Michael Sheldon's Stuff

Michael Sheldon (mike at mikeasoft dot com)

November 19, 2005

AnNet – The Anarchist Network (DNS)
Mike @ 5:29 pm

I think having domain registration controlled by either private business or the state is a bad thing. There’s an idea I’ve been toying with for nearly a year now, which is to construct a peer-to-peer based domain name system. I’ve now finally started hacking together a prototype (I had fiddled with a small http proxy based version last winter, but never finished anything serious).

I’m building it so it’ll integrate reasonably naturally with existing systems, it communicates using the DNS protocol specified in RFC 1035. This means that to the user .annet domains are just as functional as any other, they can run nslookup mikeasoft.annet send mail to mike@mikeasoft.annet or type http://www.mikeasoft.annet in to their browser and all will function as expected.

On the technical side what happens is quite different though. Each AnNet DNS client also acts as a server helping to host a massively distributed database of domain registrations. The domain name to resolve is passed through a series of hashing functions which then return possible ranges of nodes within the network that might hold the relevant data; the hashing functions take in to account the estimated size of the network, for example with a small network a larger proportion of data will be hosted by each node. A lot of redundancy is built in to the network so that many servers will have the required information, allowing the client to gain some reasonable level of certainty as to the authenticity of the response. Connection to the network is bootstrapped in a similar way to Gnutella, so the client needs to know about at least one other node on the network and from there learns about the state of the network in general.

Domains are registered to a public key (PGP based), and any requests to change a domain’s information must be sent signed with the corresponding private key, thus allowing people to change the status of their domains and have the changes propagate throughout the network with minimal chances of hijacking.

I am not making any provision for dispute resolution. Dispute resolution ostensibly tries to solve issues where someone registers a domain that someone else believes they have a “right” to, however I don’t believe that registries should act as arbiters of domain justice. People can persue their trademarks through the legal system and have the state force one party to reassign ownership of their domain if they wish, but AnNet won’t help them circumvent the owner. So if someone’s stubborn enough they can still keep their domain at the expense of fines and even possible imprisonment (unlikely, but people make ethical stands about seemingly odd things sometimes). It’s purely first come, first serve as far as the system is concerned.

However, I am considering possible safeguards put in to place to revoke any domains registered to a specific public key if that key attempts to flood the network with registrations. I’m still not sure about this.

The prototype is still in very early development, it’s only had a couple of days worth of hacking on it (most of which consisted of me puzzling over the DNS protocol), but I thought it’d be nice to stick a reasonably detailed post up about my plans so people can criticise the impracticality of it all ;).


  1. […] Following on from my post about the general design of AnNet I’m now going to have a go at outlining my ideas for the distributed peer-to-peer database that it’ll use for storing the DNS entries. Please take any literal values with a pinch of salt, these will probably change dramatically based upon testing and are likely to alter dependant on the size of the network. […]

    Pingback by Michael Sheldon’s Dev Stuff » AnNet’s Peer-To-Peer Database — November 22, 2005 @ 12:18 am

  2. Like the idea dont you think providing a option /alias for name to be phone number may help a little bit? This may not be good for privacy / annonimity but I suppose its primary use will be sort of hosting on the go. Your idea will be picked up by Chinese+Indians 🙂 with 2 billion among them alone this will be required once computer penetration increases to double digit number.

    Comment by Tariq — December 13, 2005 @ 4:25 pm

  3. Thanks for the comment; I don’t see much reason for a specific mechanism within AnNet for aliasing domains with phone numbers, since domain names themselves are effectively just aliases of IP addresses and there’s nothing to stop a user from registering their phone number as their domain if that is their wish.

    Comment by Mike — December 13, 2005 @ 5:11 pm

  4. Take a look at YaCY: http://www.yacy.net.
    It is a distributed search engine, a proxy and a web cache. Each peer inside yacy has its own name, that can be reached requesting http://peername.yacy to the proxy. I think it’s similar to what you are thinking…

    Comment by daniele — January 4, 2006 @ 7:10 pm

  5. Thanks for the link daniele, it sounds similar to my initial prototype. However a proper DNS implementation would be a much nicer solution since it would enable full usage of the domain rather than just HTTP. I’ll be interested to look in to their database design :).

    Comment by Mike — January 4, 2006 @ 7:26 pm

  6. Hi, The idea you are getting at there is interesting, but will it be acceptable? If this is performed on a peer-peer basis, what is the possiblity of impostors convincing a target that a particular DNS is somewhere else? Have you performed any analysis to reassure commercial backing that their domain can not be hijacked in anyway (consider any company doing financial transactions or order purchases) and how that compares to the current system (which I believe the weak points are the companys own DNS lookup servers.

    Comment by mChicago — May 19, 2006 @ 10:06 am

  7. Hi mChicago, thanks for the comment. There’s a brief outline of the initial database design here: http://blog.mikeasoft.com/2005/11/22/annets-peer-to-peer-database/

    This design has multiple sub-meshes each containing a full copy of the DNS database, I hope to have the allocation of data handled in such a way that it is unlikely for two nodes on different sub-meshes who hold the same data to be in the same IP block. Meaning the validity of a node’s data can be verified from other sub-meshes and the likelyhood of someone being able to control two nodes in two different sub-meshes which hold the same data would be extremely slim.

    This post is actually quite old, it only ended up on Advogato recently by accident due to me editing it slightly here (and it not previously being on Advogato). Unfortunately I haven’t done much work on it since this post was made (I’ve been rather distracted with other prrojects), but I do intend to return to it in the future (possibly as my dissertation project).

    Comment by Mike — May 19, 2006 @ 10:14 am

  8. What do you think of the receny development around DNS-P2P? http://dot-p2p.org (or .net)

    Comment by Natanael_L — February 2, 2011 @ 11:05 pm

RSS feed for comments on this post. TrackBack URL

Leave a comment

Powered by WordPress