Re: US DNS Seizures countered

Yeah, that's what they tell us.

I would prefer not having the present "security checks", yes.

Even America's Founding Fathers understood well that the form of a government, by itself, does not protect or preserve the liberties of its citizens, absent the continued informed and energetic defense of liberty by those citizens from the inevitable tyrannical tendencies of any governing body with standing over those citizens.

Re: US DNS Seizures countered

Iran is not our enemy. The American government and a few closely related governments and corporations are Iran's enemy.

Also, the most secure systems are open. Security through obscurity is ephemeral and fleeting.

(I realize, Steve, that you will not agree with either of these two comments of mine. I don't know how to state them in such a way that might win over your agreement, so I just stated them flat out.)

Re: US DNS Seizures countered

From http://twitter.com/wikileaks

More: http://www.theregister.co.uk/2010/12...aks_loses_dns/

Re: US DNS Seizures countered

It appears, from ICANN had no role in seizing torrent domains (domainincite.com) that the U.S. Dept of Homeland Security (DHS) delivered court orders to VeriSign to take down specified .com domain names.

ICANN delegates handling the .com Top Level Domain (TLD) to VeriSign. VeriSign in turn delegates a number of registrars (e.g. GoDaddy, NameCheap, Moniker, eNom, Tucows, Dotster, etc) to sell and manage domain names within the .com space. In the domainincite article at the above link, GoDaddy was the registrar for some of the domain names that DHS seized, and GoDaddy is pissed that the take down order was to VeriSign instead of themselves (GoDaddy.)

Re: US DNS Seizures countered

How is this supposed to work? Without a central authority the name space would fragment. The problem here isn't the server structure or propagation algorithms, it is that in order to function properly the table must be the same for everyone. The nature of the data is itself hierarchical.

IE, unless it is ancient, your computer already caches DNS information, but it is utterly useless without a mechanism to refresh it and resolve naming conflicts. Whoever has that authority can make changes to the lookup table with impunity.

The only way that would change is if you are willing to accept a fragmented internet. IE www.itulip.com would resolve to different IPs depending on which DNS server you decide to query. In that case changing the propagation algorithm makes no sense since you can already set up your own DNS server and point it anywhere you want. Windows even has a file called hosts that lets you map names yourself. For instance when you find a domain like doubleclick that is serving up annoying advertisements you can point their domain at 127.0.0.1 and no longer be troubled by their advertisements. But the thought of swapping millions of these files over a p2p networks doesn't make sense.

I think if you are going to go that route you are better off using a model like freenet or something similar to provide anonymity and plausible deniability.

Re: US DNS Seizures countered

Yes, however ...

The nature of the "central authority" can be rather different than you might imagine.

The main architecture concepts are being considered in an ideatorrent at dns-p2p.nullh.net.

From this, and from my readings Netsokuku, I suspect the following.

Background:I suspect that dot-p2p will end up with a top level geographically distributed tier of computers that automatically manages the DNS map (mapping domain names such as iTulip.com to numeric IP addresses such as 72.47.224.113) using a distributed hash table.

Anyone on the network (meaning connected to the Internet and running their client) could ask for a domain name in the dot-p2p space, and if they were first to ask, they would get it.

There will be sufficient redundancy in the top level that taking down or corrupting a few of the top level computers will not corrupt nor partition the DNS map. One could easily imagine one or two hundred computers, roughly one per country, in that top level.

So, yes, a central authority that is distributed, redundant, robust, and entirely automated.

Re: US DNS Seizures countered

Pretty much this. Tor is very good and is already widespread. Its arguable about how secure it is if you're worried about getting busted by the MPAA, but then all P2P programs have that issue.

Re: US DNS Seizures countered

But tor is an onion router, not a DNS server.

What the dot-p2p guys are looking for is a way to ensure reliable access to their torrent search engines, which are the primary means by which users access torrents. Torrents move packets of data between sharing users. Torrents are one of the largest consumers of data bandwidth on the Internet these days. They provide a quite efficient means of sharing. When I worked in the Linux kernel, and ran off a Verizon FIOS internet connection, I routinely left copies of SuSE Linux distributions available for sharing via bittorrent for months at a time, as a little service I could provide the Linux community.

Tor cannot handle the bandwidth requirements of torrent sharing. Tor resends each packet 3 or 4 times, in a deliberately convoluted route, to obscure source and/or destination from anyone observing in the middle. It's cool if that is what you need, but there simply are not enough open Tor servers available to handle the world's torrent sharing needs. People have to donate their bandwidth to be a tor server, and they risk pissing off their local ISP if copyright protected material comes forth, so there will always be a shortage of tor servers.

Please, I encourage anyone using Tor just to avoid getting caught sharing illegal ordinary music and video -- don't. Tor bandwidth is precious and should be left to those with more serious needs for anonymous Internet connections.

Do not confuse an onion router with a DNS server. They are not the same.

Re: US DNS Seizures countered

You're right they're not the same thing per se, but it can be made to work in a similar manner. Very little has to change code wise, its mostly in how the system is set up. Hence "think open Tor". You sound like you know you're stuff so that'll sound like a oxymoron to you, but that is what it amounts to.

Re: US DNS Seizures countered

Different code, different function. Both bittorrent and tor can be used to share files (but please don't use tor for that, as I noted above.)

But dot-p2p is not bittorrent, no more than your car's transmission is your car, much less is that transmission your bicycle. Dot-p2p is a proposed replacement for just one component of the bittorrent ecosystem; it would remove dependence on the current threatened but dominant Internet DNS infrastructure.

