| Results 1001 ... 1250 found in all logged channels for 'DNS' |
(trilema) BingoBoingo: DNS points to prohibited IP
(trilema) assbot: Logged on 19-07-2015 19:16:30; decimation: the amusing thing to me is that the 'ddos cannon' is using dns
(trilema) assbot: Logged on 19-07-2015 19:09:25; decimation: also, I don't know what the 'web 2.0' thing he posted a picture of is? is that some kind of dns control panel?
(trilema) jurov: !s cjdns
(trilema) decimation: I suppose it kinda has to use dns to defeat trival remappings
(trilema) decimation: but I too am curious how disabling qntra's dns while clobbering random bystanders helps anybody
(trilema) decimation: the amusing thing to me is that the 'ddos cannon' is using dns
(trilema) assbot: Global DNS Propagation Checker - What's My DNS? ... ( http://bit.ly/1CQh0iR )
(trilema) decimation: also, I don't know what the 'web 2.0' thing he posted a picture of is? is that some kind of dns control panel?
(trilema) mod6: <+asciilifeform> gentlemen, please welcome zoolag.ddns.net - a therealbitcoin/stator node. << cool!
(trilema) asciilifeform: (remember to always add by ip, stator does not support dns)
(trilema) asciilifeform: gentlemen, please welcome zoolag.ddns.net - a therealbitcoin/stator node.
(trilema) mthreat: you control the dns on that right?
(trilema) mircea_popescu: does reverse dns make a diff to you anwyay ?
(trilema) mircea_popescu: dns1-5.registrar-servers.com looks like the registrar maintains your ns.
(trilema) mircea_popescu: dns zone ? it's on the machine no ?
(trilema) asciilifeform: i think the keeper never reset the reverse dns
(trilema) asciilifeform: mircea_popescu: also why is my reverse dns 'archive.today'
(trilema) ascii_field: realize, i don't have a better solution than ntp. but it has to be done sanely (no dns; builds under musl or uclibc; doesn't introduce more than a few dozen lines of code; and picks from $bigint ip on powerup; and sanity-checked from blockchain )
(trilema) ascii_field: i don't want dns in there. anywhere.
(trilema) ascii_field: ntp from random selection among 1,000 ip (not dns, but ip) ntp nodes, PLUS sanity check using blockchain, could be a practical answer.
(trilema) assbot: Logged on 07-07-2015 15:22:37; asciilifeform: and work without invoking dns
(trilema) mircea_popescu: they run dns but not time ?
(trilema) asciilifeform: and work without invoking dns
(trilema) asciilifeform: (not in the dns-free variant)
(trilema) mod6: <+punkman> ascii_field, does this sequence look right? >> 0.5.3.1-release + orphanage nuke + tx-orphanage + dnsseed_snipsnip + zap_hardcoded_seeds + zap_showmyip + dns thermonuke + irc nuke << looks right to me.
(trilema) punkman: ascii_field, does this sequence look right? >> 0.5.3.1-release + orphanage nuke + tx-orphanage + dnsseed_snipsnip + zap_hardcoded_seeds + zap_showmyip + dns thermonuke + irc nuke
(trilema) ascii_field: trinque: to be fair, i killed all of the fallback sync mechanisms (irc, dns, hardcodedseeds)
(trilema) assbot: Logged on 30-06-2015 15:57:34; pete_dushenski: "Cisco Systems Inc (CSCO.O) said on Tuesday it would buy OpenDNS, a privately held cloud-based security company, for $635 million in cash and equity awards to beef up its security business." << might as well consolidate the crown corps, save on letterhead.
(trilema) pete_dushenski: "Cisco Systems Inc (CSCO.O) said on Tuesday it would buy OpenDNS, a privately held cloud-based security company, for $635 million in cash and equity awards to beef up its security business." << might as well consolidate the crown corps, save on letterhead.
(trilema) ascii_field: not really. if you invoke dns at all in a glibc proggy, you get the libnss idiocy
(trilema) davout: and that was possible before? before the removal of dns crud?
(trilema) ascii_field: davout: there is no longer any invocation of dns (in my set)
(trilema) davout: and that dns stuff works with uclibc?
(trilema) ascii_field: well, previously bitcoin ~actually invoked~ dns
(trilema) davout: but it wasn't possible before because of the dynmic dns glibc crap or do i misunderstand something here?
