[CS-FSLUG] Decentralized DNS

Peter J. Vasquez Sr. pjvasquez at baeyogin.com
Wed Dec 1 07:54:58 CST 2010 

Ed,
  The concept of a distributed DNS isn't really new, and has it's
roots in old malware that modified local hosts entries on infected
systems.  Obviously the problem with the old host entries had to do
with changes being propagated, so using the available DNS became a
cheap and easy alternative.

As you may, or may not already know, DNS functions as a hierarchical
system of servers.  While anyone can host their own DNS server, it has
to have a chain of trust that ultimately allows the correct name->ip
address to be returned.  This chain of trust involves the root servers
and .TLD (top level domain) servers that in turn delegate, or grant
authority to other systems that return the 'answer' (the ip(s) to the
name you're requesting).

Because the entire process relies on the systems involved being known
to everyone, it is fairly easy to contact their maintainers and
request that changes be made.  This has been demonstrated already by
law enforcement, and had been the source for panic among those who
believe it will extend into other areas eventually (not just crime,
but personal freedom).

On most modern operating system default installs, there is already a
set of steps used to resolve names that include antiquated name
resolution schemes, the local hosts file, and ultimately DNS.  What
this new project hopes to accomplish is that by inserting a new local
service as the resolver for just one (unofficial) .tld, they can
redirect it over a decentralized network and get the answer to where
they need to go (no central delegation of authority required).  This
would circumvent the normal chain of trust, and (ideally) would allow
accurate name resolution in a timely manner.

Using a decentralized system has it's dangers, and I think the goal
the developers of this distributed DNS system is more of an awakening.
 It will be interested to see what comes from this, and what changes
may take place as a result.  I hope I've addressed your question, I've
done my best to keep the answer short so as not to be too confusing.
If there's something else you wanted to discuss, particularly on the
distributed DNS project, I'd be happy to answer any questions.  (I'm
not involved in the project, but have started looking at the code).

--
Peter

On Tue, Nov 30, 2010 at 8:49 PM, Ed Hurst <ehurst at soulkiln.org> wrote:
> I've been running across stories about DNS from different angles. The
> business about China and their root servers and propagating their
> blocklists, and Secure DNS, and signed certificates and keys, and now we
> get this story about how the torrent folks are trying to bounce back
> from the domain name take downs:
>
> http://torrentfreak.com/bittorrent-based-dns-to-counter-us-domain-seizures-101130/
>
> I admit I barely get what DNS is all about. What can you folks tell me
> about decentralized DNS schemes such as the one which keys in on
> unofficial TLDs?
>
> Ed Hurst
> --------
> Open for Business - http://ofb.biz/
> Kiln of the Soul - http://soulkiln.org/
> blog - http://soulkiln.blogspot.com/
>
> _______________________________________________
> ChristianSource FSLUG mailing list
> Christiansource at ofb.biz
> http://cs.uninetsolutions.com
>

More information about the Christiansource mailing list