BitTorrent Based DNS To Counter US Domain Seizures

So I'm going to let someone inject DNS entries into a local /etc/hosts hijack, based on information from a 3rd party over a distributed network?<p>You know, I'm not actually against that so long as I can verify the end site in some way. Perhaps all traffic over this .p2p network should be SSL? And perhaps someone somewhere can hold a verifiable list of certs.<p>Basically, who in this arrangement can I trust to route my request to the right site? How do I know they won't lie? I know that applies now too, but DNS is based on trust and that generally means the roots are trusted and they won't risk that trust. In this decentralised world, who can be trusted?

This is a very interesting project. However, I think in order for something like this to succeed, it needs to be founded in a truly altruistic goal such as education, research, or some form of free information.<p>"By creating a .p2p TLD that is totally decentralized and that does not rely on ICANN or any ISP’s DNS service"<p>Sadly, the acronym p2p is tied with media piracy. If this alternate DNS system relies on the .p2p TLD, ISP's will have an easy way to filter this traffic. Beyond simple blacklist blocking, similar to what Comcast is doing to Level 3, it would make more sense for ISP's to simply charge extra (a lot extra) to access the .p2p side of the Internet.<p>A similar conversation was had years ago around the .xxx TLD discussion. In the end, the Internet needs to be open and priced at a level where everyone can access the information contained within it. If the US, China, etc start to impose drastic, unresonable restrictions then we will have no other choice except to create alternate systems. Eventually, this will create a fragmented, disjointed Internet completely different from the one we are using now.

I wonder about the security of this kind of a solution, and how they'll respect/protect owned domain names. I'm assuming the idea of ownership of a domain name becomes somewhat grey using this solution.<p>For example, how will they protect against domain poisoning by someone hacking their client to send out fake entries which redirect a domain to something they own?

<i>According to the project’s website, the goal is to “create an application that runs as a service and hooks into the hosts DNS system to catch all requests to the .p2p TLD while passing all other request cleanly through. Requests for the .p2p TLD will be redirected to a locally hosted DNS database.”</i><p>Cool, so, uh, /etc/hosts?

I had a similar idea some days ago and planned to write a simple prototype.<p>However, instead of supporting standard registrations my idea was more similar to Tor's .onion namespace:<p>You first generate a RSA keypair and build a hash of the public key. This hash is your domainname.<p>Then you timestamp your zonefile and sign it with your private key. Afterwards, you store the result in a DHT under the key of the hash generated earlier. DHT nodes responsible for your data verify that your signature corresponds to your public key and that your public key corresponds to the hash.<p>As a last step you need a way to retrieve the data: The first possibility is to use your own local resolver on your PC that queries the DHT. An alternative would be to have several public resolvers that make this data available under different subdomains.<p>Supporting non-hash domainnames is somewhat harder due to security problems (if you want to have a fully decentralized solution). However, it might be possible to do this with an approach similar to Bitcoin's, where a block-chain is used to store transactions.

"The Internet interprets censorship as damage and routes around it." - John Gilmore

I'm confused. Why would you use BitTorrent? A DHT sure, but the whole BitTorrent protocol? Seems silly for transferring less than 100 bytes of data.

Why not replace DNS names with public keys? Anyone can generate one - removing the need for centralized namespace authority for key-&#62;ip mapping - and any lookup can easily be verified as only the server at the correct IP would have the private key.

Would be interesting if by the time Senate hearings get around to looking at this (if they ever do) that a simple demo will show how useless the actions were in the first place...

So, this has happened before, with not much success: <a href="http://en.wikipedia.org/wiki/AlterNIC" rel="nofollow">http://en.wikipedia.org/wiki/AlterNIC</a> - of course the guy that started that also cache poisoned InterNIC so that might've had something to do with it...<p>I'd assume that anything of this nature needs critical mass more than anything else. Like Google Public DNS/OpenDNS supporting it on day one, or the next version of BIND (whenever /that/ happens!) having it built in.

I hope this effort pans out nicely.<p>I envision future where individuals and companies are free to buy/sell services and goods from each other, without government sticking in its nose.<p>Also, I envision p2p marketplaces, where online ads and other goods are sold and bought. Can anyone come up with an open source p2p AdSense killer? Do we really need Google to do it for us?

This could work: <a href="http://www.cs.cornell.edu/People/egs/beehive/codons.php" rel="nofollow">http://www.cs.cornell.edu/People/egs/beehive/codons.php</a>

This could finally mean freedom from ICANN and any other controlling authorities. Somehow this needs to have domain identity verifying mechanisms as well.

I was thinking about a sort of reverse Tor this morning, so that sites can hide their IP from users, as opposed to the other way around. Trouble is, you want it to work with existing browsers - users aren't going to install a new piece of software or a special browser to access masked domains.

Am I the only one who thinks that basing this on Bittorrent seems a tad bit like "when you have a hammer…"?

this torrentfreak article links to the opennic wiki page that's within their own glue domain, which won't work unless you have opennic set up:<p><a href="http://wiki.opennic.glue/dotP2PTLD" rel="nofollow">http://wiki.opennic.glue/dotP2PTLD</a><p>The page they meant to link to, within the normal dns root is:<p>&#62;&#62;&#62;&#62;&#62;&#62; <a href="http://wiki.opennicproject.org/dotP2PTLD" rel="nofollow">http://wiki.opennicproject.org/dotP2PTLD</a> &#60;&#60;&#60;&#60;&#60;&#60;&#60;&#60;&#60;<p>update: what I wrote still stands, but it has been fixed in the article.

<a href="http://dot-p2p.org/index.php?title=Main_Page" rel="nofollow">http://dot-p2p.org/index.php?title=Main_Page</a>

If bittorrent services centralize on this, the US will have effectively shrunk the scope of it's target space.