Skip to Content.
Sympa Menu

discuss - Re: [opennic-discuss] BDNS - a browser addon for accessing OpenNIC TLDs

discuss AT lists.opennicproject.org

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] BDNS - a browser addon for accessing OpenNIC TLDs


Chronological Thread 
  • From: "astanze AT blockchain-dns.info" <astanze AT blockchain-dns.info>
  • To: "discuss AT lists.opennicproject.org" <discuss AT lists.opennicproject.org>
  • Subject: Re: [opennic-discuss] BDNS - a browser addon for accessing OpenNIC TLDs
  • Date: Wed, 25 Oct 2017 04:34:26 +0300
  • Authentication-results: mxback5j.mail.yandex.net; dkim=pass header.i= AT blockchain-dns.info

Thanks for replying, Dmitry, Jonah, Rouben.

23.10.2017, 09:21, "Dmitry S. Nikolaev" <dn AT mega-net.ru>:
> Hi Astanze.
> I don`t see any replies on your message, sadly... and sorry for that.
> It was me who asked you on github to add OpenNIC support to your plugin.
Thanks, I wouldn't have thought of adding support for OpenNIC TLDs without
your comment.

> You may look at
> https://lists.opennicproject.org/sympa/arc/discuss/2017-09/msg00085.html
> thread. It is about browser plugin and you can participate in discussion.
As far as I see, the main point (despite the subject line) of that thread was
enabling HTTPS access for alternative DNS TLDs. This is out of scope of the
BDNS project (or at least the existing addon) because:

1. Proxying is better done by something like friGate or an online proxy
server (such as proxy.opennicproject.org). BDNS specifically doesn't want to
be MitM for the user's traffic (besides complexity is a concern for growing
degree of censorship in various countries, e.g. Russia, where onion gates,
etc. are banned - having just a resolved is probably safe).

2. Installing a custom root CA is definitely not for an average user (and for
many can be denied by administrative policies), and while it was possible
with the old Firefox addon SDKs, WebExtension API is very limited and it will
never allow this kind of intrinsic activity.

> Also you can join IRC chan (https://www.opennic.org/irc/) and talk to
> community members there.
>
> I don`t see any reason for not to add info about your plugin into the
> OpenNIC wiki. Plugin is working and it`s easy to install.
I hoped so. How do I go about adding this info to the wiki?

> P.S. You done great work, thank you for that.

23.10.2017, 15:08, "Jonah Aragon" <jonah AT triplebit.net>:
> Hello!
>
> First off, thanks a lot for adding support for our DNS system, your plugin
> looks like a great simple solution to access sites like these and I’m happy
> about the work you do.
>
> I’ll have to test your plugin a bit more myself, and I was hoping to hear
> from some other community members who had used it. Didn’t see much in the
> last email thread about this.
>
> I had briefly tested the plugin on a corporate machine of mine without
> success. It could just be that whatever methods you’re using were blocked
> on that computer or it couldn’t access your servers, but I was somewhat
> disappointed because that was the first clear use-case I thought of. The
> plugin makes the most sense if you otherwise aren’t able to change your DNS
> records, so I’d like to discover more limitations like that before
> suggesting it as a clear suggestion or alternative.
There should not be any special requirements besides allowing normal HTTPS
traffic.

I am very interested in the details, if it still fails for you. I have built
in very verbose logging into BDNS code on GitHub (Mozilla asked to remove log
calls for their release versions and I've done that for Chrome too). I would
appreciate it if you can load the debug version into your browser and share
the log it produces.

For Firefox, this is done by going to Addons page (Ctrl+Shift+A), clicking
the cog icon, choosing Debug Addons, checking Enable Debugging flag, clicking
Load Temporary Addon and choosing an xpi file (it can be unsigned). To open
logs, press Ctrl+Shift+J. The addon will be automatically removed once you
exit Firefox.

For Chrome, this is done by going to Extensions page (from More Tools
submenu), checking Developer Mode, clicking Load Unpacked Extension and
choosing a folder where extension files are (manifest, etc.). To open logs,
click on the "background page" link under the extension (in the list of
extensions). The addon will be again automatically removed once you exit
Chrome.

