I am a DNS minimalist. Stop using this stuff wherever you can.
Discussion
Why?
I would like to know why too
State controlled stack. You can be censored and/or redirected to different sites by governments and some large corps.
Ok I get ya now but how unless we use web3 domains get away from DNS
Use nostr pub keys with signed payloads by the owner. No government can fake that.
True ok but only nostr has that
Everything will be in nostr in the future.
I hope so but right now as it stands don't think so
Nostr is a public network. Any software can access it. It's not difficult for a web browser replace ICANN DNS by Nostr DNS.
Agreed but like I said as it stands so fare right now and if we don't find for change ICANN DNS will still rain supreme
How do you find your server then? Nostr seems to require websockets which requires DNS. My client won't connect to my server over IP only.
How? Explain.
If I want to go to your website, I type your pubkey, your pubkey contains an event with the IP of your server, then I ping that server to see it.
Every site should have a pubkey pointing to an IP.
The problem imo is for normies outside of nostr, npub is really easy to say. What I think we could do is take fiatjafs thing of petnames, so stuff. Com could be a site for me and other for you and maybe we could even reach a consensus someway, like Pablo says, embrace the chaos. Or maybe you could choose your dns list provider, that would assign the things for you, and I could say stuff. Com according to provider Z.
How to point ?
I need time, energy (body and brain) to learn more and understand this stuff. Or an app that makes it easy :)
DM me and ask questions I'm happy to help where I can
The state can control you by breaking trough the door in your house and pointing a gun at you.
At least, democratic states aren't *supposed* to.
But companies don't have constitutions and do whatever maximizes their profit, it's their job. And, unlike with governments, we don't have to give them the power we give them.
I think it's wiser to focus on corporate censorship than government censorship.
I wish there was a robust http-nostr-http bridge
Lots of people see the need. It will happen. We just need to find the person that will do it.
I believe in you, Vitor
Do you think an alternative DNS root zone could add any value? Chris Jeffrey (bcoin) and Joseph Poon (lightning network) created Handshake DNS a few years ago. You need however an ad hoc resolver to acces the root zone.
Not without securing records with pubkey cryptography. Otherwise we will have the same problem: the need to trust that root operator and the nodes below it.
A new version could replace WebSocket with WebTransport which is an http protocol and not just a hack
Just require or build in an alternic set of root zones and live freely. .nostr could be a thing for all with existing systems.
Full disclosure, I ran an alternic root server for a year.
Now you can use opennic. https://www.opennic.org/
Isn't it controlled by the same people that control IP?
Yep, don't get me started in the IP part... DNS is just easier to solve.
But there is no way to solve IP, or is there a way? Maybe we could have people just announce all their routes and a big central repository would keep track of everything and calculate routes for people.
IP is permissioned by design. You can offer alternative routes with hardware investments but it will still be permissioned.
Howefver, what flows on top of it doesn't need to be permissioned. IP nodes are just like relays if all messages are signed/encrypted. State actors might put their stuff in the middle and surveil people, but they can never change or create packages.
What I mean is that IP exists so we can locate other computers on the internet, right? But if you and I are connected to the same router we don't need the global IP network, we can have our own local routing mechanism.
But what we are not connected to the same router, but you are connected to v-router that is then connected to f-router? We could still have a something according to which your address is relative to me, like vitor.v-router.f-router.fiatjaf and so on.
And v-router could just announce to f-router who is "vitor" in it, so f-router can share that to me and my computer can calculate a route that goes directly to you.
(I'm just making this up now. How much bullshit am I talking?)
This gets impossible at scale, but that doesn't mean we need a central authority delegating IPs, we can still have relative addresses like above, except that calculating them is hard, but a coalition of decentralized routing servers could keep a database of routes and assist individual nodes in finding routes to anywhere.
You will need a physical link between the two routers otherwise you have another operator in the middle.
Regardless, people in your house, using your router, need to trust you. Which is not ideal.
But I'm talking about physical links.
Yep, that works (I used to setup corporate networks back in the 2000s).
But you are trusting the operator of each hop along the way.
Aren't we trusting the operator of each hop in the current world?
We are. And we shouldn't be.
What can we do about it besides encrypting and/or signing messages?
I don't think there is a solution for IP without pubkey cryptography. There are too many third-parties to interfere.
DNS is a lot easier thought. I'd love to get to your website by typing nostr://`d-tag`.npub1.../ in the browser. You can just keep d-tag -> IPs in a replaceable event.
