Hopefully this won't be too long. DNS is just that easy to attack for its flawed logic, rotten policies, and short term thinking that's already screwing us over. Supposing you wanted a melon, and asked someone how to get a melon, and their answer was to tell you in detail all the ways you must chop a melon before cooking it or preparing it in fruit salads, then lectures you on the proper arrangement of fruit salads, then refuses to talk to you because you don't know the first thing about fruit salads. That's DNS.
DNS is the naming system that guides most of the Internet. We can't remember numbers like 63.197.122.98 so instead we remember names like synx.dyndns.org, and thereby know where our destination is. But what if someone tells you that synx.dyndns.org is located at 207.46.19.60? How do you know I didn't just change IP addresses? Short answer is: you don't. The only way you can have human readable names is if you trust someone to be able to translate them into the unique numbers that are hard to remember. Trust meaning you designate them as an authority.
So that's a slight problem right there, because it means one person in the world decides who gets the names ending in .com. They're supposedly "regulated" by the US government, but then so was Enron. Now let's assume they're trustworthy though, and they'll faithfully map names to IP addresses with no inconsistency. But what if they charge $50 a month to you, and take away your service if you don't pay up? That's $50 a month you're paying for them not to hurt you. And every domain in the world is under this racket. The Mafia never had it this good!
Now let's talk techicalities for a second. If I manage it so that synx.dyndns.org becomes 63.197.122.98, and then I put an email server on 63.197.122.98, people can send email to synx.dyndns.org, right? Wrong. It turns out there is a special DNS record for e-mail called MX, and if you don't have that your mail doesn't get sent, and if your name record resolves, but your MX record goes to the wrong computer, your mail isn't even going to 63.197.122.98, even though that's the number that resolves!
It gets worse. Suppose I make a CNAME record that maps synx.org to synx.dyndns.org and thereon to 63.197.122.98. Wait, but I don't own synx.org! Own? You mean I don't pay $50 a month for my noble DNS lords to deign to allow me to use their precious addresses. More importantly though, someone else has synx.org, and it's supposed to map to 64.94.117.8. But where does it say I can't do that? As a matter of fact I can, and so can any DNS server screw up a specific host or category of hosts if they want. You just have to trust them, and they their lords, and their lords up to the root servers. There is no authentication.
Now supposing I want to setup a jabber server at synx.dyndns.org, and so I set one up, but for some reason people at jabber.elite-bastards.com can't see my presence! It must be an error with my jabber server, right? No, once again it's DNS. Turns out you need what is called a SRV record, which pretty much means that if you connect with jabber to synx.dyndns.org but there's an SRV record to gmail.com, then you'll connect to gmail.com instead of synx! What a useful feature! Well maybe it is useful, but here's the sad thing. It's required. So that means if dyndns.org doesn't give me any SRV records, and you try to connect your server to synx.dyndns.org, the specification is that if you see no SRV records, connect to nothing and fail mysteriously.
And that I conclude is why DNS Must Die. It's an authoritarian, hobbled, hackneyed system that people require pointlessly since they're elitist bastards who would like to reduce the power of the common person even more by making their IP address effectively worthless. That's almost certainly why my jabber server isn't successfully sending my user's presence notification to jabber.com, gmail.com, and others, because of misconfigured DNS, and the fact dyndns won't give me SRV records. Why should they have to though? Just freaking connect to synx.dyndns.org, I only have one computer!
An idea that would work better than DNS is: an addressbook. You contact your ISP's addressbook, and they send you things named google.com and amazon.com and such, whose numbers are 25d5h235hsoeucharoeurch or something. You cache those temporarily in your own addressbook. It's a simple name -> destination, like DNS but only with SRV records, and no stupid timestamping. But here's where it differs: your friend sends you an email saying "I found indie.info, it's a really great site! Its number is 8dhu980hu99uh9aeuduh" So then you add that name, and number into your addressbook, and from then on you can get to that number by indie.info, and so can anyone using your addressbook.
There's another good thing about my idea, is the power of asymmetric signing. It's possible to take any bit of data, say for instance "indie.info:8dhu980hu99uh9aeuduh" and sign it with a private key that you never share. People using your public key can verify that you, and only you, signed that bit of data. And that means authority. Your friend can tell you, "Hey I found (Susi's Room:598gh9a09oe09aeo09toe) and it's Susi's room!" You could then use Susi's public key that's on (Public Keys:235890ghu0t0t0[h0t0) or maybe she emailed it to you, to verify that Susi also agrees that (Susi's Room:598gh9a09oe09aeo09toe) is her room. That way when you get an email from Dirk Dastardly saying "Hey I found (Susi's Room:5h[0,9gc0p98,0.u9vil) and it's Susi's Room!" Dirk would have no way, aside from breaking military grade encryption, to sign that claim with Susi's private key, since she never shares it. Thus you wouldn't get a "Susi's room is now 5h[0,9gc0p98,0.u9vil" message. You'd get a "Dirk Dastardly blocked for middle man attack" message, which is a much nicer message to get.
With DNS there is no cryptographic signing. There is only "google.com is 69.31.81.58 because I say so, peon." and whether google.com agrees with that or not is irrelevant. The only person who decides is the one who owns the DNS root server, and they can charge money, restrict access, or take favors for those valuable little names. With an addressbook system though, you could change google.com to be 209.126.148.50 if you wanted, and it'd be authorized by you. And google.com could change it to 64.233.167.99, and it would be authorized by them, not by any of the servers that carry their address information.
You could trust giant addressbook servers, like (addressbook of microsoft:40395thi0ehi666), and it would work like DNS, but when this giant addressbook server decided to abuse its power, its users would just be able to change the records themselves, and set up a new addressbook authority. Only the most trustworthy survive. You could even have a multitude of authorities, and you'd have "google.com of revolutionary addressbook" and "google.com of knitting circle's addressbook" and "google.com of my ISP's addressbook" and such like that, each with a different number. And of course "google.com of google.com's addressbook" which doesn't have to come directly from google since it can't be modified without invalidating that signature google put on it.
Russel Turpin had a similar idea to this, as did these guys who actually have a partially working version albeit in (ugh) java. It's not signed though, only decentralized, despite long talked about plans to the contrary. Help out, and implement signing!
Comment
Index
Previous
(Neat Survey!)
Next
(Went to the Libr^H^H^HStayed Home)