Is there such a thing as federated dns servers, self hosted or otherwise? I don’t particularly care about piracy but I can see this dominoing into abortion, lgtq+ ect…ect…
As long as you’re not using DNSSEC, you can easily run your own. I’ve been running a PiHole for years now, it can pull in block lists and such from various sources, it’d be fairly easy to add a list to pull in automatically that include extra records. Those could be served from anywhere. Torrents, git repos, http calls, etc.
Note that with just pihole you would still be affected by this, since pihole needs an upstream dns server to get it’s data from.
But if you set up pihole with unbound you will be OK, since unbound then will do the job of getting data from the root servers without another upstream dns.
While others suggested adding the DNS records manually the far more secure and easier in the long term solution is to run pihole with unbound. Going this route completely eliminates third party upstream DNS servers as unbound will query the top level domain for their authoritative name server and direct the IP address from the source. Pihole has a great explanation on their website. I like crosstalk solutions on setting it up as it’s has everything you need just to copy paste your way into it working.
A PiHole functions has a full DNS server. You can configure it to serve any arbitrary records you like - which is basically how it overrides ad domains to prevent them from loading.
So, if you know the IP address that a particular domain is supposed to route to, you configure the PiHole to respond with that IP address for that domain. So, it doesn’t matter that the major DNS servers return junk because your PiHole never asks them.
$80? I run mine on a Pi Zero that I got for $9 with a $6 wired network adapter for a grand total of $15. No problems for a household of five with one of us (me) being an extremely heavy user.
I used to do that, but it comes with the problem of your DNS going down any time you want to restart or do a hardware swap on your NAS. Or since it was running in docker something as simple as reloading docker would knock out the internet for a few minutes. It’s worth the $15 to have them operate separately.
Doesn’t that just move the problem to the $15 device? Or are you saying you reboot your NAS significantly more often than your RPi? I have a RetroPie setup that I reboot about as often as my NAS, which is when I remember to run updates.
Definitely. Though I’ll add that I ran PiHole + PiVPN on a Zero W ($10) for years. I upgraded it to a Pi Zero W 2 ($15 with extra cores) but I found that it had terrible packet drops, so I had to add a $15 usb wired adapter to it. I can max my upload speeds over vpn and dns is super low latency.
And there is https://filterlists.com/ which is a searchable index of lists. If you use uBlockOrigin you can add lists directly from fliterlists.com otherwise it provides links to Github etc.
There’s the completely decentralized ENS name system that would bypass this censorship entirely.
But unfortunately it’s got the scarlet letters “NFT” hanging around its neck, and so good luck trying to discuss its actual merits or try to implement support for it anywhere.
NFT is scary because people don’t know what it means. It is not supposed to be a means of selling jpegs; it is supposed to be a digital untamperable proof of ownership for various uses.
It’s very tamperable. It lacks common safety features like 2FA. Hacks are common and stolen NFTs can not be recovered.
It doesn’t provide any evidence of ownership, much less proof. Anyone can mint NFTs without providing any evidence of ownership or anything. There is no legal requirement that ownership of anything is transferred along with an NFT.
There isn’t just one single way of coding an NFT, you’re talking about an entire class of application here. You can indeed add all sorts of safety features if you want to.
Saying “anyone can mint NFTs” shows a misunderstanding of the specific application we’re discussing here. Not just anyone can mint an ENS name, specifically, which is what we’re talking about. ENS names are minted by the ENS contract, so they can be guaranteed unique. An ENS name isn’t “representing” anything other than the information contained within it, so there are no legal issues whatsoever. If you own the ENS name NFT then that’s all that you need to worry about, it has no other effect or implication other than that.
This is what I was talking about when I mentioned the “scarlet letters NFT”. People have an enormous prejudice about the technology and leap to incorrect assumptions about its uses based on those prejudices.
