[HN Gopher] Show HN: File distribution over DNS: (ab)using DNS a...
___________________________________________________________________
Show HN: File distribution over DNS: (ab)using DNS as a CDN
Author : tonyg
Score : 42 points
Date : 2023-07-31 16:35 UTC (6 hours ago)
(HTM) web link (eighty-twenty.org)
(TXT) w3m dump (eighty-twenty.org)
| jesprenj wrote:
| There's also iodine, a C program that tunnels IPv4 packets over
| DNS. Useful for bypassing captive portals on wifi, since DNS
| usually isn't restricted.
|
| https://github.com/yarrick/iodine
|
| Regarding cloudflare DNS over HTTPS: It could be that it tries to
| server data encoded as JSON, which is impossible in JSON. Some
| control characters and bytes 128-255 cannot be represented as
| JSON strings.
| OJFord wrote:
| IME they block DNS other than their own (not even rewrite, just
| outright block). Not through experience trying to use iodine,
| but because I frequently have to drop my explicit DNS server in
| order to be able to reach the captive portal and connect
| legitimately.
| smashed wrote:
| Of course. A captive portal can also be more sneaky and
| mangle the packets to redirect them to their own DNS service,
| since it's not encrypted.
|
| But that's the beauty of iodine. It will still work because
| if the captive portal's name servers actually fully resolve
| requests, it will contact your upstream iodine controlled
| name servers and forward the response as-is, because that's
| just how DNS works.
|
| Of course it's also fairly easy to detect/block since your
| DNS usage will be completely abnormal.
| derN3rd wrote:
| Wouldn't it be simpler and easier for clients to implement when
| they would use the TXT to store a magnet link and host the file
| via webtorrents?
|
| Maybe such a solution already exists, but I couldn't find it
| imoverclocked wrote:
| It's not far from OpenAFS which uses SRV records to point to
| fileservers. It's not magnet/torrent but it's certainly DNS
| discovery for data on a different protocol.
| whalesalad wrote:
| Nope. How could you get any easier than plain DNS? That would
| require a torrent client and bittorrent protocol. The beauty of
| this hack is that it exists on top of the ubiquitous DNS
| system.
| tonyg wrote:
| Well, I'm not sure adding a webtorrent implementation counts as
| simpler for clients than just TXT record retrieval.
| woleium wrote:
| Don't do this. DNS works and continues to work because we don't
| abuse it.
| 1vuio0pswjnm7 wrote:
| +1
|
| IMHO, dnstxt from djbdns is easier for requesting TXT records
| than dig; it's a much smaller, simpler program.
|
| tinydns from djbdns can store any data in TXT records, i.e.,
| arbitratry bytes specified by octal. Perhaps other authoritative
| servers can also do this today. At the time djbdns was released
| AFAIK it was the only one.
|
| "TXT (``text'') record for fqdn. tinydns-data creates a TXT
| record for fqdn containing the string s. You may use octal \nnn
| codes to include arbitrary bytes inside s; for example, \072 is a
| colon."
|
| https://cr.yp.to/djbdns/tinydns-data.html
|
| Thus one could, e.g., store mini-web pages in TXT records. I
| experimented with this about 15 years ago.
| WirelessGigabit wrote:
| > TL;DR. It works, more or less, so long as your resolver
| properly upgrades to DNS-over-TCP when it gets a truncated UDP
| response.
|
| Coincidence that MUSL just added support to DNS-over-TCP
| fallback? https://news.ycombinator.com/item?id=36933028
| tonyg wrote:
| Heh, actually yes; the universe trying to tell me something,
| maybe?
| [deleted]
| arjvik wrote:
| NSCDN? You missed the chance to name it CDNS!
| tonyg wrote:
| (Has anyone tried the little demo? ... Does it work?)
| victorbjorklund wrote:
| DNS is wild. I really need to dig down and better understand it.
| kalupa wrote:
| * * *
___________________________________________________________________
(page generated 2023-07-31 23:01 UTC)