Mo McRoberts

Music • Broadcasting • Technology

CryptoDNS

Originally at https://neva.li/post/2414852675

I had an idea recently, on the back of something I came up with a while ago.

In a nutshell, it’s a dynamic DNS service, not a million miles away from DynDNS, but it has a few crucial differences:

The way it works is this:

Given a service operating this way, something or somebody can obtain an (admittedly ugly) domain name, register records for services beneath it, and relay it to others. For example, an XMPP server running behind NAT could generate a key for itself, obtain a domain name, perform a port mapping via UPnP, register _xmpp-server SRV records pointing at its public IP, and publish JIDs ending in @seq.key-id.suffix.

In a similar vein, given an SSH host’s public key, you could locate that host’s public IP (assuming it has one) and establish a connection—this could all be automated, by for example reading the information in ~/.ssh/known_hosts. Of course, such things would need a list of suffix values — i.e., the domain names of services providing this facility — but that could be a configurable option with some well-known defaults.