(trilema) mod6: If you stripped out all of the DNS stuff and then did a build with gcc/glibc I'm thinking that would get us where we want to be; sounds like you've done that!
(trilema) mod6: <+asciilifeform> now what i can't remember is whether mod6 already had this orchestra working <+asciilifeform> (with glibc+static) << v0.5.3.1-RELEASE basically is not true "static" build because of the gethostbyname() (DNS/libnss) calls in there. but was trying to build static bitcoind with uclibc/gcc on gentoo, was hitting a problem described here before. If you stripped out all of the DNS stuff and then did a build with gcc/glibc I'm thinkin
(trilema) asciilifeform: afaik can't do dns at all with static glibc
(trilema) decimation: but with dns
(trilema) decimation: asciilifeform: so no dns?
(trilema) trinque: asciilifeform: yes but not made of DNS necessarily, or any particular IP
(trilema) mod6: <+ascii_field> dnsseed_snipsnip, orphange-thermonuke, orphange-tx-amputation, dns-thermonyukyoolar << oh, well you didn' say it in here ;)
(trilema) assbot: bitcoin v0.5.3.1-RELEASE + patches { dnsseed_snipsnip, orphange-thermonuke, orphange-tx-amputation, dns-thermonyukyoolar }: Main Page ... ( http://bit.ly/1GxIPbR )
(trilema) mod6: <+ascii_field> dnsseed_snipsnip, orphange-thermonuke, orphange-tx-amputation, dns-thermonyukyoolar << ok, yup, was able to extract v0.5.3.1-RELEASE and apply these four patches without incident.
(trilema) ascii_field: dnsseed_snipsnip, orphange-thermonuke, orphange-tx-amputation, dns-thermonyukyoolar
(trilema) mod6: (11:31) <+mod6> asciilifeform: I just did the following: extracted v0.5.3.1-RELEASE applied the following patches successfully { dnsseed_snipsnip, kills-integer-retardation, nubs-gentoo-sanity, orphange-thermonuke, orphange-tx-amputation, dns-thermonyukyoolar } but when I added the patch for IRC demo, got the following error:
(trilema) mod6: asciilifeform: I just did the following: extracted v0.5.3.1-RELEASE applied the following patches successfully { dnsseed_snipsnip, kills-integer-retardation, nubs-gentoo-sanity, orphange-thermonuke, orphange-tx-amputation, dns-thermonyukyoolar } but when I added the patch for IRC demo, got the following error:
(trilema) assbot: Network Tools: DNS,IP,Email ... ( http://bit.ly/1NcRhBh )
(trilema) mircea_popescu: 554 5.7.1 ACL dns_rbl; Client host [188.68.240.159] blocked using
(trilema) asciilifeform: ... /net.cpp:240: warning: gethostbyname is obsolescent, use getnameinfo() instead. << this is pre-dnsnuke, aha ?
(trilema) mod6: If we add in (officially the following): { Orphanage Thermonuke, TX Orphanage Amputation, { All DNS Thermonyukyooar Patches } }, I'd say that'd be a new milestone. And I'd propose to call it 0.5.3.2
(trilema) ascii_field: ever since i've snipped out the gavindns seeds & the hardcoded seeds from my own tree
(trilema) assbot: Logged on 21-06-2015 01:43:37; asciilifeform: ben_vulpes, mod6, mircea_popescu, et al: you now have homework. it being, to read & actually grok the sequence of 4 'dns thermonuke' patches.
(trilema) assbot: excising DNS lookups from bitcoind: asciilifeform's patches ... ( http://bit.ly/1JcR82X )
(trilema) mod6: <+asciilifeform> mod6: not sure how you intend to build a dns-using thing with uclibc << this is a chicken/egg problem yeah. maybe we can't get it fully built because of the whole gethostbyname libnss bullshit. but if we can at least ensure that it'll link properly, that's huge. then, even if it's not fully statuc because of that, we can amputate dns with your patches and retry.
(trilema) mod6: For me, doing this first is imperitive as even if the DNS amputation works, if we can't compile it with uclibc, it doesn't matter anyway.
(trilema) asciilifeform: mod6: not sure how you intend to build a dns-using thing with uclibc
(trilema) mod6: So currently, I'm trying to get gcc patched to see if we can even build the R.I. with gcc/uclibc. Would it be prudent to finish that work before moving on to testing this DNS amputation?