It’s glorified receipts that are billed as far more secure than they actually are looking for a problem to solve. The entire usage is people treating it like a casino, just like cryptocurrency. I guarantee you “small” artists and such, the people that are always paraded around as the beneficiaries, are not using it in any appreciable number. Those that tried simply lost some money in the endless sea of “get rich quick” schemes they were sadly duped into participating in. Crypto bros just decided to target creatives, as if they need to be victimized more.
NFT’s are not helping people in any appreciable number. It’s just another relationship of people getting rich on the backs of a bunch of bag holders sold a false promise.
I am describing a usage that is explicitly not like that. A usage that has nothing to do with art. The concept of “NFT” is not somehow inextricably tied to spending ridiculous amounts of money on pictures of apes, it’s a general technology.
This is a perfect illustration of the problem here. People are lamenting about difficult it is to come up with a truly decentralized method of owning domain names that can’t be commandeered by authorities or big business, a system to do exactly that already exists, but it’s based on a technology that people have such an extreme prejudice about that they’d rather downvote anyone who tries to explain it and go back to helplessly lamenting.
Then please show us some valid usages currently up and running solving actual problems at scale.
I am prejudiced because I was in the crypto space for years. I used to mine and more. So my prejudice comes from a place of experience and knowledge, not random headlines and memes.
What is the NFT component offering that I don’t get from the myriad of other excellent DNS services (many of which are FLOSS) that grant me reliable DNS over HTTPS/other privacy elements? What is the NFT part accomplishing that wasn’t being done prior?
Full decentralization and censorship resistance. In the case of DNS services there’s still an organization of some kind that you’re having to trust to not mismanage your registration. Both now in their current form and in any future form the organization may take.
ENS, on the other hand, is just a smart contract running on Ethereum. Its behaviour is programmed, not dependent on any human decision making. To censor it you’d need to block Ethereum as a whole.
I had really hoped that the video game industry would use its royalty function to give developers a cut of the secondary market. It would naturally incentivize them to slow down their development cycle, and make games that stand the test of time. Selling games with this technology could have been a virtuous cycle of developers having a vested interest in their work beyond simply selling DLC.
Well, hominids made hand axes for countless aeons without ever really using them. I guess I shouldn’t act too shocked.
No competent engineer would use NFTs for the purpose. It’s inconvenient, slow and ridiculously expensive. No one uses the “technology” because it’s rubbish.
Implementing such a feature is trivial. Steam has a marketplace. They don’t let you sell used games because the developers don’t want it.
I tried to use gnunet multiple times over the years. It always had wierd routing problems, the worst was their filesharing, it literally never worked. You cant find files that are definitely on the network, and if by some miracle you do find something, it fails to download it. 20 years of development and its an unfinished buggy mess. I hope they finally fix it sometime, cause its a really great idea, just executed horribly.
DNS is centralized in that there is a root zone that determines who is the canonical authority for each top level domain like .com or .world (and the registrar for each top level domain controls who controls each domain under them). But it’s also decentralized in the sense that everyone who controls a domain can assign any subdomains below that, and that anyone can choose to override the name resolving with their own local DNS server (or even a hosts file saved on the device).
The court case here is trying to override the official domain ownership records at specific DNS providers. The problem is that the intermediaries are being ordered by the courts not to follow the central authority.
Federation wouldn’t fit this model: we still want DNS to be canonical where everyone in the world agrees which domain resolves to which IP addresses.
DNS is to a degree, by design federated to begin with. What you need to participate is a recursive DNS server, like Unbound as some of your other replies have mentioned. You can run it on the same machine as something like Pihole if you’re already running that.
Is there such a thing as federated dns servers, self hosted or otherwise? I don’t particularly care about piracy but I can see this dominoing into abortion, lgtq+ ect…ect…
As long as you’re not using DNSSEC, you can easily run your own. I’ve been running a PiHole for years now, it can pull in block lists and such from various sources, it’d be fairly easy to add a list to pull in automatically that include extra records. Those could be served from anywhere. Torrents, git repos, http calls, etc.
Note that with just pihole you would still be affected by this, since pihole needs an upstream dns server to get it’s data from.
But if you set up pihole with unbound you will be OK, since unbound then will do the job of getting data from the root servers without another upstream dns.
