You are Here:
DNS - Domain Names :

Author (Read 1359 times)

0 Members and 1 Guest are viewing this topic.

DNS - Domain Names :
« on: Dec 06, 2017, 04:28:09 am »
 

EvadingGrid

  • Rat Catcher (retired)
  • Administrator
  • Mega InfoWarrior
  • *****
  • 7862
    Posts
DNS - Domain Names :

Every time you type www.website.com the DNS translates that into number.
What happens if Washington does not like a website  ?
What happens if DNS fails ?



What's DNS? And why does Dot-Bit matter?

DNS is like the phonebook of the Internet. When you type in www.google.com, your computer asks a digital phonebook on the Internet (called a DNS server) what the address means, and gets back a series of numbers like 74.125.239.19. The problem is that these DNS servers are controlled by governments and large corporations, and could abuse their power to censor, hijack, or spy on your Internet usage. This happens on a regular basis across the world, including in countries like China as well as in countries like the United States.


DNS Explained














Last Edit by Gladstone
We are all running on Gods laptop.
The problem is the virus called the Illuminati.
 

Re: DNS - Domain Names : The Case for Decentralized DNS
« Reply #1 on: Dec 06, 2017, 04:41:40 am »
 

EvadingGrid

  • Rat Catcher (retired)
  • Administrator
  • Mega InfoWarrior
  • *****
  • 7862
    Posts
The Case for Decentralized DNS
https://medium.com/@judecnelson/the-case-for-decentralized-dns-3d5a352962d


On Friday October 21, a major DNS provider called Dyn was hit with a massive DDoS attack, making sites like Reddit, Twitter, GitHub, Netflix, and others unavailable for many people in the eastern US. While DDoS attacks are nothing new, this attack was particularly devastating because the attacker didn’t even have to touch these sites. If knocking these sites offline was the intent of the attack, then hitting their shared DNS provider gave the attackers by far the biggest bang for their buck.

How did we get to this point?

Information gets routed across the Internet by IP addresses, which are easy for machines to use but hard for people to remember. To remedy this back in the early days of the Internet, networked computers had a special file called the HOSTS.TXT file which assigned easy-to-remember names like symbolics.com (one of the first such names) to network addresses of well-known computers.

By the mid 1980s, making sure each computer had the same HOSTS.TXT file became too hard to coordinate. To deal with this, the Domain Name System (DNS) was created to allow certain computers (DNS servers) to remember a subset of the name/IP mappings and serve them to other computers.

DNS is a hierarchical system that efficiently divides up the responsibility for translating a name to an IP addresses. When your computer looks up the IP address for webmail.cs.princeton.edu, for example, it first asks the well-known DNS server for edu for the IP address of the DNS server for princeton. It then asks princeton.edu for the IP address of the DNS server for cs.princeton.edu, and then asks cs.princeton.edu for the IP address of webmail.cs.princeton.edu.

Anyone can run a DNS server. But as the Internet became popular in the 1990s, an entire cottage industry sprang up around providing and managing DNS servers for you. As time went on, these businesses improved and consolidated, making it commonplace for a single DNS service like Dyn to manage the name/IP mappings for many different websites. These consolidations created single points of failure, which the attacker exploited. Only people who knew how to select an alternative DNS server (or happened to know the IP addresses for these websites) were able to access them during the attack.
Is this the last we’ve seen of this?

Doubtful. This particular attack hit a single DNS provider using, of all things, an army of hacked webcams. With the Internet-of-Things taking off, and with no standard way of patching and fixing IoT devices when they get hacked, we can expect to see more of these kinds attacks. In fact, this is the second major IoT-based attack this month — the other being the attack on krebsonsecurity.com.

I personally switched my computer over to OpenDNS to avoid the attack. However, this isn’t a great solution in general, since (1) the attacker could also attack OpenDNS, and (2) if enough people switched over to smaller DNS provider from a larger one like Dyn, they may accidentally overwhelm it and cause it to fail as well. While DNS servers can be configured to cache previously-queried IP addresses from other servers (to spread the request load around), this can lead to its own problems if it’s not carefully configured.


What can we do about it?

Ironically, this attack would have been impossible prior to the mid-1980s, since every computer back then already knew the name/IP mappings for every other computer via the HOSTS.TXT file. The reason the Internet switched to DNS is because it removed the bureaucratic overhead of trying to do things like add webmail.cs.princeton.edu to all the world’s billions of computers’ HOSTS.TXT files. With DNS, only Princeton’s servers have to take care of requests for cs.princeton.edu and webmail.cs.princeton.edu. Moreover, if Princeton wanted to add or remove names or change their IP addresses, they only have to modify their DNS servers.

Can we get both the redundancy of HOSTS.TXT and the ease-of-management of DNS? Can we give every computer the same HOSTS.TXT file without the overhead required to keep it up to date? Turns out we can, using Blockstack.