Unless you're willing to manually package the files from GitHub, you can use
these premade archives (remember to extract the zip for Chrome, it won't
accept it zipped):

https://blockchain-dns.info/files/debug-firefox.xpi
https://blockchain-dns.info/files/debug-chrome.zip

Thanks in advance. Sadly, bug reports are very scarce at the moment (the
growing number of users suggests that it works but...).

> I’ll be sure to give it a try on some other systems without restrictions
> like that to test it out. And I hope other members here will give it a try
> and report back.
>
> Do you operate every server personally?
Yes, I have a couple of Ansible rules to manage them.

One of the list members has asked me about the details (without writing to
the list), I'm sending them in case somebody is interested in how this works
server-side:

-------- Begin forwarded message --------
Every server is fully independent.

Each runs an instance of HAProxy, Namecoin Core and Emercoin Core (any of the
latter two can be omitted).

HAProxy acts both as an application server and as a balancer.

N/E TLDs are served by a Lua module loaded into HAProxy. Ideally, the module
queries local N/E Core via their JSON API (same as of Bitcoin Core). If that
fails, the module falls back to querying OpenNIC servers over TCP (those
which support N/E TLDs such as the two Fusl's anycasts) acting as a web
HTTP<->DNS proxy.

OpenNIC TLDs are, of course, always served by querying OpenNIC.

Results are cached for 10 minutes by Lua.

The whole setup can be arranged in less than 5 minutes on Ubuntu 16.04 if you
don't want Namecoin Core (they don't provide binary packages, sadly). There
are no dependencies other than these 3.

There is a close project - https://peername.com - but 1) it takes them 7 days
to propagate changes in the blockchain and 2) they don't respect subdomains
(i.e. always treat them as *.foo.bar) due to some limitations of Firefox
WebExtension API, and 3) as a result both of their addons are not written
very carefully (you need to see the wall of text if you want to understand
what I mean; https://github.com/B-DNS/Firefox/blob/master/bdns.js).

The goal of BDNS is to be a one-stop for alternative DNS roots, primarily
Emercoin (as it's the most active decentralized DNS alternative today), and
be easy to use. Things like Tor and friGate while great do more than
necessary for most people, hence BDNS.

The resolver's web API, for instance, is as simple as a HTTP/XHR request:

https://bdns.io/r/opennic.lib
-------- End forwarded message --------

> Thanks for your work on this,

23.10.2017, 17:30, "Rouben" <rouben AT rouben.net>:
> Hi,
>
> Thank you, Astanze for writing the plugin and using OpenNIC, and thank you,
> Dmitry for reaching out to Astanze.
>
> I’m using the plugin on Chrome. I like it, especially the fact that you
> open sourced it. It works fine for the most part. There is one caveat,
> where it fails to resolve multi-level domain names, but I don’t think
> that’s an issue, really, for day-to-day browsing.
Yes, this is expected, in part because Namecoin's zone record specification
is convoluted, in part because very few of existing domains in the
alternative TLDs actually use subdomains (PeerName, for instance, simply
treats all subdomains as one).

However, OpenNIC TLDs should not have this issue. Can you tell me which
domain and subdomain(s) you are trying to browse?

> For example:
> foo.tld works
> www.foo.tld works as well
> foo.bar.baz.foobar.tld tends not to work
>
> I suspect perhaps there’s a parsing issue, or maybe an issue on my end...
> pure speculation, I admit. I was going to investigate further and submit a
> proper bug report on github, but alas, time is not something I have a lot
> of these days...
>
> Bottom line: keep up the good work, and if you are interested in putting
> forward a proposal for some sort of “official” OpenNIC
> endorsement/partnership, I would support it in principle.
Honestly, I'm not sure how I should proceed. BDNS cannot be a full fledged
addon for OpenNIC without HTTPS support, yet this is not something that can
be done (as I have explained in the beginning of this message).

However, as something is better than nothing, it might be pertinent to at
least list BDNS as an easy solution for an average user, and this is what
motivated me to contact this list.

-- 
astanze / PGP key:
https://blockchain-dns.info/astanze.asc



Archive powered by MHonArc 2.6.19.

Top of Page