[Freedombox-discuss] distributed DNS
On Tue, Mar 15, 2011 at 10:19:22AM -0500, Charles N Wyble wrote:
> On 3/15/2011 9:37 AM, bertagaz at ptitcanardnoir.org wrote:
> >>Dynamic DNS providers have very little chance to spy on you, and (assuming
> >>you use your own domain name) if they don't play nice, you just switch to a
> >>different one. Why do they need to be replaced? There are quite a few
> >>options out there, including some very community-minded ones like
> >Dynamic DNS providers have a hudge chance to spy what IPs your domain had
> >since you registered.
> Um.... just run host on a domain from cron and save to a file. It's
> information necessary to the operation of an IP network. It's not
I know the host (and companion) command thanks. :)
I usually don't speak and argue so much on things I don't know.
It's not "spying" as spying, but it's different to have a public record at
one moment, and have the entire history stored at one place. Keeping this
information at least has no meaning in a privacy point of view.
To be more precise, let's see a use case : At some point a gov decide
person X is a terrorist and/or . If this person is using a centralized
public business dynamic DNS system, gov agents just have to ask this
service (sometimes without any legit papers as some big social network did
in the recent history) to retrieve all the different IP it has been bind
to. On the other hand, if this person is using a dynamic DNS system that
does not keeps logs (not found one stating it clearly at the moment), all
the gov agents have is the current IP, if it has one... That could make a
big difference :)
> > And to me (an I don't think I'm the only one) that
> >is an important problem. What are the logging practice of the
> >community-driven one you talk about? Do they have privacy/anonymity in
> Anyone can log this information. You can't keep it from being logged.
But people have to think to do it, ans it's often too late, as the
previous use case shows.
> >If one of the freedombox project goal is to "take back users data where they
> >belong", why not this (important) one?
> Oh we should definitely all run our own DNS. I know I do (via
> PowerDNS). I'm a huge proponent of data ownership (see my wiki page
> at http://wiki.knownelement.com/index.php/Data_Ownership ) and have
> been pushing it very hard over the past 18 months or so. DNS was
> actually the last thing I switched over.
> I'm far more interested in setting up a decentralized registrar as
> that's where it really matters. Even if you run your own
> DNS/mail/www/telephony/kerberos etc you can still get booted if your
> registrar decides to revoke your domain.
Well, somehow the thing I'm thinking of is kindof a registrar, might be at
least one for given domain and several sub-domains (as much as freedombox
Now even if freedombox would have to register the top level domain to a
registrar (which would llikely be the case), it's surely would depend on
this registrar and its relation with governments (cause they are the main
one able to tell a registrar to shut down a domain).
If a registrar shut down one personnal domain name, most people won't care
and its owner is pawned.
Now if this domain has thousands or millions of sub-domains, would the gov
or the registrar shut it down as easily cause one of the sub-domain has
made something that pissed them off, or think about it before and consider
that a whole community might heavily dislike this?
> >But I don't see a problem to offer both solutions, and let users choose.
> >Do you?
> No I don't.
> >>Well, pay the bill for a DNS domain at least, not that expensive though.
> >>>Some are already rented by people around here.
> >>>Bandwidth shouldn't be a problem if the system is decentralized. I guess
> >>>the best would be for such a system to be able to support multiple domain
> >>>name, so that if some fb user wants to own and use one, he/she could
> >>>manage it.
> >>What do you mean by decentralized? I hope you don't intend to replace the
> >>small number of commercial entities who can currently
> >>coopt/corrupt/manipulate my DNS records with a much larger number of
> >>decentralized, anonymous volunteers who can all do the same thing! :-)
> >Decentralized is probably a confusing term, I was meaning a system where
> >users control their dns registration themselves, without any central
> DNS registration? You mean zone files? Or you mean the registrar?
> Because the former is super simple today, the latter will require
> some serious work (politically/marketing wise not technically).
Ok, say zone file then.
> >But all this is just a problem I'm thinking about and that would need a
> >lot of design to be really consistent.
> You are absolutely correct. It's worth starting and continuing a
> discussion about. I'm glad this thread is here. It's perhaps the
> best thing that can come out of the freedom box project. Let's face
> it, this project is about integration of existing pieces (as covered
> on the wiki) , and production of a hardware/software appliance and a
> debian meta package as an end product. Exact features of said end
> product are up for some debate but I think that's only a few months
> of work. Evolution towards an expected end goal as opposed to
> revolution (well for those of us that have been pushing data
> ownership that is).
Yeah, glad to have that discussion too, have back and forth make things a
little bit more clear in my mind. My opinion is that we have to think on
both timeline, too make good choice and see the project as a whole and
avoid implementing things in a first stance we might have change after.
And dynamic DNS behing kindof a key in the freedombox project, better
think about it asap. As you said, it might not be that hard to think and
deploy our own system.
> Now a revolution would be the production of a many million
> freedombox powered, parallel large scale network that supports a
> decentralized registrar/telephony system. We have the technology to
> make this happen.
> This is what I'm working towards. It's why I'm involved with the
> village telco and serval project, and why I'm following the
> freedombox project very closely. I plan to contribute my technical
> expertise to the project once things have settled down a bit
> architecture wise. So far I'm pleased with the way things are going
> and the contributions of everyone here.
Great to hear :)
> Freedombox-discuss mailing list
> Freedombox-discuss at lists.alioth.debian.org