(trilema) asciilifeform: and removes dns disable flag from args parser
(trilema) asciilifeform: ben_vulpes, mod6, mircea_popescu, et al: you now have homework. it being, to read & actually grok the sequence of 4 'dns thermonuke' patches.
(trilema) asciilifeform: '(EXPERIMENTAL) Full DNS Thermonuke!'
(trilema) asciilifeform: see for yourself. grep your tree, case-insensitively, for 'dns' and then for 'lookup'
(trilema) asciilifeform: mircea_popescu: the objective is total removal of dns such that static build becomes possible.
(trilema) asciilifeform: also presupposes dns-zappers part 1 through 3, without which it is meaningless
(trilema) assbot: Logged on 18-06-2015 14:37:07; asciilifeform: my next experiment re: 0.5.3 is to be a complete amputation of dns (the sequence of 'amputator' patches starting with 'dns seeds' and continuing with yesterday's two is in place for this)
(trilema) asciilifeform: my next experiment re: 0.5.3 is to be a complete amputation of dns (the sequence of 'amputator' patches starting with 'dns seeds' and continuing with yesterday's two is in place for this)
(trilema) asciilifeform: (re: the latter: once dns is out, and import/export-privkey are in, i will be moving my personal nodes to therealbitcoin...)
(trilema) mod6: <+ascii_field> << you can ~already~ specify seeds on cmdline and config! all that remains is the removal of the built-in seeder crap << sure, you can do addnode or whatnot to connect to other nodes. but isn't the dyndns thing to tell others what your nodes ip address is? maybe i misunderstand ...
(trilema) ascii_field: and i say 'hey hey, ho ho,' dns 'has got to go!'
(trilema) assbot: Logged on 17-06-2015 23:10:19; mod6: <+mod6> <+ascii_field> i'm in favour of keeping the irc mechanism for now, because it will handily transplant to gossipd << i'm with you here... although, just looking through irc.cpp again.. im not sure how much of that would carry over anyhow. << regardless, it doesn't mean we have to rip it out this minute. how insane of an idea is it to just snip out the checkip.dyndns.org parts and add a commandline/confi
(trilema) mod6: <+mod6> <+ascii_field> i'm in favour of keeping the irc mechanism for now, because it will handily transplant to gossipd << i'm with you here... although, just looking through irc.cpp again.. im not sure how much of that would carry over anyhow. << regardless, it doesn't mean we have to rip it out this minute. how insane of an idea is it to just snip out the checkip.dyndns.org parts and add a commandline/configfile arg to specify external ip for
(trilema) mod6: <+ascii_field> to fully scrub out the dns invocations, will have to make the irc connector configurable on command line << not that this has to be the case now, but perhaps this could be done in the config file too.
(trilema) ascii_field: to fully scrub out the dns invocations, will have to make the irc connector configurable on command line
(trilema) ascii_field: mod6: might wanna wait for the final nail in the dns coffin
(trilema) ascii_field: next one will nuke all dns lookups entirely
(trilema) ascii_field: (dns seed remover, hard seed remover, and now showmyip,com-remover)
(trilema) ascii_field: ben_vulpes: i would like to nominate above patch (and its dependency, dns-seed-remover) for mainline
(trilema) trinque: "DNS seed changes: bitseed.xf2.org is removed as it no longer works, and seeds from Addy Yeow and Mike Hearn are (re)added to increase seed diversity and redundancy." << LOL
(trilema) mod6: the linker is saying that an R_X86_64_PC32 relocation against an undefined symbol can't be used in a shared object... maybe your removal of the dns shit fixes this. not sure. will try adding that patch as well if this next thing doesn't work.
(trilema) asciilifeform: i have a months-old patch on the ml, which got lost among the nuts and bolts, that nukes dns seeds
(trilema) asciilifeform: nubbins`: the next necessary step is the complete excision of dns from bitcoind
(trilema) mod6: Also, i believe that the removal of the dnsseed is going to be on the docket as well. but again, we'll see how it goes.
(trilema) assbot: Logged on 01-06-2015 14:53:54; mod6: <+shinohai> To whatever peers it connects to instead of specifying ip's << hi! glad you're having some success,.. I thought we added ascii's dns snip patch? Or did I mis-remember that? you did have to use "addnode=" in your bitcoin.conf right?
