Skip to Content.
Sympa Menu

discuss - [opennic-discuss] DNS Hackery

discuss AT lists.opennicproject.org

Subject: Discuss mailing list

List archive

[opennic-discuss] DNS Hackery


Chronological Thread 
    < Chronological >      < Thread >
  • From: "Alex M (Coyo)" <coyo AT darkdna.net>
  • To: Discuss <discuss AT lists.opennicproject.org>
  • Cc: Alex <coyo AT darkdna.net>
  • Subject: [opennic-discuss] DNS Hackery
  • Date: Thu, 26 Sep 2013 18:51:23 -0500
  • Followup-to: Alex,<coyo AT darkdna.net>
In

RFC 5080 - Using OpenPGP Keys for Transport Layer Security (TLS) http://www.faqs.org/rfcs/rfc5081.html

RFC 4398 - Storing Certificates in the Domain Name System (DNS) http://www.faqs.org/rfcs/rfc4398.html and

RFC 6698 - The DNS-Based Authentication of Named Entities (DANE) http://www.faqs.org/rfcs/rfc6698.html

It is proposed that alternatives to the x.509 CA PKI be replaced by a more decentralized system based on a Secure DNS.

I was wondering what your thoughts would be on the extrapolation I thought up when I awoke this morning.

What if when you jacked in, DHCP+DNS gave you a whole heck of a lot more than just a bunch of IP addresses?

SRV records would only be the beginning. When you consider the possibility of port sub-port multiplexing (using a single TCP/UDP port for many independent services)

For example, DHCP might assign you a list of BitTorrent trackers and DHT seed nodes. (likely long-lived rTorrent seedboxes), or perhaps assign you a list of Tor relays to help bootstrap immediately by querying guard nodes for a directory cache, rather than bootstrapping directly with hard-coded directory authorities.

Another example might be assigning other protocols other than IPv4 or IPv6. Although tunneled AppleTalk or IPX/SPX would  be possibilities, so would many experimental networks be possible.

Another possibility would be using DHCP to bootstrap to special DNS servers which then finish your bootstrapping process, spinning up VPN tunnels to your favorite points within the Internet.

Another possibility would be using DHCP to bootstrap a thin client into ISP-hosted Intercloud instances, connecting to always-on cloud-hosted desktop operating systems.

DHCP, when combined with DNS, LDAP and Kerberos, might bootstrap into many community VPNs at once, making daily Internet and Intercloud use the norm, rather than the exception.

DHCP+DNS could work together on a lot of things, quickly providing the best user experience possible.

I wonder what kinds of things might be possible, if we extend DHCP, DNS, LDAP, IRC and Kerberos into a cohesive whole?

It's something I've been thinking a lot about.

Archive powered by MHonArc 2.6.19.

Top of Page