In light of the recent WikiLeaks domain name problems and COICA DNS hijacks, I’ve been thinking more and more about some kind of peer-to-peer DNS system. The peer-to-peer model is the same system used by BitTorrent, and is different from the centralized model used by most internet services. This would decentralize the internet’s domain names and make it more difficult for governments and corporations to manipulate the internet. A peer-to-peer system also has the advantage of different fault-tolerance characteristics. It could also improve the DNS response times of the internet, due to the fact that a peer might be right next to you and already have the DNS information your computer is looking for.
Right now, people are sending each other the IP addresses of sites like WikiLeaks (213.251.145.96) but this only works while free speech is allowed and normal DNS is still working. A system needs to be created to address this.
Both Windows and *nix-based operating systems have support for HOSTS files. A HOSTS file is just a human-readable list of domain/host names and IP addresses that the network stack looks through first before making a DNS query for a domain name. Usually, the HOSTS file on most computers is almost empty, containing only entries for localhost and such.
At the most basic level, you could download a text file via BitTorrent containing a list of DNS/IP address pairs, and copy that into your HOSTS file. This works, and acts as a temporary solution, but there are a few problems with this approach:
- It requires manual edits to the HOSTS file. Users with less technical experience may not understand how to do this.
- There is no way to verify the validity of the information – this is only established by word-of-mouth and peer count. Someone could plant fake IP addresses and phish passwords – or execute other attacks – and it could take a while before this is found out.
- There is no easy way to update the entries with new information, or combine multiple lists of DNS information. You would need to download a new file every time entries are changed, which would lead to a ton of files being seeded on BitTorrent trackers with people unsure of which ones are the most recent. You would probably need a script to remove duplicate entries, and you would need to merge all the changes manually to resolve any conflicts. The HOSTS file could also get quite large; there would be performance issues with searching through the file every time a DNS query is made.
It’s obvious that this isn’t very scalable beyond a few pages of entries. A better solution would be to set up an actual DNS server, either just for your own computer or your entire local network, and route DNS requests through there first. Storing the IP addresses as 4 or 16 bytes and using an optimized data structure for the domain names would be more efficient. New entries would be downloaded automatically via methods similar to peer exchange and DHT in BitTorrent.
- Protocol encryption would secure the exchange of entries between peers.
- Asymmetric cryptographic signatures can be used to prove that new DNS entries for a domain were written by the same entity as the old DNS entries.
- This means that when someone forwards you a new IP address for a domain, you can tell that the new IP address was originally from the same person that wrote the old IP address.
- I’m not sure how you would prove or claim ownership of a domain name, though. This is one of the big problems. The owner(s) of a site should be the only ones who have the authority to change or set DNS entries.
- Hash collisions would be bad in this system – two DNS entries that share the same hash would produce undesirable behavior.
- What happens if two peers upload conflicting DNS entries at the same time? Some peers would end up seeing different IP addresses, and then when the two entries diffuse far enough to be seen simultaneously by a single peer, which one does that peer select?
As you can see, many problems exist with this that still need to be solved. Hopefully they will be figured out eventually. I’ll post more about this later.
I would appreciate any ideas you may have relating to this.
EDIT: See http://dot-p2p.org/ for some people attempting this…
December 4th, 2010 | 
Written by 
Category: Uncategorized |
Peer-to-peer DNS: Decentralizing the internet's domain names http://t.co/eC2M6vG
Peer-to-peer DNS: Decentralizing the internet's domain names http://t.co/ZkZa4vy
Unfortunately I don’t have any suggestions for implementing your idea, but I believe your idea is an extremely good one. Perhaps there are some open source projects trying to tackle this problem? Sourceforge.net perhaps?
Just came across this link. Not sure if it helps.
http://netsukuku.freaknet.org/?pag=faq#where-are-current-netsukuku-networks-that-i-can-connect-to
Unfortunately,
Netsukuku has been pretty much dead for years now, and there are still many problems with meshes that need to be solved.Netsukuku is not dead. Have a look at this blog.
http://pyntk.blogspot.com/
OpenNIC .p2p Charter
.p2p is chartered for use with our peer to peer based DNS concept. ( http://dot-p2p.org/ ) The primary service will allow people to use a decentralized open DNS system. The purpose of this TLD is to allow people using traditional methods of DNS to gather information about this new concept and to also control domain registrations through the use of http://nic.p2p
.p2p domain names are first come, first serve, excluding those reserved for .p2p operational matters (www.p2p, nic.p2p, opennic.p2p) for domain spam prevention, to qualify for a domain you must own at least one domain of the same name in the existing TLD scope (eg: test.p2p requires you to own test.com/.net/.org/etc)
To prevent domain fraud on commonly used domains (eg: google.*) alexa top1000 will be locked to the owner of the highest ranking domain that appears on the alexa rankings …
Reselling of domains/subdomains, as a domain is controlled by a member, we have no direct say in how it’s operations are handled. All domains handled through nic.p2p will be freely available to all members.
Contacts
TiAMO – tiamo@tfr.org
NovaKing – novaking@eztv.se
brokep – email to be supplied
#dns-p2p @ efnet.org
http://en.wikipedia.org/wiki/Alternative_DNS_root
Alternative roots typically include pointers to all of the TLD servers for domains delegated by ICANN, as well as name servers for other, custom top-level domains that are not sanctioned by ICANN. Some alternate roots are operated by the organizations that manage these alternative TLDs.