(trilema) assbot: Logged on 01-06-2015 14:53:54; mod6: <+shinohai> To whatever peers it connects to instead of specifying ip's << hi! glad you're having some success,.. I thought we added ascii's dns snip patch? Or did I mis-remember that? you did have to use "addnode=" in your bitcoin.conf right?
(trilema) mod6: <+shinohai> To whatever peers it connects to instead of specifying ip's << hi! glad you're having some success,.. I thought we added ascii's dns snip patch? Or did I mis-remember that? you did have to use "addnode=" in your bitcoin.conf right?
(trilema) asciilifeform: http://log.bitcoin-assets.com/?date=01-06-2015#1149602 << and kept what? the hardcoded ip seeds, of which 2 or 3 are alive? the hardcoded dns seeds, controlled by the enemy? srsly
(trilema) asciilifeform: http://log.bitcoin-assets.com/?date=29-05-2015#1147865 << good nyooz then, i'm loading the pistol to shoot the last vestiges of dns-in-bitcoin in the head as we speak
(trilema) assbot: Logged on 29-05-2015 23:43:29; mircea_popescu: this should be enough indication of the importance of dns-in-bitcoin for the shitgnome.
(trilema) mircea_popescu: not just from a "must be in there for we need all the dns-carried pores imported via glibc etc", but also in the much lower level "who's in charge of the it!!1" thing
(trilema) mircea_popescu: this should be enough indication of the importance of dns-in-bitcoin for the shitgnome.
(trilema) mircea_popescu: asciilifeform incidentally, the one interesting tidbit in all this : one difference between current bitcoin and hearn-bitcoin is that the latter replaces Jeff Garzik's DNS seed with the seed run by one Addy Yeow.
(trilema) asciilifeform: every idiot dependency that just adds retardation (e.g., dns)
(trilema) cazalla: remidns me, i need to get my pogo up and going
(trilema) ben_vulpes: "The net result was that all Bitcoin nodes (lightweight and heavyweight) on the local Wi-Fi network were unable to connect to any Bitcoin nodes except for the local node, which they discovered via DNS." << and this is an argument for dns in core *how*?
(trilema) ben_vulpes: "so I poisoned the DNS and rejected all outbound connection attempts on port 8333, to force all the wallets to connect to a single local full node, which had connectivity to a single remote node over the Internet. Thus, all the lightweight wallets at the festival had Bitcoin network connectivity, but we only needed to backhaul the Bitcoin network's transaction traffic once."
(trilema) ben_vulpes: pnohe does not want to resolve dns even apparently
(trilema) mircea_popescu: williamdunne "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process
(trilema) mod6: <+jurov> but gpg pubkeys are not practical for replacing DNS. what if you want to tranfer the name? << then there would be a deed detailing the transfer of the name to a new key fingerprint?
(trilema) jurov: but gpg pubkeys are not practical for replacing DNS. what if you want to tranfer the name?
(trilema) mircea_popescu: nah, dns is dumb
(trilema) kakobrekla: uniregistry dns
(trilema) kakobrekla: dns cant do url rewrites
(trilema) assbot: Reverse IP Lookup - ViewDNS.info ... ( http://bit.ly/1AJG5FN )
(trilema) asciilifeform: http://kobolt.dyndns.org/infocenter/index.php?article=8 << otp is perennial favourite of folks writing own cipherator
(trilema) decimation: yeah, it's rather annoying to hit the keyserver dns 'carousel'
(trilema) mircea_popescu: admin of what ? bitcoin ? the wiki you linked ? the dns system ?
(trilema) BingoBoingo: Yeah, Depreciate all the DNS
(trilema) BingoBoingo: Oh, look at this OpenSSH change: "sshd(8): UseDNS now defaults to 'no'. Configurations that match against the client host name (via sshd_config(5) or authorized_keys) may need to re-enable it or convert to matching against addresses." http://www.openbsd.org/57.html
(trilema) mircea_popescu: o wait, we're obsoleting dns huh. nm.
(trilema) mircea_popescu: dns propagation's a minute nowadays.
(trilema) ascii_field: mircea_popescu: dns switched over, will propagate eventually
(trilema) ascii_field: anyway it works. time to move the dns
(trilema) mod6: is that releated to his patch that removes the dns stuff?