Yes, your car and your bicycle can both be used for transportation. But the code (the engineering drawings or CAD files) for your car's transmission has nothing much to do with the code for your bicycle.

Re: US DNS Seizures countered

Correct. AFAIK that is what they're basing some of the work on for their distributed server model though, not just another DNS. They want something they can get up and running quickly and with a minimum of effort that also costs next to nothing. A hack if you will.

Re: US DNS Seizures countered

You can pound in a wood screw with a hammer, but I wouldn't recommend it. This idea is not practical, and I think you are drastically underestimating the complexity of trying to prevent someone from creating false entries and otherwise manipulating the system for economic gain. All you need to do is review the history of BIND to see what a trainwreck this can become.

Re: US DNS Seizures countered

I to a quick look at Netsukuku's ANDNA and while they have some interesting ideas their idea for name resolution is not practical because the rules they use drastically diminish the value of the domain name. From what I understand they don't really resolve the name at all. They make a hash from the name and then logically route the request itself through their network of nodes. This is pretty much the same way freenet works.

In my opinion if you are going to replace a straightforward hirachical system with something slow and clumsy like freenet you might as well go all the way and completely encrypt the entire chain and pepper the network with fake sync traffic. If your enemy is the government then you need plausible deniabily, at least until they make running a node illegal.

Without some organized way to resolve naming conflicts any such scheme will fail and using a timestamp doesn't cut it. anarchy.in.the.co.uk won't care if they resolve to a different IP address occasionally but citibank.com would. Also I'm sure that newegg might be annoyed if you set up a fake newegg.p2p site. It doesn't matter how the table is distributed if there is no way for it to be consistent with the rule of law and property rights.

I predict that if they do end up implementing this system it will end up in the heap of alternate DNSs that nobody uses.

Re: US DNS Seizures countered

ANDNA is not a replacement for the present DNS. Newegg.com would still resolve using the current DNS system, the Netsukuku or dot-p2p efforts very much notwithstanding in this matter.

ANDNA is only the DNS system for Netsukuku, a mesh web particularly useful for self-forming area networks between wi-fi connections.

...

The DNS system for the dot-p2p domain will assuredly be used, if the dot-p2p domain itself is not stillborn, for that domain is being designed ab initio to rely exclusively on such an independent DNS system, as its very raison d'être.

The subdomains in the dot-p2p domain (e.g., xxx.p2p and yyy.p2p) would ultimately be self-assigned with some constraints, just as the subdomains in dot-com, dot-org or the other couple of hundred top level domains are currently self-assigned with some constraints.

The constraints for the existing (dot-com, etc.) subdomain names include some arbitration to ensure that the holders of interesting names in the real world get first dibs on their subdomain name equivalents. I could obtain the subdomain name "thepythoniccow.us", for it meant nothing in the "real" world, but I could not have obtained and permanently held the names "pepsi.us" or "cocacola.us", even if I had jumped on those names in the first few minutes that the dot-us top level domain opened for business.

The dot-p2p developers will consider whether to impose a similar constraint restricting holders of "well known" subdomain names to the corresponding holder of that name in the real world, or (what's now about equivalent and easier to implement) in the existing .com domain. They might well not choose to do so, on the grounds that this would not be a sufficiently useful or necessary constraint to bother fussing with.

...

On the matter of ANDNA being "slow and clumsy", or of anarchy.in.the.co.uk resolving to a different IP address, I suspect you misunderstand ANDNA.

So long as you continue to hold your assigned DNS name, ANDNA will map it to your specified IP address (which you can change if your server moves) entirely reliably. Only if you go off the air for more than 30 days do you lose your DNS name, allowing the next person in the queue requesting that name to obtain it.

The hash of DNS name to an IP address does not determine your IP address. Your IP address is already determined by the existing Internet routing infrastructure and only changes when you move your server, or your ISP DHCP host assigns you a new IP address. The DNS name to IP hash is used to find the master for your DNS name. The closest (for some reliable definition of "closest") actual participating computer in the Netsukuku network to that hashed IP is the master for the DNS names that hash to (or close to) its IP address.

I see no particular reason to expect that ANDNA or Netsukuku will be slow or clumsy, though it's still in initial development, so the jury is still out on that, of course.

...

In any case, I don't see any evidence that dot-p2p is considering an ANDNA like system. ANDNA was designed to provide the DNS for Netsukuku, a self-forming, bottom up, network that could grow to world wide scope, using hierarchically nested layers of small groupings, with less than 256 elements, groups, groups of groups, ... per layer. ANDNA was designed to accomplish this without any large DNS server infrastructure ever being required, even if Netsukuku grew to billions of nodes.

The dot-p2p folks don't impose that requirement on themselves. They are willing to have a small number (hundreds, say) of large DNS servers, just so long as those servers are geographically and politically dispersed and managed using distributed algorithms that are highly resistant to failure or fraud in any minority of the nodes.

Re: US DNS Seizures countered

What is a linode? The word is not in my Webster's Dictionary, but then, my dictionary is old.

As for +1, is that +1 out of +10? What does this +1 babble mean?

I like language CLEAR and CRISP. Don't give me any 19th Century babble that rambles on and on and on and on and on and on. And don't give me poetry. And don't give me pot-head crap, nor techno-babble, nor Greenspanese, nor Fed-speak. Just give me plain English or plain Spanish.

If the words aren't in my dictionary, I don't understand your communication. It therefore is babble.