Locating Humans with DNS
I recently lost access to a free email account I’ve had since before I can remember (though only temporarily, thank the lord). When it happened, I instantly became effectively uncontactable by a large portion of humanity. My own temporary disappearance from reality started me to thinking about how we can reuse existing infrastructure to store contact information in a durable and highly available way.
Searching for a solution
My requirements for a durable contact storage solution are (in no particular order):
- Public: No authentication shoudl be required to read someone’s contact information.
- Globally accessible: Anyone should be able to read the information at any time, from anywhere
- Highly available: It should (almost) never go down. One company going bankrupt or changing strategic direction shouldn’t kill it.
- Censorship resistant: It should only be possible to take down records with a court order. Corporate censorship should be impossible, or at least historically infrequent.
- Cheap: But not free! Free services come with few no guarantees, and even fewer rights for their users.
- Low maintenance: User only needs to get involved when the data needs to change. No operational burden
- Easy to use: Clients should be able to read information trivially.
There are a lot of services that check some of these boxes. Twitter for instance does pretty well, but fails badly on 3, 4 & 5. This is where most services fall down, so I focused there. After pondering this for a while, I realized that we’ve already got a great solution that checks all the boxes: DNS.
There are many services that are highly available in the technical sense, meaning they rarely crash, but suffer from economic risk. The ultimate crash is the business that provides the service going bankrupt or changing strategic direction. DNS doesn’t suffer from the same economic risk that centralized services do because there are many, many independent registrars and DNS service providers out there.
I would argue that DNS registries are censorship resistant based on the historical record. Whatever you think about the situation, the fact is Parler the application got vaporized in a day, but Parler.com is still registered. The Pirate Bay is one of the most taken down sites in history, and thepiratebay.org is still registered.
This one is easy. There are loads of registrars that sell a variety of gTLD subdomains, complete with DNS service, for less than $10 per year. Enough said.
Easy to use
DNS does so well on the other requirements, it’s a shame that we’d have to use some arcane protocol to query it. Oh wait…
curl -s -H 'accept: application/dns-json' 'https://cloudflare-dns.com/dns-query?name=landshark.io&type=TXT' | jq -r .Answer.data "v=me; email@example.com" "v=me; twitter=handheld" "v=me; blog=https://landshark.io" "v=me; gravatar=https://www.gravatar.com/avatar/123456" "v=me; bitcoin=123456789"
DNS over HTTP (DoH) means DNS is now trivially easy to query and hard to snoop on. Not too shabby.
A better way
On the Internet, I’m firstname.lastname@example.org, as well as twitter.com/handheld, news.ycombinator.com/user?id=alangibson, and so many more. Wouldn’t it be alot simpler if we used DNS TXT records to store all those various identifiers in one place so that you could find me anywhere just by knowing that I’m landshark.io?
Sounds like a pretty slick solution to me. What do you think? Discussion is happening in this Hacker News thread.