(trilema) jurov: iirc alf avoided it somehow, while throwing out all DNS stuff, too
(trilema) jurov: mod6 i can explain, too. to support different configurations for DNS/users/whatever resolving without glibc recompilation and without interprocess communication
(trilema) fluffypony: not unless you have their DNSSEC private keys
(trilema) mircea_popescu: so if i posion dns cache, can i also steal payments for that domain ?
(trilema) fluffypony: (preferably with dnscrypt-proxy running, and point it at that)
(trilema) mircea_popescu: "By leveraging DNSSEC we are able to prevent MITM-style attacks on an alias." doesn't tell me very much.
(trilema) fluffypony: as long as it treats a DNSSEC as a hard fail it can
(trilema) fluffypony: that said, a DNSSEC fail is a soft fail (as not all zones support DNSSEC at this stage) - so it'll present the address for user validation
(trilema) fluffypony: since DNSSEC follows a signature chain back to the root zone your ISP's DNS server can't fake the record
(trilema) fluffypony: the registrar doesn't set DNS records, necessarily, only what the nameservers are (ie. SOA)
(trilema) mircea_popescu: fluffypony that aside, how does this thing solve situatiosn where dns zones are ambiguous ? (say registrar and host don't match)
(trilema) asciilifeform: vpn over dns to a real box, say
(trilema) ben_vulpes: mircea_popescu, mod6 (others tracking the DNS seed thread as well): i'd like to hear from you all as well
(trilema) funkenstein_: am i correct in summing up turd polishing discussions, that once DNS is fully removed static linking will be back on the table?
(trilema) ascii_field: when i did a tour of duty as a perversely purposeless employee of university, the cellar below my office, one flight of steps down, was a dns root serv. peculiarly well-guarded and fortified for something so low-traffic (root dns servs get used hardly ever)
(trilema) ascii_field: dns is pure gold as a pwnhole vector, incidentally
(trilema) decimation: it only uses 'files' and 'dns'
(trilema) decimation: apparently uclibc has a dns client that opens /etc/resolv.conf itself, built into the code
(trilema) ascii_modem: though i'm pretty sure it left a dns turd in somewhere - so a bit odd, this
(trilema) nubbins`: oh right, yeah, the dns-snip patch killed that
(trilema) ascii_modem: until killed the dns crap
(trilema) ascii_modem: mircea_popescu: dns in general , aha
(trilema) decimation: 6) uClibc does not support NSS (/lib/libnss_*), which allows glibc to easily support various methods of authentication and DNS resolution. uClibc only supports flat password files and shadow password files for storing authentication information. If you need something more complex than this, you can compile and install pam.
(trilema) decimation: it kinda makes sense in its own retarded way - say you want to use sun's 'nis' rather than dns for name resolution
(trilema) mircea_popescu: and yes that means dns is not implemented. which it isn't, whether this kludge is available or not.
(trilema) mircea_popescu: "o but dns wouldn't work anymore" "fuck you"
(trilema) asciilifeform: if we nix -all- invocations of dns
(trilema) mircea_popescu: no but that it can't link statically because it's what it is, like dns.
(trilema) nubbins`: i haven't verified that you necessarily need to apply the dns snip patch for it to compile on gentoo
(trilema) asciilifeform: nubbins`: i must remind readers that my 'dns snip' patch does not remove all usage of dns from bitcoin
(trilema) nubbins`: that was my latest, right? after i applied the kill int and dns snip patches
(trilema) assbot: Logged on 02-04-2015 21:50:57; asciilifeform: bitcoin does not need dns for anythign!
(trilema) assbot: Logged on 02-04-2015 15:17:35; asciilifeform: my dns seed snip patch never made it in the realease, did it
(trilema) asciilifeform: (dns removal. but one more tumour growth left, the external-ip getter)
(trilema) mircea_popescu: so far, i'm a) chasing whoever the fuck broke the world by making an idiotic libnss and b) unconvinced the problem's more than that dns bs.
(trilema) nubbins`: ^ with asciilifeform's kill-integer and dns-snip patches
(trilema) asciilifeform: ^ dns query !!
(trilema) asciilifeform: now that i read that patch, i notice that it does not eliminate -all- occurrences of the dns crapolade
(trilema) asciilifeform: once you dump dns seeder, you gotta have some live nodes (!!!) in the seed list
(trilema) asciilifeform: bitcoin does not need dns for anythign!
(trilema) asciilifeform: apply dns-zap patch.
