Replying to Avatar ⚡️🌱🌙

One of the biggest weaknesses of nostr is its reliance on local DNS servers typically residing at 8.8.8.8 or 8.8.4.4 as setup by ISP’s.

Essentially this gives every governments a single point failure within their jurisdiction with which to take nostr offline relays offline. If they desired.

However, the Authoritative DNS servers that serve the DNS root zone are visible on the network and their addresses are in the public domain. They are configured in the DNS root zone as 13 named authorities, as follows.

a.root-servers.net

198.41.0.4, 2001:503:ba3e::2:30

Verisign, Inc.

b.root-servers.net

199.9.14.201, 2001:500:200::b

University of Southern California,

Information Sciences Institute

c.root-servers.net

192.33.4.12, 2001:500:2::c

Cogent Communications

d.root-servers.net

199.7.91.13, 2001:500:2d::d

University of Maryland

e.root-servers.net

192.203.230.10, 2001:500:a8::e

NASA (Ames Research Center)

f.root-servers.net

192.5.5.241, 2001:500:2f::f

Internet Systems Consortium, Inc.

g.root-servers.net

192.112.36.4, 2001:500:12::d0d

US Department of Defense (NIC)

h.root-servers.net

198.97.190.53, 2001:500:1::53

US Army (Research Lab)

i.root-servers.net

192.36.148.17, 2001:7fe::53

Netnod

j.root-servers.net

192.58.128.30, 2001:503:c27::2:30

Verisign, Inc.

k.root-servers.net

193.0.14.129, 2001:7fd::1

RIPE NCC

l.root-servers.net

199.7.83.42, 2001:500:9f::42

ICANN

m.root-servers.net

202.12.27.33, 2001:dc3::35

WIDE Project

It is possible to bypass the local dns server / recurser and go straight to DNS root in order to get the IP addresses for relays. This would make nostr even more censorship resistant, but would slow things down. Maybe this could be an anti-censor mode that clients could attempt if clients detect all relays are unreachable or if some kind of DNS error is returned?

Also… Anycast should be implemented for reads instead of unicasting. This could massively improve performance by reducing network traffic and relay load when it comes to reads. Relay proxies as proposed by Cameri would allow anycast reads and would vastly reduce the bandwidth requirements of nostr and dramatically reduce the load on each relay.

Unicasting and data duplication should be maintained for writes, with anycast proxies serving reads.

Anycast proxy relays could potentially allow a client to access a vastly greater number of relays and also improve the access surface making nostr more resilient to DDOS.
Avatar
RMX 2y ago

Worth consider to host the relays in data neutrality and privacy focused countries like Iceland, Norway, Sweden.

Reply to this note

Please Login to reply.

Discussion

No replies yet.