A world without DNS

Date Tags blog / DNS

Have you ever tried remembering an IP address /32? How many (non-sequential) can you remember? For how many days! These questions always torment me everytime I can't get DNS to work on a new host or I am trying to reach a subset of hosts that were just created and have no DNS entries ( yeah, no DHCP). DNS is such an important part of our lives and it is a given for most people (except for non-techies) that I don't think many people realize how dependent we've become on it. Now imagine a DNS apocalypse, DNS servers across the world are broken and the only way to address websites now is through IP addresses and it was up to you to save the world! Every public and internal DNS server in the world died. What would you do?

Well, I can think of a quick fix... When I was in college we built a very small DNS server that was pretty much a cache to store IP addresses and request lookups to a real DNS server if it didn't find it. All you had to do was point your browser to the local DNS server. We would just need a very reliable source to obtain all of our new information, or have a way of of obtaining all of our new DNS data and a purely decentralized way, without any authoritative servers telling our private local DNS cache who owns what domain.

This gives room to the concept of a purely decentralized DNS network in which we could pretty much update our small local DNS based on asking our peers, "Hey, Bob do you know the IP for johnnnies.com?". If Bob says yes, then he shares it to you if Bob doesn't have it you can ask another peer in your network or have Bob ask some of his neighbors. Limiting the type of requests to two so far, (1) can I get an IP for url x? (2) can you ask your neighbors for URL x?. The main reason for (2) being that we probably want to avoid flooding the network if we just automatically ask all of our peers as soon as we get asked question (1) and we don't know the answer. This of course is starting to lead to a billion other questions, such as trust, discovery mechanisms, security and other topics of interest. When researching this idea I came across an initiative that seemed pretty interested called ODDNS, which came as a way to prevent censorship and allowing people to manage their own domains, which of coursed probably generated a lot of opposition... :( so I think the initiative died out, but my guess is that is was probably terminated by external parties.

The main problem I can think of is trust, how do you know that the data your peer provided is valid? It would be really hard to establish who is the owner of a domain or subdomain without an authoritative name server as it currently works, which is were a lot of corporations and governments exert their authority by filtering out unwanted domains and censoring content. So if we were to think of how to trust the results of a peer I would say that we should rely on the peer-to-peer nature of the network and ask multiple neighbors and then compare results. We could also have an authority function for each peer that depends on your previous interactions, number of direct hits (peer you asked knows the answer without asking any other peers) and data validation with other peers. Far from ever receiving 100% accurate data as long as you can minimize the risk of obtaining false or malicious data (man-in-the-middle or redirection attacks), we could have a DNS replacement systems that works most of the time and is stable enough to be usable. Yet having a market for this information or a super-peer that provides data and has a very high ranking authority seems unavoidable, specially if it is a known authority (ie Google, Microsoft, etc). This super-peer can be any authority as voted by the majority of the other peers, which makes me think that this alternative DNS network would eventually transform into a centralized-descentralized network but at least it would leave the opportunity for new peers to come and go and chose who to trust, making super-peers only as authoritative as other peers allow them to, not to mention that this might decrease government censorship.

What other alternate ways do you think we can replace DNS?

~rs

Comments

comments powered by Disqus