(trilema) mircea_popescu: (oh and since we're on usg tools : nominum, nsa's shell company used in the "community consensus" building of the reformed dns system etc, ended up parked in akamai's basement for "an undisclosed amount" earlier this year. which is how these work and why they exist in the first place.)
(trilema) asciilifeform: in other ffaism, http://wotpaste.cascadianhacker.com/pastes/tdnsL/?raw=true
(trilema) trinque: chrome btw caches dns internally iirc
(trilema) trinque: looks like something fucky with their DNS setup, possibly one or more of the servers in rotation is misconfigured
(trilema) asciilifeform: ( or did BingoBoingo re-dns it ? )
(trilema) asciilifeform set dns to 91.218.246.33 .
(trilema) spyked: dig through Google DNS: 91.235.136.108; dig through romtelecom DNS: 91.228.152.189; so yeah, mircea_popescu might be on to something here. spyed flushes dns caches.
(trilema) mircea_popescu: this dns thing...
(trilema) spyked: phf, nope. ro. so... let's try some more dns servers.
(trilema) spyked: ftr, I have archive.is in hostsfile with a different IP than the one currently returned by DNS, and not getting a cloudflare page.
(trilema) phf: it was confusing because i was getting legitimate cloudflare issues all the while i was in russia. now i wonder if it's some dns "firewall" propagation issue
(trilema) asciilifeform: mircea_popescu: as i see it, the dersturmer+dns folx are fixated on 'pushing', i.e. 'if i use raw ip, how will audience who sits with open mouths waiting for rain, know where the replacement box lives if isp evicts'
(trilema) asciilifeform: lol still feeding dns beast
(trilema) lobbes: DNS error on my end as well
(trilema) trinque: dns error on my end. IP up?
(trilema) asciilifeform: eh dns snoar
(trilema) jhvh1: mircea_popescu: Simple DNS Plus: <http://simpledns.com/>; MaraDNS - a small open-source DNS server: <http://www.maradns.org/>; Dual DHCP DNS Server download | SourceForge.net: <https://sourceforge.net/projects/dhcp-dns-server/>
(trilema) mircea_popescu: !~google dns masquerade for windows
(trilema) asciilifeform: ah trinque you meant the incaism of dns etc
(trilema) trinque: why make dns better rather than murder leaving no trace?
(trilema) trinque: sure, got even a local cache of DNS sitting here
(trilema) asciilifeform: then dns will still exist 100y from nao
(trilema) asciilifeform: pov is from area denial op ( kill dns as a thing perceived to be required by the cattle ) rather than 'for republic', was what i thought
(trilema) mircea_popescu: trinque check their lulz dns announcement btw. round robin of same ips.
(trilema) mircea_popescu: the whole dns bullshit is just "convenience" built on top of the system, which then conveniently allows the pantsuits to play tricks like these, and idiots to believe in pantsuit power.
(trilema) asciilifeform: specifically monkeystani dns
(trilema) asciilifeform: thread was about dns, wasnnit.
(trilema) mircea_popescu: how about use a better resolving scheme if you're the special sort of ... ahem that uses dns in the first place.
(trilema) mircea_popescu: your dns is even shittier than previously thought.
(trilema) deedbot: http://phuctor.nosuchlabs.com/gpgkey/2B2458231AF1BE96E2DA3BF3D854A4127510AB16FEF900B4C2BED23EDBEE94BE << Recent Phuctorings. - Phuctored: 1422...1523 divides RSA Moduli belonging to '200.52.12.131 (ssh-rsa key from 200.52.12.131 (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt>; ' (dns1.axtel.net. MX NLE)
(trilema) deedbot: http://phuctor.nosuchlabs.com/gpgkey/2B2458231AF1BE96E2DA3BF3D854A4127510AB16FEF900B4C2BED23EDBEE94BE << Recent Phuctorings. - Phuctored: 1745...6777 divides RSA Moduli belonging to '200.52.12.131 (ssh-rsa key from 200.52.12.131 (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt>; ' (dns1.axtel.net. MX NLE)
(trilema) BingoBoingo: The Daily DNS Change guy
(trilema) BingoBoingo: <asciilifeform> BingoBoingo: do you have a link to the pantsuit dns-dekulakization of the 'alt right' people ? i can't be arsed to wade through the sewers to find the orig subj << Here's one https://arstechnica.com/tech-policy/2017/08/shunned-by-godaddy-and-google-racist-daily-stormer-moves-to-russian-domain/
(trilema) asciilifeform: BingoBoingo: do you have a link to the pantsuit dns-dekulakization of the 'alt right' people ? i can't be arsed to wade through the sewers to find the orig subj
(trilema) a111: Logged on 2015-07-16 04:24 asciilifeform: gentlemen, please welcome zoolag.ddns.net - a therealbitcoin/stator node.
