Stealth: Multicast DNS Protocol

[cookiengineer]

The Multicast DNS Protocol should transparently implement DNS-based Service Discovery (DNS-SD.org) and use the SRV and PTR queries/responses workflow.

• If a Stealth instance is online, a DNS request is sent out to _stealth._wss.tholian.network to connect to the Radar service to discover global peers.
• If a Stealth instance is online or offline, a local DNS request is sent out to _stealth._wss.tholian.local to the Multicast DNS address (224.0.0.1 or ff02::fb respectively).
• If the target instance cannot provide wss due to lack of TLS certificate or socket-trust issues, fallback to ws and mark connection as untrusted - which will require manual confirmation of the user.
• Global and Local Peers should be sorted in a way that they are from mixed ISPs, and mixed countries - as this would automatically prevent local censorship issues. It might be necessary to maintain an IP-ranges database for that. Maybe the old GeoIP.js related code from lycheejs can be reused here?

[cookiengineer]

After further analysis and read-up of the DNS-SD website this will be the workflow for Stealth's peer-to-peer DNS capabilities; while preserving integration with legacy Web Browsers that try to discover local peers and their webservers:

• Multicast address is 224.0.0.251 and/or ff02::fb on port 5353.
• DNS-SD is specified as <instance>.<service>.tholian.local where service is equivalent to _stealth._wss.
• TTL is 1 for dgram udp packets to stay inside local NAT.

DNS-SD Discovery of other Avahi Clients or Web Browsers

DNS-SD scenario on UDP port 5353 to discover peers when starting Stealth:

1. Send out question for PTR record of _stealth._wss.tholian.local.

2. Primary answer is PTR for _stealth._wss.tholian.local pointing to username._stealth._wss.tholian.local on port 65432. Additional records must contain:

   • SRV for username._stealth._wss.tholian.local with target set to username.tholian.local
   • TXT for username._stealth._wss.tholian.local with version=X0
   • A for username.tholian.local
   • AAAA for username.tholian.local

3. If no response was sent, then do the same for _stealth._ws.tholian.local (to find peers without TLS certificates)

Peer-to-Peer DNS to relay DNS requests via other Peers

Peer-DNS scenario on UDP port 65432 to resolve domains via other Peers that might not be blocked:

1. Send out question for A and AAAA of example.com to multicast address.

2. Reply with local cached hosts[] entries.

   • If no hosts[] entries are available:
   • If internet connection is available, then resolve domain from public DNS servers.
   • If no internet connection is available, stay silent and do nothing.

3. Initial Client's peer-DNS query timeouts should lead to retry of DNS query to public DNS servers.

[cookiengineer]

The MDNS Protocol has been implemented and is already integrated. Now it's up to the stealth/server/Compeer instance to add peers to the this.stealth.peers[] Array.