Decentralised DNS

[HOGGL]

This issue is to brainstorm ideas to solve decentralised name resolution. Since we cannot rely on customer IPs to remain constant, a method of resolving usernames into addresses is required.

The two options available currently (that I'm aware of) and their issues are:

• Unstoppable domains -- requires the client to pay gas when updating records
• A DHT -- I don't think these alone are able to validate ownership of a domain

One possible solution is to require the client to sign a DHT update request with an on-device private key. These can be validated by nodes and relayed to neighbouring nodes. Though, this proposed solution is prone to abuse. Even if nodes check that the signer owns <=1 domain(s), attackers can just request domains by signing it with junk. Maybe a POW is required?

[rynomad]

I think there's an elegant way to combine this with the TLS problem:

1) a node's hostname is a url compatible public key 2) a node's IPv6 address in VPN space is a hash of it's public key 3) a node's self signed TLS certificate has it's intermediate certificate signed by it's private key 4) when a node handshakes another, they exchange and verify intermediates and verify IP, hostname, match. 5) node's run a DNS service for client devices which CNAME records pointing to their public key hostnames 6) client webbrowser goes to "peertube.vpn" or whatever.

[HOGGL]

I think that's an excellent idea. It even removes the need for a name system as when a node's IP changes as long as one friend node out of several is reachable, the node can broadcast it's new IP and the rest is just gossip.