Blockstack not only makes decentralized naming practical, but also more secure than DNS. Each Blockstack node learns the DNS information for each name in existence, as well as a public key associated with each name. By using the Bitcoin blockchain to bind the name to a public key and DNS information, Blockstack allows anyone to register a name while simultaneously ensuring that only the name’s owner can control it. If the Dyn attackers wanted to knock websites offline in Blockstack, they would have to attack either the individual sites, or attack the Bitcoin network itself. Even then, all the Dyn attackers could do is slow down name updates.
Where can I learn more about Blockstack?

Blockstack is a peer-reviewed system (USENIX ATC 2016, DCCL 2016). It is open source, and is available here. It has been running in production for 2+ years.

Slack . chat.blockstack.org



Last Edit by Gladstone
We are all running on Gods laptop.
The problem is the virus called the Illuminati.
 

Re: DNS - Domain Names :
« Reply #2 on: Dec 10, 2017, 07:15:20 am »
 

EvadingGrid

  • Rat Catcher (retired)
  • Administrator
  • Mega InfoWarrior
  • *****
  • 7862
    Posts
Most people have the default DNS provided by their ISP.

The ISP records all the requests, and therefore can track not only what you browse on the web - but everything else, every app that asks for updates, etc . . . .

CHANGE YOUR DNS
Do not do what 99% of people do and rush off to install OpenDNS . . . . choose some one a bit more obscure who does not keep logs, and is outside the reach of the Empire.



Last Edit by Gladstone
We are all running on Gods laptop.
The problem is the virus called the Illuminati.
 

Re: DNS - Domain Names :
« Reply #3 on: Jan 08, 2018, 03:20:02 am »
 

sab

  • Newbie
  • *
  • 5
    Posts
Here are a few more:

DNS Systems
https://www.opennic.org/
https://yeti-dns.org/

DNS Blockchains:
https://namecoin.org/
https://emercoin.com/

Yet another Alt Systems
https://maidsafe.net/
https://freenetproject.org/ (old system)



Last Edit by Humphrey
 

 

EvadingGrid

  • Rat Catcher (retired)
  • Administrator
  • Mega InfoWarrior
  • *****
  • 7862
    Posts
The Register

OK, this time it's for real: The last available IPv4 address block has gone
Now for the last time, will you all please shift to IPv6?!

By Kieren McCarthy in San Francisco 18 Apr 2018 at 22:10
https://www.theregister.co.uk/2018/04/18/llast_ipv4_address/

You may have heard this one before, but we have now really run out of public IPv4 address blocks.

The Internet Assigned Numbers Authority – the global overseers of network addresses – said it had run out of new addresses to dish out to regional internet registries (RIRs) in 2011. One of those RIRs, the Asia-Pacific Network Information Centre, said it was out of available IPv4 addresses later that year.

Then Europe's RIR, Réseaux IP Européens aka RIPE, ran dry in September 2012, followed by the Latin America and Caribbean Network Information Centre (LACNIC) in June 2014. Next, the American Registry for Internet Numbers hit an IPv4 drought in September 2015.

Of course, there was running out and then there was actually running out. It wasn't until February 2017 that LACNIC moved to "phase 3" when only those companies that did not have any IPv4 space were allowed to get any of the remaining addresses – which will only come in /22 bite-size pieces.

But this week, we have really run out. Despite having run out six years ago, RIPE this week has really, really run out. It has allocated its last /8 block – and you can see from this pretty graph – the dark green has run into the ground.
RIPE IPv4

Of course, RIPE still has some other addresses. But it's not like the old days when people would scoff at anything smaller than a /8. From here on out, it's just crumbs.
But it's gonna be OK

The good news is that after 20 years of pleading by internet engineers, who are not at all embarrassed by the fact that they developed a new protocol that is incompatible with the old one, everyone has decided to move over to IPv6 and so it doesn't matter that we have run out of IPv4.

Only kidding. It's an absolute mess.



READ MORE
https://www.theregister.co.uk/2018/04/18/llast_ipv4_address/



Last Edit by Humphrey
We are all running on Gods laptop.
The problem is the virus called the Illuminati.
 

Re: DNS - Domain Names :
« Reply #5 on: Oct 12, 2018, 11:25:03 am »
 

tahoeblue

  • Global Moderator
  • Mega InfoWarrior
  • *****
  • 1009
    Posts
nice thread



Last Edit by Humphrey
 

Re: DNS - Domain Names :
« Reply #6 on: Oct 17, 2018, 02:58:16 am »
 

EvadingGrid

  • Rat Catcher (retired)
  • Administrator
  • Mega InfoWarrior
  • *****
  • 7862
    Posts
We are all running on Gods laptop.
The problem is the virus called the Illuminati.
 

 

Powered by EzPortal