Discuss mailing list

["astanze AT blockchain-dns.info" <astanze AT blockchain-dns.info>]

Thanks for replying, Dmitry, Jonah, Rouben.

23.10.2017, 09:21, "Dmitry S. Nikolaev" <dn AT mega-net.ru>:
> Hi Astanze.
> I don`t see any replies on your message, sadly... and sorry for that.
> It was me who asked you on github to add OpenNIC support to your plugin.
Thanks, I wouldn't have thought of adding support for OpenNIC TLDs without 
your comment.

> You may look at 
> https://lists.opennicproject.org/sympa/arc/discuss/2017-09/msg00085.html 
> thread. It is about browser plugin and you can participate in discussion.
As far as I see, the main point (despite the subject line) of that thread was 
enabling HTTPS access for alternative DNS TLDs. This is out of scope of the 
BDNS project (or at least the existing addon) because:

1. Proxying is better done by something like friGate or an online proxy 
server (such as proxy.opennicproject.org). BDNS specifically doesn't want to 
be MitM for the user's traffic (besides complexity is a concern for growing 
degree of censorship in various countries, e.g. Russia, where onion gates, 
etc. are banned - having just a resolved is probably safe).

2. Installing a custom root CA is definitely not for an average user (and for 
many can be denied by administrative policies), and while it was possible 
with the old Firefox addon SDKs, WebExtension API is very limited and it will 
never allow this kind of intrinsic activity.

> Also you can join IRC chan (https://www.opennic.org/irc/) and talk to 
> community members there.
>
> I don`t see any reason for not to add info about your plugin into the 
> OpenNIC wiki. Plugin is working and it`s easy to install.
I hoped so. How do I go about adding this info to the wiki?

> P.S. You done great work, thank you for that.

23.10.2017, 15:08, "Jonah Aragon" <jonah AT triplebit.net>:
> Hello!
> 
> First off, thanks a lot for adding support for our DNS system, your plugin 
> looks like a great simple solution to access sites like these and I’m happy 
> about the work you do. 
> 
> I’ll have to test your plugin a bit more myself, and I was hoping to hear 
> from some other community members who had used it. Didn’t see much in the 
> last email thread about this. 
> 
> I had briefly tested the plugin on a corporate machine of mine without 
> success. It could just be that whatever methods you’re using were blocked 
> on that computer or it couldn’t access your servers, but I was somewhat 
> disappointed because that was the first clear use-case I thought of. The 
> plugin makes the most sense if you otherwise aren’t able to change your DNS 
> records, so I’d like to discover more limitations like that before 
> suggesting it as a clear suggestion or alternative. 
There should not be any special requirements besides allowing normal HTTPS 
traffic. 

I am very interested in the details, if it still fails for you. I have built 
in very verbose logging into BDNS code on GitHub (Mozilla asked to remove log 
calls for their release versions and I've done that for Chrome too). I would 
appreciate it if you can load the debug version into your browser and share 
the log it produces. 

For Firefox, this is done by going to Addons page (Ctrl+Shift+A), clicking 
the cog icon, choosing Debug Addons, checking Enable Debugging flag, clicking 
Load Temporary Addon and choosing an xpi file (it can be unsigned). To open 
logs, press Ctrl+Shift+J. The addon will be automatically removed once you 
exit Firefox.

For Chrome, this is done by going to Extensions page (from More Tools 
submenu), checking Developer Mode, clicking Load Unpacked Extension and 
choosing a folder where extension files are (manifest, etc.). To open logs, 
click on the "background page" link under the extension (in the list of 
extensions). The addon will be again automatically removed once you exit 
Chrome.

Unless you're willing to manually package the files from GitHub, you can use 
these premade archives (remember to extract the zip for Chrome, it won't 
accept it zipped): 

https://blockchain-dns.info/files/debug-firefox.xpi
https://blockchain-dns.info/files/debug-chrome.zip

Thanks in advance. Sadly, bug reports are very scarce at the moment (the 
growing number of users suggests that it works but...).