(trilema) asciilifeform: !~later tell danielpbarron 208.94.116.204loper-os.org unfortunately won't work : nsf co uses dynamic dns and thing won't even load correctly if requested by today's ip ( that's how they send ddos to hell on the cheap, long before there was shitflare etc )
(trilema) asciilifeform: ( you can't dns from a statically linked glibc. but this does not bother me )
(trilema) deedbot: http://phuctor.nosuchlabs.com/gpgkey/BD9C3B8922865EF3611398E882E6EED96E77A5FC17B29E50A29915F8B7D0875A << Recent Phuctorings. - Phuctored: 1733...4117 divides RSA Moduli belonging to '88.80.194.26 (ssh-rsa key from 88.80.194.26 (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt>; ' (vcvps476.vcdns.de. DE NW)
(trilema) deedbot: http://phuctor.nosuchlabs.com/gpgkey/BD9C3B8922865EF3611398E882E6EED96E77A5FC17B29E50A29915F8B7D0875A << Recent Phuctorings. - Phuctored: 1362...5743 divides RSA Moduli belonging to '88.80.194.26 (ssh-rsa key from 88.80.194.26 (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt>; ' (vcvps476.vcdns.de. DE NW)
(trilema) asciilifeform: lol dns seeds
(trilema) shinohai: All signs point to this .... blockchain.info is added as DNS seed for segwit2x in recent commits on shithub
(trilema) mircea_popescu: reasonably bright, diligent fellow, who also happens to http://trilema.com/2016/please-stop-using-dns-already-and-other-considerations/#selection-711.0-711.610 ended up believing himself 1. NOT in a position to evaluate a claim as to distance because he "can not calculate drag from the human body" ; and then consequently 2. ACCEPT some wikitardation as legitimate on the basis that a) he's impotent (as demonstrated by his cont
(trilema) asciilifeform: in other, not wholly unrelated, lulz, '...out-of-bounds write in systemd-resolved in Ubuntu, which is possible to trigger with a specially crafted TCP payload. ... Certain sizes passed to dns_packet_new can cause it to allocate a buffer that's too small. A page-aligned number - sizeof(DnsPacket) + sizeof(iphdr) + sizeof(udphdr) will do this... A malicious DNS server can exploit this by responding with a specially crafted TCP payload
(trilema) ben_vulpes: mod6: yeah, i bitched about that a day or so ago; now i have stale dns
(trilema) shinohai: Only mETH heads can make DNS shittier than it already is.
(trilema) shinohai: The Ether DNS seems to still be in exact same shape as I wrote about weeks ago: https://github.com/ethereum/ens-registrar-dapp/issues/128#issuecomment-301561198
(trilema) asciilifeform: trinque: 'ban ip' in context referred to 'ban port', 'reject dns', or whatever other machinations.
(trilema) asciilifeform: which twiddles the dns, silently, and serves up the correct d00d's site based on url requested.
(trilema) asciilifeform: but admittedly i don't mp-dns.
(trilema) Framedragger: easiest way of doing this if it were to return a non-dns-poisoned ip, as in, trilema.com/stuff1.tgz => 45.56.78.91/stuff1/
(trilema) mircea_popescu: can certainly exfiltrate via dns timing etc.
(trilema) mircea_popescu: trinque more like, yet another case of bad dns implemented ad-hoc by pretenders.
(trilema) mircea_popescu: Framedragger yeah, not sure how much work i want expended to support nickserv's fiatista notions of dns.
(trilema) Framedragger: (iirc pinspb hosts, or is related to 2x4 dns boxes. would need to dig up)
(trilema) mircea_popescu: in order to... use it as ddns!
(trilema) pete_dushenski: "Even without Bitmain being malicious, the API is unauthenticated and would allow any MITM, DNS or domain hijack to shutdown Antminers globally. Additionally the domain in question DNS is hosted by Cloudflare making it trivially subjected to government orders and state control.
(trilema) Framedragger currently checking ripe db etc to see how 2x4 hosts things. their dns servers are legally in seychelles.. etc.
(trilema) asciilifeform pictures a 'no dns!' hoster
(trilema) ben_vulpes: dude realdonaldtrump is the only thing hanging off the twitter entry in imperial dns worth reading and that only for lolz and admiration of a grade a 'social media' mastery
(trilema) shinohai reset all their DNS servers to google's
(trilema) shinohai: Perhaps they will find bright minds to repair their replacement DNS, which broke in a day.
(trilema) asciilifeform: lulcoinz: it's the bitcoin you used in 2011. ~21,000 lines, and shrinking. ( and no 'headers-first' pseudo-verification idiocy, no leveldb, no p2sh, no githubism, no dns, no glibc, various other 'noes'. large collection of exquisite noes.)
(trilema) mircea_popescu: Jan 25 02:21:50 * novusordo (~wut@dns.mullvad.net) has joined #bitcoin-otc << that's feb 2012.