(trilema) jurov: and without(gasp) recompiling libc or running dns servers!
(trilema) jurov: butbutbut we need to support dns resolving with mongodb(r)(tm)!!!
(trilema) asciilifeform: in many cases (quite arguably dns included) the turd was an ad-hoc hack from the days of arpa but was cemented in place because guess-why.
(trilema) mircea_popescu: "why do we have dns ? it sucks! " "yes but that's how nsa could figure out how to diddle via libnss"
(trilema) mircea_popescu: "there's nothing wrong with pki, it just fixes dns."
(trilema) asciilifeform: mircea_popescu: in so far as i can tell, the problem in question is entirely shot in the head by my dns removal patch.
(trilema) asciilifeform: 'hey hey, ho, ho,' dns in bitcoind 'has got to go!!'
(trilema) asciilifeform: my dns seed snip patch never made it in the realease, did it
(trilema) mircea_popescu: "Please note that due to security reasons from this release on the minimal mDNS stack included in nss-mdns (dubbed "legacy") is no longer built by default. Thus, nss-mdns will not work unless Avahi is running!"
(trilema) decimation: yes, the traditional glibc/dns client shit is quite turdly
(trilema) decimation: I gather the warning means that it will probably work on the system on which it is built but if you move it to a different system (the binary) you might not be able to resolve dns properly
(trilema) trinque: I'm thinking deedbot wants something other than http and dns if it is to survive
(trilema) assbot: DEF CON 19 - Artem Dinaburg - Bit-squatting: DNS Hijacking Without Exploitation - YouTube ... ( http://bit.ly/1D0Xyy3 )
(trilema) mircea_popescu: who the fuck hijacks blog dns's ? and also... www just goes to plain domain.
(trilema) mircea_popescu: you must have some weird dns issue ? what's the perceived ip ?
(trilema) mod6: so it turns out that debian didn't need the -nodnsseed flag, but gentoo did just like you ran into with ubuntu, i wanna make a comment on that in the address perhaps.
(trilema) mod6: danielpbarron: and yah, im pulling blocks, need -nodnsseed though
(trilema) mod6: ok one last thing before I rebuild... I needed to add the "-nodnsseed" to bitcoind upon start up otherwise it would just start and exit without doing anything
(trilema) ascii_field: usg has real time iron control over all of dns.
(trilema) nubbins`: hardcode DNS servers and fill the seed list w/ hostnames instead of ips
(trilema) nubbins`: <gmaxwell> ugh: http://www.reddit.com/r/Bitcoin/comments/30562s/bitnodes_will_be_releasing_plug_play_bitcoin_node/ ... we removed bitnodes as a dnsseed in bitcoin core because they kept engaging in sketchy behavior, and IMO dishonest. (e.g. we'd ask them to stop connecting at super high frequency to monitor every node in the network, and they said they would.. and a month later they instead had a perpetual
(trilema) asciilifeform: aha so it's pointing straight at phoundation's dns
(trilema) asciilifeform: and did the dns seed snip ever get merged ?
(trilema) nubbins`: (you'd be amazed how many people who don't know what DNS stands for know what it does these days)
(trilema) nubbins`: given that more people are familiar with changing DNS servers as a result of wanting to watch american netflix, you'll see the turnaround on these things get shorter
(trilema) kakobrekla: idk imma guess they just change the native dns and using an alternative one fixes this
(trilema) assbot: The Blocking Point - Maria Konovalenko ... ( http://bit.ly/198DnSh )
(trilema) mircea_popescu: http://log.bitcoin-assets.com/?date=19-03-2015#1057898 << easy my foot. i hope you try and think you succeeded and then automate it and then i rape you with dns poisoning.
(trilema) mod6: ;;later tell jurov The mailing list is still snarffing messages. The dns fix didn't seem to help.
(trilema) mod6: <+jurov> mod6 sorry, dns problem, fixed << ahh, awesome. not a problem. Thanks!
(trilema) jurov: mod6 sorry, dns problem, fixed
(trilema) ben_vulpes: a right, asciilifeform excised the dns.
(trilema) ben_vulpes: dns is on the chopping block, etc.