I see, yes indeed.
nostr:nprofile1qyt8wumn8ghj7un9d3shjtnddaehgu3wwp6kytcprfmhxue69uhhyetvv9ujuumgd96xvmmjvdjjummwv5hszxthwden5te0dehhxarj9e3k76twve6kuepwv9c8qtcqypuu9jhpzn4z32vpua2eknl8s49ywdfp4rfz5e4m4w06yj8tsg8lvxxqdcn another one for you to get into the Brave browser.
"Reticulum is the cryptography-based networking stack for building local and wide-area networks with readily available hardware. It can operate even with very high latency and extremely low bandwidth. Reticulum allows you to build wide-area networks with off-the-shelf tools, and offers end-to-end encryption and connectivity, initiator anonymity, autoconfiguring cryptographically backed multi-hop transport, efficient addressing, unforgeable delivery acknowledgements and more."
A private connection with an alert message to approve or deny?!
I think the trust should get permissions.
Are you aware of any "decentralized internet" proposals that do something like that? As far as I know all the alternatives to centralized IP (like cjdns, for example) always make use of some DHT for discovery, which to me sounds like it will never work, but having big routing services maybe could.
If you know the endpoint's key (because you are typing it on the browser) then I am ok with central routing services. In the end you can verify what's coming by yourself. The routing service can try to play you, but you have the information to verify it.
If we know keys, we can always use petnames to simplify their use. But the important part is to have the keys themselves.
cjdns is cool. I am not deep enough to know if it would work or not. But they should try.
Pretty sure the newest version of Yggdrasil (0.5.x) removed the DHT and is using CRDTs and bloom filters to route traffic.
https://yggdrasil-network.github.io/2023/10/22/upcoming-v05-release.html
Have you taken a look at #reticulum?
nostr:npub1r7psmkr4zv93xnal8un6d8hvmpsn5jvhfzn3kk38rfcel6awznks7znspg was just thinking that today.
For bootstrapping such a network, the links can also be logical initially:
You can be connected to x-router via IP itself, which is physically connected to let's say the most active community of this protocol.
You start connecting to y-router directly when Y Inc starts supporting this protocol and sets up an ISP in your locality
Are you trying to make the platform anonymous?!
I mean the users of the platform
This is a very good point actually.
DNS IS corporate.
And we should also, like my friend nostr:npub19mun7qwdyjf7qs3456u8kyxncjn5u2n7klpu4utgy68k4aenzj6synjnft once asked, beware of how many relays are in AWS, GCP and Azure controlled machines. It would be good to have some idea of that percentage and make people aware.
One of the project on my ever expanding list is to write a relay in Clojure and get it running on a Raspberry Pi in my office, and then get an IP address from my ISP. No domain name, just an IP.
So I have good news and bad news.
The good news is that there is at least one open source project you can add to.
The bad news is that I tried to run it and I was unable to.
But also, if you feel that you want to build a relay from scratch, which would be cool, I can share that I'm using one off-the-shelf build in c++ and it seems its not that straight forward. It needs some extra steps. Some clients also require you to be behind ssl...
But still very excited about it when it does work. Its really nice and I think even necessary, to have your own relay.
I use base.dns.mullvad.net
It blocks everything that disturbs online browsing
Sorry Vítor, can you explain with a little more detail how is that possible?
I have an IP... Then what?
Imagine having a replaceable event in Nostr that includes a tag for your IP and a dtag for a subdomain of your username.
Then, with browser support, we could do a nostr://dTag.npub1.../ loads that event and redirects the user to your IP.
The DNS minimalism grows stronger. Imagine challenging the domain server hegemony, from such an out of the blue surprise tech as nostr. Things are cool, tech optimism is real!
So it would act as a CNAME or an Alias effectively?
Ok I gotta look into what those nips are. I don't know enough.
Has anyone created this infrastructure yet?
not yet, but we are waiting for somebody to go deep into it. nostr:npub1nlk894teh248w2heuu0x8z6jjg2hyxkwdc8cxgrjtm9lnamlskcsghjm9c and I tried a kind:30053 for DNS records many months ago. The goal back then would be to not have a relay list with domain names, but a relay list with pubkeys that in turn point to IPs. Maybe he is still offering that event for his relays. We just never really went for it.
Very interesting.
I would give it a go but:
1. I can barely understand anything about nostr. There's still quite a learning curve for me.
2. I only just started my relay yesterday and I can't even get that working properly yet.
And funny enough, one of the problems I have is cloudflare dns.
Get rid of Cloudflare:
https://simplifiedprivacy.com/cloudflare/
The modern internet is totally corrupt.
Current 30053 records point to old IPs. I can create new 30053 records if you want to play..
Go to i2p, problem solved.
Your thoughts on Nomen? https://nomenexplorer.com/
DNS names wont fit in the blockchain. But it is a cool idea.