I my experience it is also faster.
Would pihole work if all the major DNS that gets pulled resolved the same? I would imagine the change would only work for a while.
While others suggested adding the DNS records manually the far more secure and easier in the long term solution is to run pihole with unbound. Going this route completely eliminates third party upstream DNS servers as unbound will query the top level domain for their authoritative name server and direct the IP address from the source. Pihole has a great explanation on their website. I like crosstalk solutions on setting it up as it’s has everything you need just to copy paste your way into it working.
A PiHole functions has a full DNS server. You can configure it to serve any arbitrary records you like - which is basically how it overrides ad domains to prevent them from loading.
So, if you know the IP address that a particular domain is supposed to route to, you configure the PiHole to respond with that IP address for that domain. So, it doesn’t matter that the major DNS servers return junk because your PiHole never asks them.
Pihole is great. Easy to setup. Runs on $80 worth of hardware on a raspberry…
$80? I run mine on a Pi Zero that I got for $9 with a $6 wired network adapter for a grand total of $15. No problems for a household of five with one of us (me) being an extremely heavy user.
Or if you have a NAS, just use that. There’s nothing special about the Raspberry Pi hardware here.
I used to do that, but it comes with the problem of your DNS going down any time you want to restart or do a hardware swap on your NAS. Or since it was running in docker something as simple as reloading docker would knock out the internet for a few minutes. It’s worth the $15 to have them operate separately.
Doesn’t that just move the problem to the $15 device? Or are you saying you reboot your NAS significantly more often than your RPi? I have a RetroPie setup that I reboot about as often as my NAS, which is when I remember to run updates.
Definitely. Though I’ll add that I ran PiHole + PiVPN on a Zero W ($10) for years. I upgraded it to a Pi Zero W 2 ($15 with extra cores) but I found that it had terrible packet drops, so I had to add a $15 usb wired adapter to it. I can max my upload speeds over vpn and dns is super low latency.
Any good lists? Because pihole defaults to the aforementioned servers.
Pretty decent article here
https://avoidthehack.com/best-pihole-blocklists
And there is https://filterlists.com/ which is a searchable index of lists. If you use uBlockOrigin you can add lists directly from fliterlists.com otherwise it provides links to Github etc.
I believe you can use DNSSEC directly with root servers.
unbound is a validating, recursive, caching, self-hosted DNS resolver.
There’s the completely decentralized ENS name system that would bypass this censorship entirely.
But unfortunately it’s got the scarlet letters “NFT” hanging around its neck, and so good luck trying to discuss its actual merits or try to implement support for it anywhere.
NFT is scary because people don’t know what it means. It is not supposed to be a means of selling jpegs; it is supposed to be a digital untamperable proof of ownership for various uses.
It’s not.
It’s very tamperable. It lacks common safety features like 2FA. Hacks are common and stolen NFTs can not be recovered.
It doesn’t provide any evidence of ownership, much less proof. Anyone can mint NFTs without providing any evidence of ownership or anything. There is no legal requirement that ownership of anything is transferred along with an NFT.
I can’t believe in 2024 we still see NFT advocates. It was and continues to be a colossal waste of time and resources.
It was a waste of time and resources for a particular application, yes. But the basic technology is useful for many applications.
Those “bored ape” NFTs were for jpeg images, do you also think that the jpeg algorithm was a colossal waste of time and resources?
There isn’t just one single way of coding an NFT, you’re talking about an entire class of application here. You can indeed add all sorts of safety features if you want to.
Saying “anyone can mint NFTs” shows a misunderstanding of the specific application we’re discussing here. Not just anyone can mint an ENS name, specifically, which is what we’re talking about. ENS names are minted by the ENS contract, so they can be guaranteed unique. An ENS name isn’t “representing” anything other than the information contained within it, so there are no legal issues whatsoever. If you own the ENS name NFT then that’s all that you need to worry about, it has no other effect or implication other than that.
