So, what is it, and why do I want to add it to Inexor?
The brief summary is, it let's you register a random UUID-based node for a domain.
It works as follows:
hey API, got me a subdomain for node.inexor.network
there it is, have fun. Please also take this revocationSecret in case you want to invalidate this domain
Thank you very much!
(some time later). I don't need this domain any more. Here is my node id and revocationSecret, can you revoke it for me?
No problemo. Done
It also allows for creating alias domains with a .json file so that you can have a_teammate.node.inexor.network point to your node.
Why do we need it?
In the future, we want to make services such as
public server list served over an API
repositories served with git+http
authentication based on OAuth
(...)
All these services do not by default require https, but it merely makes sense to host them, without SSL. Since only a minority of system administrators is likely to
have an own domain name
configure SSL for it via Let's Encrypt
this would impose a major security issue in our system.
That's why I wrote the dns-service, with the following workflow in mind
SERVER instance of flex asks the service, hey there, got me a subdomain?
API no problemo, here you go
hey there Let's Encrypt, got me a SSL certificate for that domain ?
Let's Encrypt here you go
SERVER delivers content with valid SSL certificate
CLIENT = happy
Why I would use a separate domain
I would suggest to use inexor.network or any other separate domain because of the following reasons:
this is an anonymous service
it will allow anybody to send stuff in our name
this includes, e.g malicious mails
this will very easily lead to inexor.network being blacklisted
no problem for us but it is, once inexor.org pops from Google search (and potentially others) it's no fun any more
It also allows clear difference between what's auto-generated network and what actually belongs to us.
Last but not least, the money
Yup
.network domains currently cost 19 dollar / year
as I elaborated in the node-dns-service README, it's extremely unlikely that we will ever hit the limit, and even if, it would be very cheap
this means that we currently only have the cost for the hosted zone
makes 0.50 dollar month => 6 dollars / year
total: 25 dollar / year
Also AWS has a pretty damn clever Burst algorithm for detecting potentially malicious use of API endpoints, which should make it really save from attacking.
Hey folks. I've implemented a microservice called
node-dns-service
which you can see at https://github.com/inexorgame/node-dns-serviceIt is currently live with the following data:
BASE_DOMAIN=inexortestnetwork.tk
So, what is it, and why do I want to add it to Inexor?
The brief summary is, it let's you register a random UUID-based node for a domain. It works as follows:
node.inexor.network
revocationSecret
in case you want to invalidate this domainnode
id andrevocationSecret
, can you revoke it for me?It also allows for creating alias domains with a
.json
file so that you can havea_teammate.node.inexor.network
point to your node.Why do we need it?
In the future, we want to make services such as
All these services do not by default require https, but it merely makes sense to host them, without SSL. Since only a minority of system administrators is likely to
this would impose a major security issue in our system. That's why I wrote the dns-service, with the following workflow in mind
SERVER
instance of flex asks the service, hey there, got me a subdomain?API
no problemo, here you goLet's Encrypt
, got me a SSL certificate for that domain ?Let's Encrypt
here you goSERVER
delivers content with valid SSL certificateCLIENT
= happyWhy I would use a separate domain
I would suggest to use
inexor.network
or any other separate domain because of the following reasons:inexor.network
being blacklistedinexor.org
pops from Google search (and potentially others) it's no fun any moreIt also allows clear difference between what's auto-generated network and what actually belongs to us.
Last but not least, the money
Yup
.network
domains currently cost 19 dollar / yearnode-dns-service
README, it's extremely unlikely that we will ever hit the limit, and even if, it would be very cheapAlso AWS has a pretty damn clever Burst algorithm for detecting potentially malicious use of API endpoints, which should make it really save from attacking.