/.well-known/hop, no DNS, no central resolver. The domain serves a signed reach recordReach record: a signed statement "I, address X, am reachable at this endpoint". The signature is by X itself, so it self-certifies, a forged address or endpoint just fails the check. that binds its name to a Hop address.example.com, so only the domain's operator can serve the record. certificate proves the domain, and the reach record's signature proves the address, signed by the very key it claims.Names map to keys, not IPs. The host does one HTTPS GET of /.well-known/hop and hands hop-core the raw bytes; core verifies the self-certifying signature and caches it. Publish an endpoint by serving a signed reach record at your domain's well-known.
Verifiable names anchored on the certificate your domain already has. A name can't be spoofed without both the site's TLS key and the endpoint's identity key, and the client checks both itself.
Deeper implementation detail is coming in the Hop whitepaper.