This is what I was talking about when I mentioned the “scarlet letters NFT”. People have an enormous prejudice about the technology and leap to incorrect assumptions about its uses based on those prejudices.
It’s glorified receipts that are billed as far more secure than they actually are looking for a problem to solve. The entire usage is people treating it like a casino, just like cryptocurrency. I guarantee you “small” artists and such, the people that are always paraded around as the beneficiaries, are not using it in any appreciable number. Those that tried simply lost some money in the endless sea of “get rich quick” schemes they were sadly duped into participating in. Crypto bros just decided to target creatives, as if they need to be victimized more.
NFT’s are not helping people in any appreciable number. It’s just another relationship of people getting rich on the backs of a bunch of bag holders sold a false promise.
I am describing a usage that is explicitly not like that. A usage that has nothing to do with art. The concept of “NFT” is not somehow inextricably tied to spending ridiculous amounts of money on pictures of apes, it’s a general technology.
This is a perfect illustration of the problem here. People are lamenting about difficult it is to come up with a truly decentralized method of owning domain names that can’t be commandeered by authorities or big business, a system to do exactly that already exists, but it’s based on a technology that people have such an extreme prejudice about that they’d rather downvote anyone who tries to explain it and go back to helplessly lamenting.
Then please show us some valid usages currently up and running solving actual problems at scale.
I am prejudiced because I was in the crypto space for years. I used to mine and more. So my prejudice comes from a place of experience and knowledge, not random headlines and memes.
I just did. The ENS system, a decentralized replacement for DNS. That’s what started this subthread.
What is the NFT component offering that I don’t get from the myriad of other excellent DNS services (many of which are FLOSS) that grant me reliable DNS over HTTPS/other privacy elements? What is the NFT part accomplishing that wasn’t being done prior?
Full decentralization and censorship resistance. In the case of DNS services there’s still an organization of some kind that you’re having to trust to not mismanage your registration. Both now in their current form and in any future form the organization may take.
ENS, on the other hand, is just a smart contract running on Ethereum. Its behaviour is programmed, not dependent on any human decision making. To censor it you’d need to block Ethereum as a whole.
I had really hoped that the video game industry would use its royalty function to give developers a cut of the secondary market. It would naturally incentivize them to slow down their development cycle, and make games that stand the test of time. Selling games with this technology could have been a virtuous cycle of developers having a vested interest in their work beyond simply selling DLC.
Well, hominids made hand axes for countless aeons without ever really using them. I guess I shouldn’t act too shocked.
No competent engineer would use NFTs for the purpose. It’s inconvenient, slow and ridiculously expensive. No one uses the “technology” because it’s rubbish.
Implementing such a feature is trivial. Steam has a marketplace. They don’t let you sell used games because the developers don’t want it.
There exists GNUNet, but not really sure how common it is used.
I keep hearing about people being aware of it’s existence, but I have yet to see a single person say they use it.
I tried to use gnunet multiple times over the years. It always had wierd routing problems, the worst was their filesharing, it literally never worked. You cant find files that are definitely on the network, and if by some miracle you do find something, it fails to download it. 20 years of development and its an unfinished buggy mess. I hope they finally fix it sometime, cause its a really great idea, just executed horribly.
I don’t think this question really makes sense.
DNS is centralized in that there is a root zone that determines who is the canonical authority for each top level domain like
.com
or.world
(and the registrar for each top level domain controls who controls each domain under them). But it’s also decentralized in the sense that everyone who controls a domain can assign any subdomains below that, and that anyone can choose to override the name resolving with their own local DNS server (or even a hosts file saved on the device).The court case here is trying to override the official domain ownership records at specific DNS providers. The problem is that the intermediaries are being ordered by the courts not to follow the central authority.
Federation wouldn’t fit this model: we still want DNS to be canonical where everyone in the world agrees which domain resolves to which IP addresses.
Yes, it’s called
unbound
DNS is to a degree, by design federated to begin with. What you need to participate is a recursive DNS server, like Unbound as some of your other replies have mentioned. You can run it on the same machine as something like Pihole if you’re already running that.