Thoughts about distributed DNS

I’ll start off by saying that I ran two BIND9 DNS servers for about 5 year, in a master/slave configuration where the slave mirrored the master through zone transfers for about 200-250 domains. So, I’ve got some basic knowledge about the DNS system.

Peter Sunde (“Brokep”) posted somthing about distributed DNS on his blog twitter (articles here and here), I can’t find the original post anymore, but it set of lots of thoughts in this area and I’ve been juggling ideas the past weeks and months. I’ve got to get them out, to put them in writing.. and perhaps have them commented. A friend in the Telecomix cluster, Maloki blogged about Decentralizing DNS – Telecomix DNS, inspired me further by pointing me to thier wiki, where they had explored ideas and begun building test-software for proof-of-concept.

I’ll try to describe my ideas in a simple form and from a macro perspective, in a speculative way as I haven’t got all the pieces of the puzzle.

TLD and TLDcc
There is a system of TLDs at use that reflect how they are used, some well known is .MIL – the US Military, .EDU – US Universities and colleges, .GOV – the US government. The most common TLD today is .COM – Commercial, .NET – Networks .. and .ORG – Organisations. See the pattern? Most of them are US-centric, as the internet was born/invented in the USA.
TLDcc are Country-specific, they often reflect which country they belong to. I live in Sweden which have the .SE TLDcc, Norway got .NO and France have .FR as their TLDcc.

In a distributed DNS-environment (not depending on the global root-servers) there could be just about any TLD registered, .PIZZA, .UNCENSORED or .GAYPORN. TLDs could be your name, .JOESCHMUCK or .MIRANDAESTEVEZ, there really is no practical limits (AFAIK). There is of course limits to what people can remember and enter into and address bar in a browser.

IPv4 & IPv6
It’s important to cover both standards, the one in place (IPv4) and the up and coming (IPv6) as the IPv4 address space is near depletion and IPv6 allocation will spike soon after IPv4 has run out of allocations. Also, with IPv6 every man, woman and their dog each has enough address space that there still will be plenty for everyone.

The concept of distributed DNS
Distributed DNS (hereafter called ‘dDNS’) builds upon the idea of decentralizing the domain name system completely, to make it more resilient against attacks from governments, organizations or commercial interest groups who have taken it upon themselves to govern the internet, often globally as they often think that their local legislation is world wide. With a distributed DNS system, it would be very hard to take down domains, if not impossible.
Every participant/user in the system could register his/her own domain under just about any top-domain, for free.

Web of trust
With every server/client comes a user generated cryptographic key, a public key (known by everyone) and a private key that is password protected and should be kept secret. The key is used for authentication and signing of domain names. The web of trust is created by letting people who know each other in the meatspace sign each others keys, this could be simple as entering your keys fingerprint onto a web page and sign your friends keys, an operation that could be done off-line too.
By assigning each friend a level of trust, the network of trust forms clusters, friends and family are often trusted and get a high trust-level, acquaintances or people you barely know get a weak trust-level. Your friends then repeat the process with their friends and so on. Friend-of-friends are somewhat trusted, through trust between you and your friends.

Redundancy
Information stored in a lot of places, geographically separated, are more safe than if stored on servers in the same datacenter. It is also less sensitive to attacks if mirrored across several countries or even continents.

Second-opinion
A system with second-opinions is a way to implement a certain level of security-by-peers, where a local query that has not been cached before, is sent to a number of random peers, when the replies arrive they are compared and checked for authenticity, then passed back to the system. Failing comparison from a few peers, should trigger another round of queries to random peers. Time-sensitive.

Self-tests
To strengthen the security of the system, each and every server/client should perform self-tests, to ensure that the cached data is accurate. By asking other servers/clients around them for information and comparing the results to what is cached locally, errors and/or false information can be found and reported. If a server/client has 15 neighbors and 14 of them reply identically and a single one replies with something else, the result of the faulty reply should be discarded and reported. Ongoing/periodical maintenance.

Distribution
What method of distribution is not really important, as long as the data is protected by encryption when it is transported. The data is then tamper-proofed by the encryption layer and eventual attempts to tamper with the data is discovered.
DHT or Kademlia has it’s pros and cons, to connect for the first time to either type of network, a seed IP is needed. Once connection with the network is established, there is a list of nodes saved and cached.

The transparent dDNS client
Most of the people on the internet today are running Windows on their computers, to ease the usage of the dDNS with it’s twists and turns over the Internet, it has to be very easy to install and run. It should be “Fire-and-forget” type of installation, you set it up once and you’re done. The dDNS client loads itself between the systems ordinary DNS client and the network stacks, to intercept DNS queries from the software installed on the computer.

A query’s life
A query is created when you need to reach another computer on the internet, normally your computer asks the DNS server your ISP has assigned you. That server could be compromised by either the ISP itself or by contract/law to block or filter queries for sites that your ISP/government has agreed to block. May it be copyright infringement or freedom of speech.
With dDNS server/client the query is intercepted and queries sent to the dDNS network first, if the network knows anything about the domain name, replies arrive and returns it to the system, if not, the query is passed the normal way and your ISP assigned DNS server does query dance, possibly giving you a wrong or completely false reply.

Stuff already there, or almost..
I’ve researched a bit on this subject, I found that Apples Multicast DNS (mDNS or Bonjour) client software is open source and available online. This package handles Zero-Configuration, network discovery of gateways, computers and printers. It also is capable of DHCP and other LAN-specific functions across several subnets.
The Freenet Project has the infrastructure to carry zone-information and queries, anonymously and cryptologically signed, over the internet.
A marriage of these two software bundles would create a drop-in replacement (as long as the core functionality in mDNS is kept in place) with a potential to overnight obsolete or put the existing DNS-infrastructure on the second violin, so to speak.

Several people have blogged about this:
Will DHS actions inspire a successor to DNS?
Telecomix take on distributed DNS

… this is just a text-blurb I’ve had marinating for a while (since January 2011), it’s not complete or technically fact-checked or anything. It’s meant to be some sort of blob of ideas for further discussions.