Open Thinkering

Menu

Tag: DNS

Sort-of breaking up with Cloudflare

Cloudflare provides a few services which a lot of the web relies upon. The ones I have been using are free, namely…

1. Content Delivery Network

A content delivery network, or content distribution network (CDN), is a geographically distributed network of proxy servers and their data centers. The goal is to provide high availability and performance by distributing the service spatially relative to end users.

Wikipedia

In other words, a CDN speeds up your site for users, protects you site if it suddenly becomes popular, and can notify you if your site is down.

Cloudflare was down yesterday for a time, and it made me realise that I don’t really need it for my sites. So I removed it.

2. DNS resolution

A DNS resolver, also known as a resolver, is a server on the Internet that converts domain names into IP addresses.

When you use the Internet, every time you connect to a website using its domain name (such as “computerhope.com”), your computer needs to know that website’s IP address (a unique series of numbers). So your computer contacts a DNS resolver, and gets the current IP address of computerhope.com.

[…]

The DNS resolver contacted by your computer is usually chosen by your ISP (Internet service provider). However, you can configure your network to use a different DNS provider, if you choose. This configuration can be modified in your operating system’s network settings, or in the administration interface of your home network router.

Computer Hope

Although I have an awesome, trustworthy ISP, I’ve used a DNS resolver for years. Recently I switched from using Cloudflare’s 1.1.1.1 service locally on my machines, to using 1.1.1.1 for families on our home router. This blocks both malware and adult content.

I’m going to keep using Cloudflare’s DNS resolver for now as it’s useful, fast, and it’s clear that they make their money from upselling to their VPN services.


This post is day nine of my #100DaysToOffload challenge. Want to get involved? Find out more at 100daystooffload.com

Domains, decentralisation, and DNS

Today I attended a session at the OER20 (online!) conference entitled At the scale of care. Not only was it a great session in its own right, but it got me thinking again about ‘untakedownable’ websites.

You see, the problem, as presenters Lauren Heywood, Jim Groom, and Noah Mitchell pointed out, is that, if we use the metaphor of a house, we can never control our address.

Image of house (=website), land (=web hosting), and address (=domain)
A Plot of Land: get to know your new web space (CC BY-NC 4.0)

This is something I’ve been concerned about for ages, but particularly over the last five years. For example, see:

In fact, my thinking around this took me to decentralisation, and directly to my work on MoodleNet.


As Jim mentioned in answer to my question at the end of the session, it’s like the ‘dirty secret’ of the internet is that we’re all sharecroppers in a rentier economy. Why? Because we can never truly ‘own’ our address on the internet; we can only ever (as Maha Bali and Audrey Watters have both discussed) pay money to a central registry.

We can do better than this. I’ve experimented with ZeroNet and, to a lesser extent, IPFS. The latter was actually used to circumvent the government’s crackdown on ‘illegal’ Catalan elections while I was in Spain in late 2017.


I don’t think I’m quite ready to give up on the web as a platform, but I am sick to my back teeth of the way that it is controlled by interests that don’t align with my own. Given that I make my living online, this concerns me professionally as well as personally.

There are several approaches to decentralising ownership of the ‘address’ system on the web. First, let’s just check we’re on the same page here and define some terms. When I’m talking about ‘addresses’ then technically-speaking I’m talking about the Domain Name System, or ‘DNS’:

The Domain Name System (DNS) is a system used to convert a computer’s host name into an IP address on the Internet. For example, if a computer needs to communicate with the web server example.net, your computer needs the IP address of the web server example.net. It is the job of the DNS to convert the host name to the IP address of the web server. It is sometimes called the Internet’s telephone book because it converts a Website’s name that people know, to a number that the Internet actually uses.

Wikipedia (Simple english version)

The DNS system is extremely important, but also, because it depends on an ‘official’, more centralised registry, quite brittle. For example, governments can censor websites and web services, or hackers can target them to take them offline.

As you would expect, many people have already thought about a fully decentralised DNS. Using this system, people and organisations could truly own their address. I actually have one of these: dougbelshaw.bit

Of course, nothing happens when you click on that link, because you’d need a special plugin or separate browser that understands the non-standard DNS system. So this is where it starts getting reasonably technical and regular web users switch off and go back to looking at pictures of cats.


It’s important that there needs to be some kind of ‘cost’ to reserving domain names, no matter how decentralised the system is. Otherwise, someone could just come along and snap up every possible permutation.

That’s why, inevitably, things point back to the blockchain, and in particular, Namecoin. This satisfies Zooko’s Triangle:

CCo Dominic Scheirlinck

This is better than the way ZeroNet works, for example, where each site has a long address more confusing than a unique Google Docs URL.

However, let’s just think about the steps involved here:

  1. Open a namecoin wallet
  2. Buy some namecoins
  3. Use your namecoins to buy a .bit address
  4. Set up your website to resolve to the .bit address
  5. Ask your website visitors to either install the PeerName browser extension or set up NMControl to act as their computer’s local DNS server

So after all of this, you’re still left with the need to ask website visitors to change their browsing habits — and to do so on a non-decentralised DNS site. In addition, the Namecoin FAQ states that .bit ‘owners’ may have to pay renewal fees in future.


So that’s the current state of play for web-based decentralised DNS systems. Outside of the web, of course, things can work very differently. Take Briar messenger, for example:

Diagram of Briar connections over bluetooth, wifi, and Tor

It uses the BTP protocol, meaning it can be fully decentralised, and works over a number of different connection types:

Bramble Transport Protocol (BTP) is a transport layer security protocol suitable for delay-tolerant networks. It provides a secure channel between two peers, ensuring the confidentiality, integrity, authenticity and forward secrecy of their communication across a wide range of underlying transports.

Briar project

So for example, just like other delay-tolerant protocols, such as Scuttlebutt, Briar is extremely resilient.

Sharing data with Briar via wifi, bluetooth & internet

As ever, Open Source projects are more secure and robust than their proprietary counterparts. This is the reason that Open Source software runs much of the ‘backoffice’ services for online services.


The real difficulty we’ve got here, and I make no apologies for highlighting it due to this particular crisis, is capitalism. In particular, the neoliberal flavour that hoovers up ‘intellectual property’ and farms users for the benefit of surveillance capitalism.

Over the course of my career, people have told me that they “just want something that works”. Well, it’s well beyond the time when things should just technically work. It’s time that things ‘just worked’ for the benefit of me, of you, and of humanity as whole.

How domain names resolve might seem like such a small and trivial thing given the challenges the world is facing right now. But it’s important how we come out of this crisis: are we going to allow governments, Big Tech, and the 1% to double-down on their ability to repress us? Or are we going to fight against this, and take back control of not only our means of (re-)production, but our homes online?

css.php