Daniel LakelandI'm imagining my #guixrouter having a default tunnel to Google and Cloudflare DNS, and then all the guixrouters register themselves somehow over i2p so that a guile script can grab a set of random i2p addresses and set up a service where DNS is resolved over i2p to other guixrouter instances that forward to google/cloudflare.. we keep each other safe from DNS surveillance...
The hard part here is how to create a decentralized registry of i2p services that do DNS resolution, so the global system doesn't rely on some single well known registry
I wonder if @cwebber probably has some fancy scheme stuff for distributed secure scheme coding that would be relevant? 😉
DianeThere is tor-resolve which does dns lookups over tor, but it can only look up A/AAAA records and not all the other fancy records.
(grumble, oh this tool has the e, unlike the configuration file.)
I'm imagining running 2 copies of unbound. One is hooked up i2p inbound tunnel -> local unbound -> Google/Cloudflare and serves remote users. One is hooked up local unbound -> local guile shim -> remote i2p -> remote unbound and does cached lookups remotely with volunteer guixrouters. So none of the lookups you do actually come from you, and all the lookups you do are done by random remote sites.
stuff like i2p or tor have a lot of latency, so it'll slow down looking up new sites.
unbound does have a cache so it should keep addresses around for a while.
Yep, that's exactly the reason to put unbound in the mix, when you reboot or otherwise restart unbound, you'll have some latency increase while you cache up common DNS lookups, but after that you only have latency when you hit a new DNS name.
Also you'd probably want to have 4 or 5 upstream servers and rotate them occasionally by having the guile shim find new ones and rotate.
I think actually "socat" could be used to do the networking, so the guile script could just be responsible for setting up the socat tunnels, and maybe rotating them on some schedule. Also maybe doing the lookup from the network database of guixrouter instances. However that would work.