> I’ll be sure to give it a try on some other systems without restrictions 
> like that to test it out. And I hope other members here will give it a try 
> and report back. 
> 
> Do you operate every server personally?
Yes, I have a couple of Ansible rules to manage them. 

One of the list members has asked me about the details (without writing to 
the list), I'm sending them in case somebody is interested in how this works 
server-side:

-------- Begin forwarded message -------- 
Every server is fully independent.
 
Each runs an instance of HAProxy, Namecoin Core and Emercoin Core (any of the 
latter two can be omitted).

HAProxy acts both as an application server and as a balancer.

N/E TLDs are served by a Lua module loaded into HAProxy. Ideally, the module 
queries local N/E Core via their JSON API (same as of Bitcoin Core). If that 
fails, the module falls back to querying OpenNIC servers over TCP (those 
which support N/E TLDs such as the two Fusl's anycasts) acting as a web 
HTTP<->DNS proxy.

OpenNIC TLDs are, of course, always served by querying OpenNIC.

Results are cached for 10 minutes by Lua.
 
The whole setup can be arranged in less than 5 minutes on Ubuntu 16.04 if you 
don't want Namecoin Core (they don't provide binary packages, sadly). There 
are no dependencies other than these 3.

There is a close project - https://peername.com - but 1) it takes them 7 days 
to propagate changes in the blockchain and 2) they don't respect subdomains 
(i.e. always treat them as *.foo.bar) due to some limitations of Firefox 
WebExtension API, and 3) as a result both of their addons are not written 
very carefully (you need to see the wall of text if you want to understand 
what I mean; https://github.com/B-DNS/Firefox/blob/master/bdns.js).

The goal of BDNS is to be a one-stop for alternative DNS roots, primarily 
Emercoin (as it's the most active decentralized DNS alternative today), and 
be easy to use. Things like Tor and friGate while great do more than 
necessary for most people, hence BDNS.
 
The resolver's web API, for instance, is as simple as a HTTP/XHR request:
 
https://bdns.io/r/opennic.lib
-------- End forwarded message -------- 

> Thanks for your work on this,

23.10.2017, 17:30, "Rouben" <rouben AT rouben.net>:
> Hi,
>
> Thank you, Astanze for writing the plugin and using OpenNIC, and thank you, 
> Dmitry for reaching out to Astanze.
>
> I’m using the plugin on Chrome. I like it, especially the fact that you 
> open sourced it. It works fine for the most part. There is one caveat, 
> where it fails to resolve multi-level domain names, but I don’t think 
> that’s an issue, really, for day-to-day browsing.
Yes, this is expected, in part because Namecoin's zone record specification 
is convoluted, in part because very few of existing domains in the 
alternative TLDs actually use subdomains (PeerName, for instance, simply 
treats all subdomains as one).

However, OpenNIC TLDs should not have this issue. Can you tell me which 
domain and subdomain(s) you are trying to browse?

> For example:
> foo.tld works
> www.foo.tld works as well
> foo.bar.baz.foobar.tld tends not to work
>
> I suspect perhaps there’s a parsing issue, or maybe an issue on my end... 
> pure speculation, I admit. I was going to investigate further and submit a 
> proper bug report on github, but alas, time is not something I have a lot 
> of these days...
>
> Bottom line: keep up the good work, and if you are interested in putting 
> forward a proposal for some sort of “official” OpenNIC 
> endorsement/partnership, I would support it in principle.
Honestly, I'm not sure how I should proceed. BDNS cannot be a full fledged 
addon for OpenNIC without HTTPS support, yet this is not something that can 
be done (as I have explained in the beginning of this message). 

However, as something is better than nothing, it might be pertinent to at 
least list BDNS as an easy solution for an average user, and this is what 
motivated me to contact this list.

-- 
astanze / PGP key:
https://blockchain-dns.info/astanze.asc