[Freedombox-discuss] distributed DNS

Oliver Le oliver.le at gmail.com
Tue Mar 15 14:12:45 UTC 2011


2011/3/16 Bjarni Rúnar Einarsson <bre at pagekite.net>:
> I'm aware of that - but fixing that is a matter of re-thinking DNS entirely.
>
> Given the current DNS system, I am debating the value of replacing existing
> providers with our own home-grown ones and questioning the assumption that
> the current providers are obviously insufficient.  It's a slightly different
> discussion. :-)
>
I agree, it's a separate discussion but one that seems very worth
having.  I believe others are discussing this very possibility (see
"[Freedombox-discuss] human-meaningful names and zooko's triangle
[was: Re: FOAF developers taking FreedomBox into their equation]"),
although I may have misunderstood.

> By the way, you didn't send your reply to the list, so this reply is also
> private.  Feel free to forward to the list if you wanted others to take
> part.
>
>

Whoops! Thanks for pointing that out.

Oliver

> 2011/3/15 Oliver Le <oliver.le at gmail.com>
>>
>> I think this
>> (http://www.guardian.co.uk/media/blog/2010/dec/03/wikileaks-knocked-off-net-dns-everydns)
>> is one of the problems people are trying to solve with a
>> non-traditional-DNS approach.
>>
>> A centralized system is vulnerable to corruption as you identified in
>> your reply but also, as in the case above (presumably), to coercion.
>>
>> 2011/3/16 Bjarni Rúnar Einarsson <bre at pagekite.net>:
>> > On Tue, Mar 15, 2011 at 12:36 PM, <bertagaz at ptitcanardnoir.org> wrote:
>> >>
>> >> Yeah, the idea is to build a dynamic DNS service, distributed if
>> >> possible.
>> >> I see no point in building a freedombox if its DNS system is based on
>> >> "cloudy" (or mainstream if you prefer) services like dyndns.
>> >
>> > Hmm. If millions of people use Freedom Boxes, whatever they rely on will
>> > by
>> > definition become "mainstream".
>> >
>> > Again, what problem are you trying to solve?  I am going to assume you
>> > aren't being anti-business just for the sake of being anti-business. :-)
>> >
>> > Dynamic DNS providers have very little chance to spy on you, and
>> > (assuming
>> > you use your own domain name) if they don't play nice, you just switch
>> > to a
>> > different one.  Why do they need to be replaced?  There are quite a few
>> > options out there, including some very community-minded ones like
>> > www.afraid.org.
>> >
>> > If you use a "free" subdomain, then it does become very important to
>> > choose
>> > a provider carefully because you'll probably be forced to discard the
>> > name
>> > if or when you move.  But from the point of view of the average Joe that
>> > problem is not made obviously better by replacing commercial interests
>> > with
>> > those of idealistic volunteers - both can be equally fickle, provide
>> > good or
>> > bad service, change their minds or simply go broke.
>> >
>> > Rather then charging off to just replace all the existing providers out
>> > there, I would much rather see a considered discussion on what
>> > characteristics a "FreedomBox friendly" provider of DNS services should
>> > have, and an evaluation of the existing options to see how they measure
>> > up...
>> >
>> >
>> >> Well, pay the bill for a DNS domain at least, not that expensive
>> >> though.
>> >> Some are already rented by people around here.
>> >> Bandwidth shouldn't be a problem if the system is decentralized. I
>> >> guess
>> >> the best would be for such a system to be able to support multiple
>> >> domain
>> >> name, so that if some fb user wants to own and use one, he/she could
>> >> manage it.
>> >
>> > What do you mean by decentralized?  I hope you don't intend to replace
>> > the
>> > small number of commercial entities who can currently
>> > coopt/corrupt/manipulate my DNS records with a much larger number of
>> > decentralized, anonymous volunteers who can all do the same thing! :-)
>> >
>> > DNS is by nature hierarchical, DNS servers are assumed to be trusted.
>> >
>> > You can't just "decentralize" the system any more than it already is,
>> > without raising serious security and trust issues.
>> >
>> >
>> >> > I've implemented a dynamic DNS service, on top of powerdns and redis.
>> >> >  It's
>> >> > part of the infrastructure behind pagekite.net.  I wouldn't mind
>> >> > sharing
>> >> > that code, I am sure some peer review would do it good. :-)
>> >>
>> >> Nice, sure I'd like to see/test that. I'm not a lot in redis and all,
>> >> but
>> >> might be usefull in the futur.
>> >
>> > OK, I'll see about getting the code out later today - at least the bits
>> > which are loosely coupled from the pagekite.net service internals.
>> >
>> > --
>> > Bjarni R. Einarsson
>> > The Beanstalks Project ehf.
>> >
>> > Making personal web-pages fly: http://pagekite.net/
>> >
>> > _______________________________________________
>> > Freedombox-discuss mailing list
>> > Freedombox-discuss at lists.alioth.debian.org
>> > http://lists.alioth.debian.org/mailman/listinfo/freedombox-discuss
>> >
>> >
>
>
>
> --
> Bjarni R. Einarsson
> The Beanstalks Project ehf.
>
> Making personal web-pages fly: http://pagekite.net/
>



More information about the Freedombox-discuss mailing list