(trilema) Framedragger: how do you amplify udp? i guess application-layer-specific stuff like bittorrent's uTP (which has some amplification vuln shit iirc), etc.; also, dns
(trilema) asciilifeform: if masquerading as, e.g., dns crapola, becomes important, then can set udp's
(trilema) a111: Logged on 2017-01-24 00:58 trinque: gonna DNS at all, might as well do it at the most-fed ministry
(trilema) asciilifeform: 'IOC/ECG's Advanced Forensic Division (AFD) performed an analysis of Hive version 2.5 network communications to assess its likelihood of detection.The results of this analysis are found in document AFD-2012-0973-2. In summary, AFD was able to create signatures for DNS, ICMP, and TFTP triggers; found that the TCP and UDP triggers did not adhere to their respective protocol standards; and further found that the TCP and UDP triggers eac
(trilema) a111: Logged on 2017-02-07 20:05 mircea_popescu: i don't use their dns.
(trilema) mircea_popescu: i don't use their dns.
(trilema) ben_vulpes: i was working to minimize dns dependency there.
(trilema) shinohai: Building Republican dns one piece at a time.
(trilema) mircea_popescu: the tmsr dns is getting ever meatier.
(trilema) a111: Logged on 2017-01-24 00:58 trinque: gonna DNS at all, might as well do it at the most-fed ministry
(trilema) a111: Logged on 2017-01-24 00:39 ben_vulpes: http://btcbase.org/log/2017-01-23#1606168 << this will be VERBOTEN HATE SPEECH but amazon's registration and dns record handling is entirely adequate
(trilema) trinque: gonna DNS at all, might as well do it at the most-fed ministry
(trilema) ben_vulpes: http://btcbase.org/log/2017-01-23#1606168 << this will be VERBOTEN HATE SPEECH but amazon's registration and dns record handling is entirely adequate
(trilema) asciilifeform: there is afaik no useful reason to migrate, dnsism is a straight 'strip mine' business model (lure in chumps, then turn scammer and fleece'em) afaik.
(trilema) mircea_popescu: namecheap.com, the world's biggest functiona ux ajax website, agreed to pay $randomnumber and admitted to being unable to safely store data even as idiots fucked around on the lone dnssec-mysql server.
(trilema) phf: http://btcbase.org/log/2017-01-14#1602641 << that doesn't sound right, according to http://btcbase.org/hash/B7EFBC0CE8EB70C04B3B0F713AA9DBEACF9DFE913BE38D32AE83A9EB63024F752C4B98DF5E019378E721A9B4C6A1E6466797CAA1B0B80B4D672771DCFD8C5202 init.cpp is provided by dnsseed_snipsnip
(trilema) mod6: asciilifeform_dns_thermonyukyoolar_kleansing.vpatch
(trilema) mod6: so those four, are vpatches that touch the same files that "asciilifeform_dns_thermonyukyoolar_kleansing.vpatch" touches.
(trilema) mircea_popescu: either it depends on the whole tree up to it, ie genesis, asciilifeform.1, rm_rf, asciilifeform.2, asciilifeform.4, dnsseed_snip, zap_hardcoded
(trilema) mod6: bitcoin-asciilifeform.4-goodbye-win32.vpatch, asciilifeform_dnsseed_snipsnip.vpatchasciilifeform_zap_showmyip_crud.vpatchgenesis.vpatch
(trilema) mod6: so technically, yeah, "asciilifeform_dns_thermonyukyoolar_kleansing.vpatch" has four antecedents.
(trilema) mod6: ah, since there are more than one graph edge, it must be clobbered as well, "asciilifeform_dns_thermonyukyoolar_kleansing.vpatch", I mean.
(trilema) mod6: There is an edge betwee"bitcoin-asciilifeform.4-goodbye-win32.vpatch" and "asciilifeform_dns_thermonyukyoolar_kleansing.vpatch" which causes my V to think that "asciilifeform_dns_thermonyukyoolar_kleansing.vpatch" still belongs in the flow.
(trilema) mod6: This vpatch can not press correctly: http://thebitcoin.foundation/v/patches/asciilifeform_dns_thermonyukyoolar_kleansing.vpatch
(trilema) mod6: I expected "asciilifeform_dnsseed_snipsnip.vpatch""asciilifeform_zap_hardcoded_seeds.vpatch", and "asciilifeform_zap_showmyip_crud.vpatch" to be removed from the flow.
(trilema) mod6: So basically, the deal is, that when using TRB, I have one user in my wot, say "mod6", and I drop out a vpatch from the flow, say "asciilifeform_dnsseed_snipsnip.vpatch" by moving it's seal to "asciilifeform_dnsseed_snipsnip.vpatch.mod6.sig.foobar", then I expected a few things to happen.
(trilema) deedbot: http://phuctor.nosuchlabs.com/gpgkey/E7AD433551E8685B6C4269A2AA6E66E19F80FB175F3F0A4DE9756009B0D8166F << Recent Phuctorings. - Phuctored: 1509...9469 divides RSA Moduli belonging to '77.245.149.177 (ssh-rsa key from 77.245.149.177 (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt>; ' (host177.b6.trdns.com. TR)
(trilema) deedbot: http://phuctor.nosuchlabs.com/gpgkey/E7AD433551E8685B6C4269A2AA6E66E19F80FB175F3F0A4DE9756009B0D8166F << Recent Phuctorings. - Phuctored: 1673...8977 divides RSA Moduli belonging to '77.245.149.177 (ssh-rsa key from 77.245.149.177 (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt>; ' (host177.b6.trdns.com. TR)
(trilema) deedbot: http://phuctor.nosuchlabs.com/gpgkey/B61DE077CA576574EA1207D6CCF135C8E4622FEC03B93D53A1EAC206A4F87AD2 << Recent Phuctorings. - Phuctored: 1735...3309 divides RSA Moduli belonging to '193.109.243.18 (ssh-rsa key from 193.109.243.18 (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt>; ' (dns.stueberl.de. DE)
(trilema) deedbot: http://phuctor.nosuchlabs.com/gpgkey/8980B19029D6B2929ABA90C5FB197112AF6124A18457CC7752DDFB494130F7BB << Recent Phuctorings. - Phuctored: 1687...1889 divides RSA Moduli belonging to '207.234.146.149 (ssh-rsa key from 207.234.146.149 (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt>; ' (207-234-146-149.ptr.primarydns.com. US FL)
(trilema) ben_vulpes: glyf.org dns servers not working for anyone else?
(trilema) jhvh1: mircea_popescu: What is punycode ? - Learn how to use punycode to register IDNs at ...: <https://www.dynadot.com/community/help/question/what-is-punycode>; Punycoder - the IDN / Punycode converter: <https://www.punycoder.com/>; RFC 3492 - Punycode : A Bootstring encoding of Unicode for ...: <https://tools.ietf.org/html/rfc3492>
(trilema) ben_vulpes: but anything with google in the dns is not hosted what madness are you spouting
(trilema) trinque: know what, those reverse dns and geolocation lookups shouldn't even be on the gpg keys, and I don't see yet what it's matching in them.
(trilema) a111: Logged on 2016-12-27 01:44 mircea_popescu: Framedragger you're going towards the republican dns / unified name registry thing
(trilema) mircea_popescu: Framedragger you're going towards the republican dns / unified name registry thing
(trilema) mod6: asciilifeform_dnsseed_snipsnip.vpatch:
(trilema) mod6: which says to me, that it was orphand off from dnsseed
(trilema) mod6: <+asciilifeform> mod6: look here: asciilifeform_zap_hardcoded_seeds.vpatch should have been orphaned in your flow << i think it actually is, quite: when I have the sig for dnsseed moved to duck-fuck-soup, and i check the ante and desc for zap_hardcoded:http://dpaste.com/2QCN3Y4.txt
(trilema) mod6: mine has another arrow going to dns_thermonyukyoolar_kleansing
(trilema) mod6: yes, flow is wrong because 'asciilifeform_dnsseed_snipsnip.vpatch' is missing.
(trilema) asciilifeform: when you zapped the sig for asciilifeform_dnsseed_snipsnip.vpatch
(trilema) mod6: <+mircea_popescu> mod6 why's the hash mismatching ? << upon checking the output hash from the pressing of asciilifeform_zap_hardcoded_seeds.vpatch, it failed. because this patch depends on asciilifeform_dnsseed_snipsnip.vpatch which was not in the flow, because it was renamed 'duck-fuck-soup.vpatch'.
(trilema) asciilifeform: meanwhile on spam planet, https://archive.is/YxNQq >> 1 standard dnsoil ftw.
(trilema) trinque: asciilifeform: release gossipd already so I can write a DHT for it !1!!1 solves WoT, solves "DNS", solves ...
(trilema) pete_dushenski: http://archive.is/uGJTp << 'cybercriminals' going under the 'avalanche' banner are 'dismantled' by doj, europol, eurojust and... icann. moar dns plz!
(trilema) deedbot: http://phuctor.nosuchlabs.com/gpgkey/EE6440B35451CC5447607C04C7DEA4AB3D37F134168ABC3ABE6B9361A5F581DD << Recent Phuctorings. - Phuctored: 1386...2457 divides RSA Moduli belonging to '207.234.129.246 (ssh-rsa key from 207.234.129.246 (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt>; ' (207-234-129-246.ptr.primarydns.com. US FL)
(trilema) deedbot: http://phuctor.nosuchlabs.com/gpgkey/EE6440B35451CC5447607C04C7DEA4AB3D37F134168ABC3ABE6B9361A5F581DD << Recent Phuctorings. - Phuctored: 1585...2717 divides RSA Moduli belonging to '207.234.129.246 (ssh-rsa key from 207.234.129.246 (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt>; ' (207-234-129-246.ptr.primarydns.com. US FL)
(trilema) trinque: I have a hard time seeing how a single DNS record within the set could accidentally be missing.
(trilema) ben_vulpes: http://cyber.dealing.ninja/ << not even kidding dns entries cropping up in #b-a
(trilema) Framedragger: i guess you are implying a non-centralized tmsr dns, in which case one would still need to route via ip. but there could also be tmsr dht, nodes would gossip about where's key holder A hosting his site B, etc.. but not sure
(trilema) Framedragger: re tmsr dns, in principle don't see why not - it could just as well just update quite often. but not sure if gossipd is taken into account (but then not sure about ip stack either, so..)
(trilema) asciilifeform: Framedragger: i unfortunately cannot recommend it any longer, because it is guaranteed to be incompatible with any attemp at 'tmsr dns' or similar
(trilema) a111: Logged on 2016-11-24 07:41 trinque: check it out, reverse dns and geolocation
(trilema) trinque: check it out, reverse dns and geolocation
(trilema) trinque: not that usg.dns is in my wot...
(trilema) trinque: yeh, dnspython does that
(trilema) Framedragger: (btw, current dns does not allow for arbitrary fields the way you think it does; it does have a TXT type of record, but that's not the same; types of records are baked-in in the sense that they have magical IDs to be specified at dns payload header. obvs this cannot stand!)
(trilema) mircea_popescu: gns is not dns ; it will hold any symbols you realise.
(trilema) mircea_popescu: just make a special field "readworthy" in your dns.
(trilema) asciilifeform: http://downdetector.com/status/google << in other lulz, guess who has dns outage today
(trilema) Framedragger: "dns"
(trilema) asciilifeform: usg.dns does not give this 'serve from somewhere else.' deliberately.
(trilema) mircea_popescu is amused how the collection of crap pisses off someone particularly. dns, rss, if it ends in s it's shit.
(trilema) mircea_popescu: still doesn't make dns not idiotic.
(trilema) mircea_popescu: we're even contemplating making a proper gns to be fed through dns pipe, much to alf's chagrin.
(trilema) mircea_popescu: to save my own pain in the future, ban syntax is /mode #trilema +b nick!other-nic@domain there's no regexp available except for the windows-* and domain identification is unreliable (may be IP, may be reverse dns on that IP, may be etc.)
(trilema) phf: seem to be, doing dig btcbase.org @ns-usa.topdns.com directly returns empty record
(trilema) mircea_popescu: phf i see : "btcbase.org (None) ns-usa.topdns.com,ns-canada.topdns.com 2013-04-29 2018-04-29 Active"
(trilema) mircea_popescu: phf i don't expect lost, but there seems to be some wtf with the dns
(trilema) mircea_popescu: anyway, use local dns will work. i guess ima put more domains.
(trilema) mircea_popescu: no it's needed because dns is such a special thing.
(trilema) Framedragger: trinque: oh god i need to delve into a longer and madder thing it seems https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=blob;f=lib/dns/resolver.c;h=74d82ae1076a80dc8edf8964b295b40d93b735d1;hb=4e8fe357a619ae2b789b15df7e3d6abf782b4a71 - goodtimes
(trilema) Framedragger: mircea_popescu: oh you can't even imagine how many 'additional' data fields domain needs to be actually usable by current dns clients. everything from start of authority to multiple TTLs etc. and that's the saner part of things...
(trilema) mircea_popescu: by and large extant dns is a large pile of dried crap
(trilema) trinque: sounds like it calls for reading some DNS server code.
(trilema) Framedragger: can this be used to approximate the frequency of dns requests to that nameserver? :p
(trilema) Framedragger: curious: when looking at dns round robin, i found out that some nameservers - of those who do round robin, i.e. permuting list of say dns A records - sometimes do not shuffle them around, if dig'd in quick succession.
(trilema) BingoBoingo: asciilifeform: Mebbe a roundup, it's just the empire's dns bookkeeping
(trilema) asciilifeform: btw here's an exercise, tally up the mass of all of the code on your linux box that is needed to get it to where it can query dns as we knew it
(trilema) mircea_popescu: client doesn't hold the whole fucking dns db holy shit.
(trilema) mircea_popescu: last thing you fucking need is for every dns root server to have to talk to EVERY ONE for (total domain data) ^ 1/2's worth
(trilema) mircea_popescu: anyway, re-reading this dns thing, i'm not even sure what the objections are. i'm getting a morass of "why shouldn't all the things be made out of lead since lead works well for pencils" + vague extremisms trying to confuse a clear boundry (x didn't exist ; x exists) with random other things.
(trilema) asciilifeform: cannot speak for others, but i would like to use ~less~ dns and other centralized simon-says, not ~more~.
(trilema) mircea_popescu: i don't know what "this logic" is. you are currently using dns, yes ?
(trilema) asciilifeform: i.e. usg.dns but with new arse(s) in throne ?
(trilema) mircea_popescu: you send a dns request, like they work now exactly.
(trilema) Framedragger: and mp said "da fuck, I'm not going to support a dns system where some dork registered trilema", which confused me, so yeah, clarification needed, i think.
(trilema) Framedragger: http://btcbase.org/log/2016-11-15#1568014 << that's what i thought as well - i queried along the same lines: "say someone with a valid GPG key rushes to register trilema.com in the Republican DNS before yourself. I suppose that is all well and good, and you negrating the key would only be appropriate in the instance of that person
(trilema) mircea_popescu: the imperial idiots implemented this as dns, which is stupid and braindamaged, but the implementation being flawed doesn't remove the fundamental reasons, which is why i say - read that damned rfc, the things i didn't mock are actually correct.
(trilema) asciilifeform: in global namespace a la dns -- they gotta have tank battle
(trilema) mircea_popescu: to get back to the fidonet/various attempts to do independent dns etc - the very naive "symbol context" = X, be x "an identity" or whatever is a liability. you gotta just let the context be its own thing.
(trilema) mircea_popescu: that's not how it works. i got this local key-data store ; the box can't even connect via dns port.
(trilema) a111: Logged on 2016-11-15 18:37 trinque is not opposed to doing something with DNS while we still must use it
(trilema) asciilifeform: trinque: there is 'nexus of hierarchy' where we, e.g., study writings of mircea_popescu because they make sense and worth respect. and there is the other kind of hierarchy, where prb makes dns query using usg.glibc and internic root server is hardbaked into the code.
(trilema) asciilifeform: if it looks like usg dns, you have lost. definitionally.
(trilema) mircea_popescu: we call this "dns" for historical reasons. but relations to the imperial braindamaged implementation are spurious.
(trilema) mircea_popescu: "trilema.com is 4.5.6.7 according to mp. if you believe mp - then there you go". that's a dns record.
(trilema) mircea_popescu: trinque s/deedbot/dns/
(trilema) Framedragger: asciilifeform: how about: make a proof of concept name system, use it instead of current dns root server set for now, later enable every gossipd user to run their own instance of name system if they prefer the fully-decentralized-dictionary path; the initial PoC will still have been useful.
(trilema) mircea_popescu: out of band dns-over-phone is not an improvement. over anything.
(trilema) mircea_popescu: asciilifeform the fact that you can query dns server over current dns protocol and get current response does NOT create an obligation on your to do so.
(trilema) Framedragger: asciilifeform: i thought so too, but basically mircea_popescu's idea would dispatch of the whole 'dns zone' concept. there would be no 'domain' per se. dns clients could still query 'loper-os', but the server would be a simple table, with no understanding of zones or significance of "."
(trilema) asciilifeform: (incidentally, dns was cleverly designed by nato lackeys ~not to be~ cryptoencapsulable. for instance, it demands 512byte udp packet. go and wrap that in ANYTHING and see how fragments.)
(trilema) asciilifeform: unless i misunderstand, thread was about mircea_popescu's idea of recycling traditional dns, but using own root
(trilema) mircea_popescu: go find one line of code currently involved in dns in any capacity that you can prove is going to remain there.
(trilema) a111: Logged on 2016-11-15 18:19 asciilifeform: which is why i'm not terribly thrilled with strategic retreats like 'let's keep dns but with our root' etc.
(trilema) trinque is not opposed to doing something with DNS while we still must use it
(trilema) Framedragger: http://log.mkj.lt/trilema/20161115/#440 << sure, i guess. (note though that this effort would get rid of dns server code, though. and it does not obstruct one from later patching dns client code / rewriting a much more simplistic name query client.)
(trilema) asciilifeform: and also agree re dns.
(trilema) Framedragger: asciilifeform: do note that mircea_popescu's idea of keeping dns is more akin to a general WoT-enforced hashtable, update-able via (in principle) gossipd-compatible pgprams, and (for the time being) transportable over dns/udp. the latter so that dns clients can make use of it.
(trilema) asciilifeform: which is why i'm not terribly thrilled with strategic retreats like 'let's keep dns but with our root' etc.
(trilema) Framedragger: mircea_popescu: you said you generally like dns transport, but just fyi it afaik limits udp packets to 512 bytes (which iirc you hate). but i guess the term is something more like "tolerate", not "like"...
(trilema) Framedragger: mircea_popescu: i'm curious, do you currently manually add entries to your hosts file? wireshark shows so much gunk flying around. like, i've got ad blockers and everything, but still lotsa facebook dns requests all around, etc.
(trilema) Framedragger: what is nice is that the dns transport itself is quite elegant - questions/answers - one packet for query, another for answer. so transport is (in principle) compatible with session-less gossipd model, i think.
(trilema) Framedragger: oh god. dns is defined using a shitload of RFCs. but easiest way to learn of low-level transport nuances is, well, wireshark. so, wiresharking and eating cake. at the very least this will end up as (possibly) useful website comment for future adventurers.
(trilema) mircea_popescu: (likely the patch will come in the shape of a dnsmasq clone, which will handle stuff like "tld" as well as things like http://btcbase.org/log/2016-11-12#1566482 via settings etc)
(trilema) Framedragger: mircea_popescu: you'd still want r-dns to be able to serve existing dns clients though, right? i mean, things like `nslookup`, dns resolution libraries, etc - the current dns protocol? or no?
(trilema) mircea_popescu: and holy shit no you don't want to reuse dns server code oh my fucking god.
(trilema) a111: Logged on 2016-11-14 12:27 mircea_popescu: http://btcbase.org/log/2016-11-14#1566990 << there is no such thing as "tld". there's just strings. if you query r-dns for "fucksgoats" you get ip for "fucksgoats". if you query for "hurrdurr.fuckgoats" you get ip for "hurrdurr.fucksgoats". if you query for "Pwgaf,H6X/LJ8yt..OLjoNn+kyfFsOG5a?FpPbf!uxOS6" you get ip for "Pwgaf,H6X/LJ8yt..OLjoNn+kyfFsOG5a?FpPbf!uxOS6".
(trilema) Framedragger: up until this point i thought that the idea would be to use an existing dns server, for sake of ease
(trilema) Framedragger: i wonder if a simpler key-value store wouldn't work as a replacement for dns server. "flatten" the whole thing, so that, as you say, dns server wouldn't distinguish between types of substrings. the latter would be up to the client, if it willed to do so.
(trilema) Framedragger: yes indeed; and now i see that maybe there wouldn't be too much of a redundancy there - that is, when gossipd arrives, dns server could still accept pgprams, they'd simply come via gossipd - and the latter may even sit behind an abstracted network interface, etc.
(trilema) Framedragger: and, i suppose, republican dns server could work in a way that already facilitates session-less communication - pgprams issuing orders to change zone files, etc.
(trilema) Framedragger: the whole "patch a DNS server and run alternative root" effort sounds interesting and useful, but, as you said, eventually the underlying layer would need to swapped for gossipd anyway. in gossipd, UDP/TCP as currently used by DNS may not even work. hence there may be a redundancy of effort;
(trilema) Framedragger: so yeah, running a republican dns root would still imply "collaborating" with current internet infrastructure. reform, not revolution. something like, in those tmsr ISP discussion, someone e.g suggesting to acquire an autonomous system number for tmsr. "is it even worth it."
(trilema) mircea_popescu: it probably does because current dns software was written by goatfuckers.
(trilema) Framedragger: hmm. i'm still not sure if your scheme does not require additional customization of dns server software (bind/unbound/whatever). i mean, if it does, so be it.
(trilema) mircea_popescu: there's no reason ~you~ should know aforehand what the dns servers will tell you to ask if you look for "string containing substring x" ; and the fact that you DO know who to ask for ".com" is just another sign of the above "some bs hacked together by people who didn't go to school for cs 30 yearsd ago"
(trilema) mircea_popescu: it just correctly orthogonalizes the matter of delegation, which is dns internal cooking, and not the client's business.
(trilema) mircea_popescu: of course not, but this because dns is broken.
(trilema) mircea_popescu: they would have to be "the same" and "up to date" in the sense of dns "give it a day".
(trilema) Framedragger: caching != delegation in dns, afaik.
(trilema) Framedragger: mircea_popescu: this implies that there's basically a single dns server, though. it does not delegate to other dns servers, like what we have now
(trilema) mircea_popescu: it is up to your client to decide if the domain "Pwgaf,H6X/LJ8yt..OLjoNn+kyfFsOG5a?FpPbf!uxOS6" should be queried as "Pwgaf,H6X/LJ8yt..OLjoNn+kyfFsOG5a?FpPbf!uxOS6" or "OLjoNn+kyfFsOG5a?FpPbf!uxOS6" or ".." or "nasa.org" or whatnot. dns just answers queries, and nothing else.
(trilema) a111: Logged on 2016-11-14 09:34 Framedragger: http://btcbase.org/log/2016-11-13#1566874 << re. republican dns root (i think this term is not ambiguous), as far as i can see, if bob owned .whatever TLD and john owned john.whatever SLD, then queries for john.whatever would still "pass" through bob's .whatever zone file.
(trilema) mircea_popescu: http://btcbase.org/log/2016-11-14#1566990 << there is no such thing as "tld". there's just strings. if you query r-dns for "fucksgoats" you get ip for "fucksgoats". if you query for "hurrdurr.fuckgoats" you get ip for "hurrdurr.fucksgoats". if you query for "Pwgaf,H6X/LJ8yt..OLjoNn+kyfFsOG5a?FpPbf!uxOS6" you get ip for "Pwgaf,H6X/LJ8yt..OLjoNn+kyfFsOG5a?FpPbf!uxOS6".
(trilema) Framedragger: (and for anyone curious, there are a few "alt roots" out there, see alternative root servers section in http://thedjbway.b0llix.net/djbdns/dnsroots.html e.g.
(trilema) Framedragger: (btw amusingly, non-reich DNS roots are called "alt roots". tmsr could call it "*the* dns root", or "the republican dns root". or something.)
(trilema) Framedragger: hence in effect, bob would control john's domain. hierarchy is baked into dns root.
(trilema) Framedragger: http://btcbase.org/log/2016-11-13#1566874 << re. republican dns root (i think this term is not ambiguous), as far as i can see, if bob owned .whatever TLD and john owned john.whatever SLD, then queries for john.whatever would still "pass" through bob's .whatever zone file.
(trilema) mircea_popescu: (bad dns implementations may prevent client from quering for the ip of "vulpes", but that is a problem to be fixed by self-same clients)
(trilema) Framedragger: apart from the lulz, the point would be, i suppose, that there should be no reason to disallow for that. assuming registering party is in good standing within WoT; and if there were an actual .lemonparty on current reptilian dns, they'd better cough up a pgp sig.
(trilema) Framedragger: mircea_popescu: apologies if you deem this masturbatory at this point, but one more curious q re. jurisdictional matters for dns - just interested what you think - so would the republican dns allow registration of any arbitrary TLDs (.cocks etc)? i assume there is no reason not to allow for that?
(trilema) mircea_popescu: ftr ima join #opennic see what it's all about because of comment on dns swamp article
(trilema) Framedragger: mircea_popescu: re. dns which serves the republicans, and thinking along those lines ("are you in good standing to even register a name?"), fair enough if you'd prefer to have someone else than me do the republican dns thing. (i'd be interested, and would be good education, but then, republican efforts != educational charity). :)
(trilema) mircea_popescu: if we had the uci ready, we could run republican dns on these.
(trilema) the_scourge: shinohai: I'm still trying to work out how they did the dns. Obviously they are only hosting the one page which was just ripped off the gc.ca site, but dig says 199.73.55.35 is the IP, and that 404's
(trilema) mircea_popescu: there mayn't be a THE dns register ; and nobody asked the usg anything.
(trilema) mircea_popescu: point remains there is ABSOLUTELY no reason usg may maintain "the" dns register.
(trilema) asciilifeform: the correct way to 'dns' is to 1) gossipd , which gives you 2) http://mypubkey/ahostnameofmine/...
(trilema) asciilifeform: 0 meaningful redundancy, 0 authentication ( you have nfi whether you are talking to tmsr dns box or hitler at your isp closet ) , massively drepperistic codebase , generally turdalicious design in 1,001 ways.
(trilema) asciilifeform: dns imho is simply evil, and should not be put on life support, but properly shot.
(trilema) phf: i'm already using unbound this way (my hosts file is all the dns i need, but i have a script that periodically syncs it into router's unbound.)
(trilema) Framedragger: ref. http://www.unix.com/ip-networking/133552-howto-linux-multihomed-dns-client.html
(trilema) Framedragger: (cf. dns timeout, which is different)
(trilema) Framedragger: apparently however, if first dns server returns no-record, (at least) linux will not attempt 2nd dns server :(
(trilema) trinque: doesn't need to have anything to do with the republican DNS
(trilema) trinque: Framedragger: you can do that by simply configuring more than one DNS server on your own box
(trilema) Framedragger: (actually, ideally there'd be a quick way to switch dns servers so that whitehouse.gov could be resolved via dns1/dns2. i guess it's a matter of having two+ .conf's, and symlinking resolver.conf to any one of them.)
(trilema) Framedragger: oh god, and of course there's no standardised dns client design in relation to primary/secondary dns servers. or so it seems. linux supports nice multihomed dns, but the latter works best if there are separate TLDs for the different dns servers.
(trilema) Framedragger: mircea_popescu: i assume that you would not care much for a "preferred and secondary dns servers" setup, wherein if dns1 returns no record for whitehouse.gov, dns2 is queried? i personally would still like to be able to visit the reich's web. but dunno if this is compatible with teh republic :p
(trilema) asciilifeform: mircea_popescu: in truth i cannot recommend any dns seller, this may well be a case of 'pay the cheapest shaman'
(trilema) asciilifeform: believe or not, 'you' (definitely not you, nor me, but some favourite son somewhere) can make $mils by offering service of 'dns reg just like the 5.95 one but we need signed letter from CEO of your corp, notarized by the board, before we'll move a domain'
(trilema) asciilifeform: at one point i worked for a co that supplied dns reg as part of a larger package of high-roller services (rather than, as usually seen with registrars, to public) -- the 'crown concession' was quite costly
(trilema) asciilifeform: jurov: there is an upstream cost, given as all dns regs are sub-leases from hitler.
(trilema) asciilifeform: the 'competitive' dnstrons -- do.
(trilema) mircea_popescu: meanwhile on the dns "registrar" front, http://wotpaste.cascadianhacker.com/pastes/6di65/?raw=true
(trilema) asciilifeform: incidentally one major role of usgtronic 'dns' etc. is to make isp jurisdiction-hopping gnarlier.
(trilema) trinque: also use moar dns
(trilema) asciilifeform: ben_vulpes: 'zooko' is primarily known for the 'dns triangle' thing
(trilema) a111: Logged on 2016-10-23 14:06 mircea_popescu: heh. the only pill against that is locked dns.
(trilema) mircea_popescu: heh. the only pill against that is locked dns.
(trilema) ben_vulpes: https://github.com/okTurtles/dnschain/blob/master/docs/What-is-it.md << i think the words are supposed to be here
(trilema) ben_vulpes: https://github.com/okTurtles/dnschain oh hey checkout this block chain technology with a twee fukkin name
(trilema) ben_vulpes: fuckin dns
(trilema) trinque: to say nothing of being a champ and running your own DNS
(trilema) deedbot: http://qntra.net/2016/10/dyn-dns-suffers-packet-inflation-many-other-services-affected/ << Qntra - Dyn DNS Suffers Packet Inflation, Many Other "Services" Affected
(trilema) mircea_popescu: Blockchain.info is blaming their recent downtime on a DNS attack against their registrar. << that part is correct ; mitm tried and mostly failed.