Google, Cloudflare & Cisco Will Poison DNS to Stop Piracy Block Circumvention * TorrentFreak

mesamune@lemmy.world to Technology@lemmy.world – 365 points –
torrentfreak.com
99

You are viewing a single comment

Is there such a thing as federated dns servers, self hosted or otherwise? I don't particularly care about piracy but I can see this dominoing into abortion, lgtq+ ect...ect...

As long as you’re not using DNSSEC, you can easily run your own. I’ve been running a PiHole for years now, it can pull in block lists and such from various sources, it’d be fairly easy to add a list to pull in automatically that include extra records. Those could be served from anywhere. Torrents, git repos, http calls, etc.

Note that with just pihole you would still be affected by this, since pihole needs an upstream dns server to get it's data from.

But if you set up pihole with unbound you will be OK, since unbound then will do the job of getting data from the root servers without another upstream dns.

I my experience it is also faster.

Would pihole work if all the major DNS that gets pulled resolved the same? I would imagine the change would only work for a while.

While others suggested adding the DNS records manually the far more secure and easier in the long term solution is to run pihole with unbound. Going this route completely eliminates third party upstream DNS servers as unbound will query the top level domain for their authoritative name server and direct the IP address from the source. Pihole has a great explanation on their website. I like crosstalk solutions on setting it up as it's has everything you need just to copy paste your way into it working.

A PiHole functions has a full DNS server. You can configure it to serve any arbitrary records you like - which is basically how it overrides ad domains to prevent them from loading.

So, if you know the IP address that a particular domain is supposed to route to, you configure the PiHole to respond with that IP address for that domain. So, it doesn't matter that the major DNS servers return junk because your PiHole never asks them.

Pihole is great. Easy to setup. Runs on $80 worth of hardware on a raspberry...

$80? I run mine on a Pi Zero that I got for $9 with a $6 wired network adapter for a grand total of $15. No problems for a household of five with one of us (me) being an extremely heavy user.

Or if you have a NAS, just use that. There's nothing special about the Raspberry Pi hardware here.

I used to do that, but it comes with the problem of your DNS going down any time you want to restart or do a hardware swap on your NAS. Or since it was running in docker something as simple as reloading docker would knock out the internet for a few minutes. It's worth the $15 to have them operate separately.

Doesn't that just move the problem to the $15 device? Or are you saying you reboot your NAS significantly more often than your RPi? I have a RetroPie setup that I reboot about as often as my NAS, which is when I remember to run updates.

I pretty much never reboot the Pi. It currently has over 18 months of uptime on it. My NAS on the other hand I probably restart for one reason or another maybe once every 6 months. So yeah I'd say I reboot it minimum 3x more often.

Plus a reboot takes much longer on my NAS than on the Pi. The server board is slow to start, the SAS cards are slow to start, and unRAID is slow to start. Then I need to manually enter the password for disk encryption. Then wait for the array to start up. Then wait a bit more for the docker containers to start. Add all of that up and even the absolute fastest reboot is like 10 minutes while the Pi probably takes 30 seconds.

And what if I want to swap hard drives? Now it's down for an hour. I guess I could wait until 3am to do all my upgrades so everyone is asleep, but I'd rather not. I suppose if it were just for myself it would matter a lot less. But again, it's only $15 to not have to think about it at all.

Interesting. Boot times aren't an issue at all for me on my NAS because it's running on an old desktop processor and has plenty of performance. Both boot in <30s, and I leave them both on 24/7.

I tend to upgrade all my servers around the same time (RPi, NAS, VPS), and my laptop and desktop get updates about every week or two. I don't like leaving systems unpatched, so I stay on top of it. I haven't needed to swap HDDs in the 6-ish years I've had my NAS configured, so I guess it's not an issue I've run into. I'd probably just schedule it when I do a router firmware update (I run a Mikrotik router), which I do every few months as well, since that way everyone expects a little downtime.

Definitely. Though I’ll add that I ran PiHole + PiVPN on a Zero W ($10) for years. I upgraded it to a Pi Zero W 2 ($15 with extra cores) but I found that it had terrible packet drops, so I had to add a $15 usb wired adapter to it. I can max my upload speeds over vpn and dns is super low latency.

There's the completely decentralized ENS name system that would bypass this censorship entirely.

But unfortunately it's got the scarlet letters "NFT" hanging around its neck, and so good luck trying to discuss its actual merits or try to implement support for it anywhere.

NFT is scary because people don't know what it means. It is not supposed to be a means of selling jpegs; it is supposed to be a digital untamperable proof of ownership for various uses.

It's not.

It's very tamperable. It lacks common safety features like 2FA. Hacks are common and stolen NFTs can not be recovered.

It doesn't provide any evidence of ownership, much less proof. Anyone can mint NFTs without providing any evidence of ownership or anything. There is no legal requirement that ownership of anything is transferred along with an NFT.

There isn't just one single way of coding an NFT, you're talking about an entire class of application here. You can indeed add all sorts of safety features if you want to.

Saying "anyone can mint NFTs" shows a misunderstanding of the specific application we're discussing here. Not just anyone can mint an ENS name, specifically, which is what we're talking about. ENS names are minted by the ENS contract, so they can be guaranteed unique. An ENS name isn't "representing" anything other than the information contained within it, so there are no legal issues whatsoever. If you own the ENS name NFT then that's all that you need to worry about, it has no other effect or implication other than that.

This is what I was talking about when I mentioned the "scarlet letters NFT". People have an enormous prejudice about the technology and leap to incorrect assumptions about its uses based on those prejudices.

2 more...

I had really hoped that the video game industry would use its royalty function to give developers a cut of the secondary market. It would naturally incentivize them to slow down their development cycle, and make games that stand the test of time. Selling games with this technology could have been a virtuous cycle of developers having a vested interest in their work beyond simply selling DLC.

Well, hominids made hand axes for countless aeons without ever really using them. I guess I shouldn't act too shocked.

No competent engineer would use NFTs for the purpose. It's inconvenient, slow and ridiculously expensive. No one uses the "technology" because it's rubbish.

Implementing such a feature is trivial. Steam has a marketplace. They don't let you sell used games because the developers don't want it.

17 more...
17 more...

There exists GNUNet, but not really sure how common it is used.

I keep hearing about people being aware of it's existence, but I have yet to see a single person say they use it.

I tried to use gnunet multiple times over the years. It always had wierd routing problems, the worst was their filesharing, it literally never worked. You cant find files that are definitely on the network, and if by some miracle you do find something, it fails to download it. 20 years of development and its an unfinished buggy mess. I hope they finally fix it sometime, cause its a really great idea, just executed horribly.

I don't think this question really makes sense.

DNS is centralized in that there is a root zone that determines who is the canonical authority for each top level domain like .com or .world (and the registrar for each top level domain controls who controls each domain under them). But it's also decentralized in the sense that everyone who controls a domain can assign any subdomains below that, and that anyone can choose to override the name resolving with their own local DNS server (or even a hosts file saved on the device).

The court case here is trying to override the official domain ownership records at specific DNS providers. The problem is that the intermediaries are being ordered by the courts not to follow the central authority.

Federation wouldn't fit this model: we still want DNS to be canonical where everyone in the world agrees which domain resolves to which IP addresses.

DNS is to a degree, by design federated to begin with. What you need to participate is a recursive DNS server, like Unbound as some of your other replies have mentioned. You can run it on the same machine as something like Pihole if you’re already running that.

17 more...