(trilema) assbot: ​Lenovo website DNS record hijacked | ZDNet ... ( http://bit.ly/1ALV4Rg )
(trilema) assbot: The Last Psychiatrist: Kerouac's On The Road: The 50th Anniversary Of A Book I Had Not Read ... ( http://bit.ly/19KDnsu )
(trilema) assbot: Register international domain names - Registration in 600+ extensions | EuroDNS ... ( http://bit.ly/19ENIX9 )
(trilema) mircea_popescu: mike_c: anybody ever use https://www.eurodns.com << i think i got something thourhg them a few years ago. nothing terrible.
(trilema) mike_c: jurov: yeah, the ones i am looking at don't require that. eurodns is offering them for sale, I have just never heard of them.
(trilema) assbot: Register international domain names - Registration in 600+ extensions | EuroDNS ... ( http://bit.ly/1LeOXrF )
(trilema) mike_c: anybody ever use https://www.eurodns.com? i'm trying to get some obscure country domain names.
(trilema) mircea_popescu: that soudns too much like work.
(trilema) herbijudlestoids: so far: squid, ldap, kerberos, djbdns, postfix, and today i finished setting up nginx and getting "A" score on the qualys ssl test
(trilema) brendafdez: i did read the DNS post, thankfully my own name and the domain i use for pretty much everything start with br already
(trilema) thestringpuller: i got ddosed I think. AT&T claimed it was a power surge on their DNS server rack but that didn't make sense
(trilema) assbot: Ralink RT5350 - WikiDevi ... ( http://bit.ly/1DnSR0J )
(trilema) punkman: ben_vulpes: I had one of BingoBoingo's nodes plus dnsseed
(trilema) mircea_popescu: "combining nspawn (containers) and networkd (dhcp) allows for easier network management of containers. Networkd can also run inside the container. Outside the container networkd can pick a free DHCP IP for that container. Allows v4 to v6 network masquarading automatically. Does not involve dnsmasq, everything is routed via IP on the kernel (no bridging)."
(trilema) mircea_popescu: it really is better designed dns.
(trilema) mircea_popescu: it's lightweight, large and dependable. all the qualities the dns letters don't actually have.
(trilema) mircea_popescu: i don't see the letter dns servers perceive any need for putting my fucking ip in their list anywhere.
(trilema) decimation: asciilifeform: looks like we are gonna have to invent our own dns :/
(trilema) asciilifeform: mircea_popescu: as it is, it's a fallback after dns (snipped in patch i proposed last night) and irc mechanizms.
(trilema) mircea_popescu: is dnsmasq even standard in ubuntu ?!
(trilema) mircea_popescu: esp since... well... so dnsmasq will get killed by kernel
(trilema) punkman: maybe have a list of dnsseeds with signed node lists baked in the source
(trilema) asciilifeform: phoundation's bitcoind does keep a cache of known nodes, it appears. but still uses dns seeds and hardcoded ip list for initial warmup.
(trilema) asciilifeform: mine (with dns seds nixed) ends up finding them on irc.
(trilema) asciilifeform: but we can't zap both it and the dns seeder (already submitted zap for the latter) without a fresh list of seeds
(trilema) asciilifeform: dns is not only a thin and centralized neck to squeeze, it is controlled almost entirely by usg
(trilema) asciilifeform: dns-based << i nominated it for death
(trilema) mike_c: dns-based
(trilema) asciilifeform: dnsseed snip should work for -any-, as it only concerns net.cpp
(trilema) punkman: asciilifeform: the dnsseed-snip is for the portatronic branch right?
(trilema) punkman: and dnsseed
(trilema) mod6: asciilifeform: thanks for the submission for removal of dnsseed
(trilema) PeterL: Rather than having all the magic numbers hard coded into the RI, should there be some sort of config file? Stuff like the DNS seeds, number of bastard blocks to hold onto, number of connections to make, etc?
(trilema) assbot: It's 2015, and we can't even resolve DNS without accidentally executing code :(
(trilema) mircea_popescu: either that or dnsmasq to root them to localhost.
(trilema) mircea_popescu: decimation for sure, making it plain that bitcoin isn't a sort of http / pki / dns / ietf / whatever captive protocol in the courtyard of some us dependent or another is quite valuable. first and foremost for bitcoin.
(trilema) mircea_popescu: we stand against dns and against govt-sponsored pki schemes. their combination is not likely to resolve that.
(trilema) assbot: Against DNSSEC — Quarrelsome ... ( http://bit.ly/1yvXP9N )
(trilema) mats: !s dnssec
|
Download hourly DB snapshot | Get Source Code