On Wed, 20 Nov 2019, pmkellly@xxxxxxxxxxxx wrote:
I think folks like to know about the history of things they are involved
with.
Under my topic of Decentralization, I would like to write articles
on DNS (along with anyone else interested in the topic). Starting with
the early federated days, where every recursive DNS server had its own
root zone and anyone could have a TLD - with varying success at getting
most DNS operators to include it in their root zone.
Then how complaints about inconsistent query results based on which
recursive server you were using led to the creation of ICANN, and
how the doomsayers warned about the dangers of centralized power
(and turned out to be largely correct).
Then explain about authoritative (primary and secondary), recursive, and
caching DNS servers.
Then how to articles, starting with how to use dnsmasq and point it to
resolvers with alternate root zones (e.g. opennic.org) for some or all TLDs.
Examples of domains under alternate roots to visit.
Then, a more advanced article on how to run bind and have your own
alternate root, including defaulting to using ICANN for TLDs you
don't care about (and thus also saving a lot of work).
I am familiar with bind, maybe someone else can write about how to
use one of the more recent and simplified recursive resolvers that
supports alternate roots.
An article on how to register a domain under an ICANN TLD,
and also an example of registering a domain under an alternate
root TLD. Then how to run an authoritative server for your domain,
including having secondary (slave) servers in case your primary
is down. Advantages of running your own domain, including the
ability to switch email providers.
E.g. if you do not want the hassle of running your own email, you can
pay google to do its thing, but with your own domain. Then you can
easily fire them and switch to a smaller, less monopolistic provider, or
even do it yourself (which is complicated by the many forms of email
abuse and the attempts by companies like google to combat them).
Again, I am familiar with bind, but I know things in Fedora like powerdns
are supposed to be easier for a simple authoritative server.
How to sign your domain with DNSSEC. How to sign your alternate root
zone with DNSSEC.
Protocols to encrypt DNS queries by clients for privacy, and how to
support them in your caching / authoritative / recursive DNS servers
and in Fedora apps that use DNS.
a) dnscrypt
b) dns over HTTPS
c) dns over SSL
d) dns over VPN
This is arguably the simplest to configure for your own DNS servers,
and with e.g. Cjdns has all the advantages of dns over HTTPS or SSL,
including authenticating the server as well as encrypting the
queries and whitelisting clients (to avoid DoS attacks using
your recursive or caching server or keep a zone private).
Finally, there could be some discussion of alternate naming protocols
like Namecoin or dnsssb.
--
Stuart D. Gathman <stuart@xxxxxxxxxxx>
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
_______________________________________________
Fedora Magazine mailing list -- magazine@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to magazine-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/magazine@xxxxxxxxxxxxxxxxxxxxxxx
