LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

LWN.net Weekly Edition for September 4, 2008

The Kernel Hacker's Bookshelf: UNIX Internals

DRI, BSD, and Linux

SCHED_FIFO and realtime throttling

LWN.net Weekly Edition for August 28, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

What to do about DNS?

What to do about DNS?

Posted Apr 12, 2007 17:04 UTC (Thu) by JohnNilsson (subscriber, #41242)
Parent article: What to do about DNS?

If you ask me the biggest problem with DNS is it's centralized nature. The fact that names is owned and controlled by a single entity is to fragile and definitely a bad way to handle a scarce resource.

Domainparking, all those "search" sites that take over good names and so forth are problems created by this centralism.

Wouldn't it be possible to design a decentralized system wherein the names are controlled by the communicators. Just as nicknames are somewhat out of the control of who the name refers to a domain name should also be localized in those communities having a need for the name.

Take lwn.net as example. This name is now taken by Linux Weekly News excluding Little Weak Nerds from the use of the same name. What if Linux Weekly News instead used a SHA hash as it's name and Little Weak Nerds used another SHA hash as it's name leaving the control of mapping lwn.net to those hashes in the hands of the communities who feels a need to refer to them with shorter names? Kind of how tinyurl works.

(Log in to post comments)

What to do about DNS?

Posted Apr 12, 2007 20:43 UTC (Thu) by job (subscriber, #670) [Link]

Yes -- OR you could just tap in the IP address directly. Probably a lot easier to remember and type than SHA hashes, and perfectly secure.

What to do about DNS?

Posted Apr 12, 2007 23:07 UTC (Thu) by copsewood (subscriber, #199) [Link]

If you tap in the IP addresses directly instead of using DNS or prefer to use hashes of the IP addresses (just as meaningful as hashes of names like lwn.net) you will still have the problem of there being a limited number of IP addresses and routing authority for blocks of these IP addresses (however many bits if these are of a fixed size) and these address bits being partitioned and delegated hierarchically. So what exactly is the problem you are trying to solve ? Perhaps DNS solves a different problem from the one you had in mind, and perhaps you will need to go deeper than DNS to the routing protocols and internetwork address formats in order to solve your problem.

What to do about DNS?

Posted Apr 16, 2007 3:23 UTC (Mon) by intgr (subscriber, #39733) [Link]

I did not really understand your concern, but I'll try to make the concept more understandable here.

The approach is generally called self-certifying "names". The idea is that the name is actually a hash of the server's public key.

When you tap in the hash, it gets resolved to an IP through a potentially corruptible authority. However, when connecting to the server itself, it will authenticate to the user with the private key whose public key's hash was embedded in the name. The client can verify this signature and authenticate that the server is the right one, on the assumptions that:

  • The client itself is trustworthy
  • The server itself is trustworthy
  • The source for the name is trustworthy

Note that unlike the current schemes, no intermediaries have to be trusted during usage, at all; it pushes the problem higher up, to the distribution of "names".

What to do about DNS?

Posted Apr 16, 2007 6:35 UTC (Mon) by dlang (subscriber, #313) [Link]

this sounds like exactly the same problem that you have today with SSL certs.

if you assume that the client, server, and trusted third party are all intact then you don't have anything to worry about.

no need to add another layer (with the dns) with the same limitations.

What to do about DNS?

Posted Apr 12, 2007 23:37 UTC (Thu) by giraffedata (subscriber, #1954) [Link]

Incidentally, the publication has not called itself Linux Weekly News for many years.

What to do about DNS?

Posted Apr 13, 2007 0:52 UTC (Fri) by bronson (subscriber, #4806) [Link]

I tend to think "Libre Weekly News" in my head... Does "LWN" have any sort of official definition?

What does LWN stand for, anyway?

Posted Apr 13, 2007 2:54 UTC (Fri) by kevinbsmith (subscriber, #4778) [Link]

LWN, initially, was "Linux Weekly News." That name has been deemphasized over time as we have moved beyond just the weekly coverage, and as we have looked at the free software community as a whole. We have yet to come up with a better meaning for LWN, however.

(Direct from the LWN.net FAQ, linked from the top of every page)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds