Nostr Web Client

One of the biggest weaknesses of nostr is its reliance on local DNS servers typically residing at 8.8.8.8 or 8.8.4.4 as setup by ISP’s.

Essentially this gives every governments a single point failure within their jurisdiction with which to take nostr offline relays offline. If they desired.

However, the Authoritative DNS servers that serve the DNS root zone are visible on the network and their addresses are in the public domain. They are configured in the DNS root zone as 13 named authorities, as follows.

a.root-servers.net

198.41.0.4, 2001:503:ba3e::2:30

Verisign, Inc.

b.root-servers.net

199.9.14.201, 2001:500:200::b

University of Southern California,

Information Sciences Institute

c.root-servers.net

192.33.4.12, 2001:500:2::c

Cogent Communications

d.root-servers.net

199.7.91.13, 2001:500:2d::d

University of Maryland

e.root-servers.net

192.203.230.10, 2001:500:a8::e

NASA (Ames Research Center)

f.root-servers.net

192.5.5.241, 2001:500:2f::f

Internet Systems Consortium, Inc.

g.root-servers.net

192.112.36.4, 2001:500:12::d0d

US Department of Defense (NIC)

h.root-servers.net

198.97.190.53, 2001:500:1::53

US Army (Research Lab)

i.root-servers.net

192.36.148.17, 2001:7fe::53

Netnod

j.root-servers.net

192.58.128.30, 2001:503:c27::2:30

Verisign, Inc.

k.root-servers.net

193.0.14.129, 2001:7fd::1

RIPE NCC

l.root-servers.net

199.7.83.42, 2001:500:9f::42

ICANN

m.root-servers.net

202.12.27.33, 2001:dc3::35

WIDE Project

It is possible to bypass the local dns server / recurser and go straight to DNS root in order to get the IP addresses for relays. This would make nostr even more censorship resistant, but would slow things down. Maybe this could be an anti-censor mode that clients could attempt if clients detect all relays are unreachable or if some kind of DNS error is returned?

Also… Anycast should be implemented for reads instead of unicasting. This could massively improve performance by reducing network traffic and relay load when it comes to reads. Relay proxies as proposed by Cameri would allow anycast reads and would vastly reduce the bandwidth requirements of nostr and dramatically reduce the load on each relay.

Unicasting and data duplication should be maintained for writes, with anycast proxies serving reads.

Anycast proxy relays could potentially allow a client to access a vastly greater number of relays and also improve the access surface making nostr more resilient to DDOS.

Yuval Adam ⚡️ 2y ago

If you are assuming nation state censorship, you can't stop at DNS, IP traffic can just as easily be blocked. In such a threat model you need a Tor-like solution e.g. custom bridges with pluggable transports.

Reply to this note

Please Login to reply.

Discussion

⚡️🌱🌙 2y ago

Yes good point, IP blocking is the next line of defence and would require further tools to circumvent.

But with relays the idea is that they are more gorilla and IP’s are not static. So ultimately it’s the internet kill switch and the choice moves closer to; free internet or no internet.

captjack 🏴‍☠️✨💜 2y ago

onion nostr relays will happen not for everyone but just for txt based info for those who really need it ! and zaps too - initial basic test works ! as usual perf only issue

The Guy That Looked Into It 2y ago

The word on the streets is they already did happen some time ago, although I don't think many are actively maintained and I don't have any link handy.

captjack 🏴‍☠️✨💜 2y ago

usable in cli only - customizing web gui trying

⚡️🌱🌙 2y ago

I think we are only 2 years away from cli satellite phones.