No authority. Only Nostr.
NoDNS #soveng
Thread
Login to reply
Replies ()
what are special settings need at linux or windows os level or in firefox browser for example?
i will dig more to test later
Can the dns server be run remotely on a raspi akin to pi-hole, or even be a part of pi-hole? So that all devices on a lan would resolve npub.nostr?
kind 11111 - love it
๐บ Here's the long version of this!
So if I understand correctly, the DNS record is served to clients outside of the LAN by a Nostr relay. Then are able to access your local DNS server securely and then not have to route Nostr traffic through the DNS racket?
The big thing here though is the initial request for the DNS a record is still using DNS initially, right?
In this scenario the webserver has an npub identity and self-announces it's IP address + self-signed cert.
My machine does indeed connect to public relays to get his record event.
Yes, the browser does indeed use DNS like it does normally, except it passes through my nostr-compatible local DNS first.
I don't see an issue except if the DNS racket were not serving websocket server packets because they were afraid we were getting around their cabal. But then again, that would stop all Nostr notes, which seems...unlikely.
Great work, very clever work around.
Workarounds like this are nice because it integrates so well with existing system. Just the fact that this works system-wide opens up many doors.
Actually, I was thinking too small. Could this then in effect be used to serve the initial DNS A Record?
DNS bootstrap-> No-DNS cert validation
No-DNS bootstrap-> other No-DNS cert valid self hosted DNS servers?
Does that work? I might have confused myself.
Woah I was just talking about this today! Just a few hours ago ! Nostr moves fast
Nostr can totall, easily replace DNS even today, we'd just need a compliant browser.
View quoted note →
Nice! Yes i think Nostr is the way to go on a lot of these networking challenges. We can clear out a lot of technical debt built up over the last 20 years.
or a standard browser with the option to enable nostr lookups
Hello, I love this initiative. I have been working in the shadows on something that might interest you, it perfectly complements DNS over NOSTR, but my time is [zero] right now.
Can I send you a DM after Oct 15?
Regards!
I don't want to be the jerk that looks at the magician and says "How did you do that?"
But like... How did you do that?
An open source dev always reveals his tricks ;)
๐
The power of nostr is NOT in social media.
better already, but #NDN #NamedDataNetworking ditch all the servers, domains and crap. softwares and true self sovereign p2p stuff only. we all already have got internet access on all sides, why need corpo net datacentres clouds and shit? be the network be the datastore equal amongst equals
Great job man! Someone had to build this! Amazing
is this gonna help me build another webstore with out permission from anyone? i think i like this
The only permissioned part still existing within this system would be IP addresses themselves. But apart from that you can totally do it
i like where this is going
So cool! Miss you guys!
I don't have a lot of experience with nostr, but I see you do https:// VeryLongNPUBString dot nostr and I have a question (which may make no sense, but my nostr knowledge is limited): can the very long string that nobody will remember be replaced by a nip-05?
Also, I guess this could be combined with a redirect to serve an onion address, right?
The question indeed makes very little sense, but the the problem becomes how on earth i am going to explain that to you.
So lets say we have trains, and trains are cool for all kinds of reasons, but they are permissioned/centralized. So someone comes up with the idea of the car so its not permissioned/centralized. And your question would be:
I see your vehicle requires users to steer and navigate themselves, so can't you put the car on rails?
I.e. nip-05 is DNS, you suggest to use DNS to solve the drawback of the DNS-less system.
Hope this helps.
See, I had no idea how nip-05 worked. This answer was great, thank you!
Good comparison indeed.
Getting human-readable domains like you're suggesting is not the goal of this project. Something like that could live on top of this solution though.
5 hours really
I think you're missing 1 thing, zooko's triangle's solution
๐
This is absolutely awesome, great work. The automatic installation of certificates in the system's trust store is nice. So if you disable the automatic cert install (auto_install: false), nodns-server will be able to resolve the record (using the 111111 events) but the cert won't be trusted so the browser will complain and you'd have to manually trust it ?
Correct. In the current state of the code automatically inserting the certificate is still VERY risky because I haven't implemented certificate security checks yet.
If the checks are not in place. any [npub].nostr could publish a self-signed certificate with *.google.com and your system would trust it. Allowing a MITM attack.
Just be aware of this when testing. It's very experimental.
DNS is really old protocol not built for security
Amazing!
very cool
But does it fully solve this problem? RIP DK
Probably, since you'll check on your machine the signature of the npub you wanna reach. It doesn't matter HOW the info got to you anymore.
Which is why the internet is so broken, all these kind of exploits exist by the grace of 'trust me bro' networking.
Great video btw, thanks for sharing!
I'm not so sure. Dan Kaminsky only stop gapped the problem, didn't resolve it. If you're still running DNS, are you sure ? is still in my head :p
challenge the folks at sov eng for me, cuz i can't be there will ya?
Host your website and be found by everyone - no buying domains anymore!
One of the puzzle pieces in making our entire network stack permissionless being explored at #SEC-05 .
More to come, stay tuned and LFG ๐
View quoted note โ View quoted note โ
Can't wait to see more.
Genialidad subtitulado a Espaรฑol
View quoted note โ
Can this tech bypass deep packet inspection by ISP?
Hey @Arjen, this is very cool. I don't understand something, when your local DNS connects to the nostr relay, it's using DNS to do it, no?
holy shit. this is great
This is amazing ๐คฏ
This is fantastic, but trying to wrap my head around this so I can use it.
Does the end user with the browser not have to make any changes at all?
Or do they have to change their DNS settings in order for this to work?
NODNS BIP353 BOLT12
#soveng
a Domain name without ICANN-DNS is way more valuable then sending sats around
This still needs updating though, the latest version is in the no-dns repo
hm nodns needs to sit on top of an conventional Resolver like Bind and handover nameresolution when it can't . a more human readable version for a Nostr domain would be handy
This solution can't solve the human readable part. It chooses security and decentralization over human-readable.
I believe the human readable names to be a social problem to solve. They could perfectly well resolve to an npub's no-dns records. Meaning bob.nostr might resolve to one npub for me and a different one for you based on our differing social graph.
hm that doesn't work , the name must be worldwide unique like a npub
I disagree
For uniqueness you either need to agree on a centralized authority like ICANN.
OR
Achieve global consensus by adding it to the Bitcoin blockchain. But to me, that seems expensive and unattainable for most people in the future.
I don't like either of the former solutions. I think accepting that no globally unique owner of [short name].nostr and building for that is more realistic. You can give a name weight by putting PoW towards it or by social consensus, which is how the world has operated since forever and it works quite wel... If I say 'London', you probably know what I'm talking about and which coordinates it belongs to, despite there being multiple London's out there
Cc: AWS & customers
View quoted note โ