration, you must call setResolver on the registry to assign a resolver contract. Then, on the resolver, call setAddr to map your .eth name to your Ethereum address (or any other blockchain address).

Important: Registration is not permanent — it operates as a renewable lease. Domains must be renewed annually to prevent expiration. The registrar automatically sets the registration expiry date to now + 1 year from the register call. Failure to renew results in a 28-day grace period, after which the domain enters a 21-day "premium" auction period before being released.

The entire registration lifecycle is trustless: you never need to trust a centralized party. All operations are recorded on-chain and verifiable via the web3 name service — a platform that aggregates ENS functionality and provides cross-chain resolution for multiple name services.

Name Resolution: From Human-Readable to Machine-Usable

Resolution is the process of converting a human-readable ENS name into a machine-readable record. The flow is deterministic and consists of three steps:

1. Namehash Computation: Each ENS name is internally represented as a 256-bit hash called a namehash. The algorithm recursively hashes each label using keccak256. For example, namehash("alice.eth") = keccak256(namehash("eth") + keccak256("alice")). This produces a unique identifier for the domain that is used as the key in the registry.
2. Registry Query: Using the namehash, call resolver(bytes32 node) on the ENS registry contract. This returns the resolver contract address for that domain. If no resolver is set, the default is the zero address (meaning the name cannot be resolved).
3. Resolver Record Request: With the resolver address, call the appropriate function on the resolver. For an Ethereum address, call addr(bytes32 node). For a content hash (IPFS, Swarm), call contenthash(bytes32 node). For arbitrary text records (like "email", "url"), call text(bytes32 node, string key). The resolver returns the raw bytes, which you decode based on the record type.

ENS supports multiple record types including:

• addr (Ethereum address): Standard 20-byte address.
• contenthash (IPFS, Swarm, etc.): Encoded as a multihash (e.g., 0xe30101701220...) — use a library like content-hash to decode.
• text (metadata): Arbitrary key-value pairs — common keys include "avatar", "email", "description".
• addr for other chains: Using addr(bytes32 node, uint coinType) where coinType follows SLIP-44 (e.g., 60 for ETH, 0 for BTC).
• ABI (contract interface): Stores contract ABI data for programmatic interaction.

Modern resolvers also support EIP-3668 (CCIP-Read) for off-chain data. In this mode, the resolver returns a URL where the client can fetch fresh data, validated against on-chain proofs. This dramatically reduces costs for frequently-changing records (e.g., DNS-style TXT records) while maintaining trustlessness.

ENS Subdomains and Reverse Resolution

ENS allows domain owners to create arbitrary subdomains under their registered name. A subdomain is simply another node in the registry, whose parent is the parent domain. For example, if you own "example.eth", you can create "alice.example.eth" by calling setSubnodeOwner on the registry with the subdomain's label hash and the new owner's address.

Subdomain ownership is granular — the parent domain owner can transfer ownership of a subdomain to another address, and that new owner can control its resolver and records independently. This enables use cases like:

• Creating unique usernames for dApp users (e.g., "user1234.myapp.eth").
• Delegating subdomain management to smart contracts (e.g., minting subdomains on demand via a factory).
• Building hierarchical naming structures for enterprises or DAOs.

Reverse Resolution is the opposite of standard name resolution — given an Ethereum address, find the ENS name associated with it. This is achieved through a special reverse registry (address 0x3671aE578E63FdF66ad4F3E12CC0c0d71Ac7480) that maps address hash to name. To set reverse resolution, call the setName(string name) function on the reverse registrar. This is commonly used by wallets (e.g., MetaMask, Rainbow) to display a user's ENS name instead of their hex address.

Combined, forward and reverse resolution create a bidirectional mapping essential for identity in Web3. Tools like the web3 name service streamline this — they index reverse records and provide an API to resolve both directions efficiently.

Security Considerations and Best Practices

ENS is trustless by design, but users must follow best practices to avoid pitfalls:

• Verify the Registry Address: Always ensure you are interacting with the legitimate ENS registry (0x00000000000C2E074eC69A0dFb2997BA6C7d2e1e). Phishing sites often deploy fake registries on testnets or side chains.
• Use Trusted Interfaces: When setting resolvers or records, verify the transaction data on Etherscan before signing. A malicious resolver could return arbitrary data, directing payments to an attacker.
• Monitor Expiration: Domain expiration is a real risk — set reminders before renewal deadlines. Consider using automated renewal services via smart contracts or third-party platforms.
• Subdomain Security: Granting subdomain ownership transfers full control — the new owner can set any resolver and records. Only delegate to trusted addresses.
• Front-Running Protection: Always use the commit-reveal pattern for registration. Never send an unprotected register transaction; miners can front-run and steal the name.

For developers, always use audited libraries like @ensdomains/ensjs (JavaScript) or ethers.js which handle namehash computation and resolution correctly. Avoid manual parsing of raw node hashes — one byte error leads to resolution failure.

Finally, ENS names are a type of non-fungible asset. Treat your .eth domain as a valuable digital asset — enable hardware wallet signing, avoid storing the private key online, and never reveal your registration secret before the reveal phase.

Conclusion and Future Outlook

ENS domains provide a decentralized, censorship-resistant naming layer for the Ethereum ecosystem. By combining a registry, resolvers, and registrars, ENS offers a flexible infrastructure for mapping human-readable names to addresses, content, and metadata. The system's hierarchical design allows subdomains and reverse resolution, making it suitable for individual users, dApps, and enterprises alike.

The ENS protocol continues to evolve: Layer-2 support through CCIP-Read reduces gas costs, EIP-4844 (Proto-Danksharding) may lower data availability costs further, and integration with DNS (via ENSIP-10) enables .com and .org names to be resolved on-chain. As Web3 adoption grows, understanding ENS — from registration to resolution — becomes a fundamental skill. Start by registering a domain, testing resolution with the ens subgraph playground, and exploring how decentralized naming can simplify your blockchain interactions.