Even with SRV records, there’s still the problem of middleboxes restricting protocol traffic to certain ports. (There’s another comment thread in which we discuss this.) In practice, SRV records work much better inside network borders than on the larger Internet.
I agree more SRV records would have helped with a tremendous number of unnecessary proxies and wasted heat energy from unnecessary computing, but in this day and age, I think ECH/ESNI-type functions should be considered for _every_ new protocol.
SRV is essentially a simple layer of abstraction that provides (via one approach) the required end result (reachability + UX) that is easy to add to any $PROTO client without. Supporting ESNI would complicate the actual lib/protocol, increase the amount of dev and maintenance work required all around, significantly increase complexity, and require more infrastructure and invasive integration than any DNS-enabled service already uses.
It’s also similar with mDNS on local networks. It’s actually nice!
Overall, DNS features are not always well implemented on most software stack.
A basic example is the fact that DNS resolution actually returns a list of IPs, and the client should be trying them sequentially or in parallel, so that one can be down without impact and annoying TTL propagation issues. Yet, many languages have a std lib giving you back a single IP, or a http client assuming only one, the first.
As I understand they weren't building tunnels, so every time a legit client wanted to it has to wade through all the bad nodes to find a good one, so everything slowed right down. I was building at about 3% success rate during the issue which enables general eepsite browsing but torrenting was essentially dead
Agreed; I have no idea how you'd implement that across multiple ASNs, which is definitely a requirement for multi-cloud or geo-redundant architectures.
Seems like you'd be trying to work against the basic design principles of Internet routing at that point.
You can configure your assigned network numbers that other AS are allowed to announce certain networks of your own. Not uncommon for in examples authoritative name server addresses.
Chan yin-lam case is one that always sticks in my head.
I can well believe correlation is sometimes the answer but the odds of an award winning swimmer doing a midnight dip and washing up naked the next day, with a rushed police investigation and extremely expedited cremation is a fair bit to accept as coincidence
I checked Chan Yi Lam’s Wikipedia page. It was ruled a suicide. The conspiracy theories surrounding this case are absurd and out of control. People even challenged her mother’s identity, forcing a DNA test to be done, and yet the crowd still continued to harass her mother.
https://yggdrasil-network.github.io/ for the most part enables this - otherwise I2P and Tor for the most part facilitate this with the bonus encryption element.
We might one day have it natively with ipv6 adoption increasing.
Yes, I use flux which has a similar HelmChart/HelmRelease resource. One of the things that took me a while to "get" with K8s is operators are just clients running on the cluster.
So far it feels like only LDAP really makes use of it, at least with the tech I interact with