zhoreeq / meshname Goto Github PK

Meshname, a universal naming system for all IPv6-based mesh networks, including CJDNS and Yggdrasil

License: MIT License

Makefile 1.95% Go 68.60% Dockerfile 3.03% Shell 26.42%

meshname's Introduction

meshname

A universal naming system for all IPv6-based mesh networks, including CJDNS and Yggdrasil. Implements the Meshname protocol.

F.A.Q.

Q: Is it like a decentralized DNS thing?
A: Yeah, sort of. With it you can host your own meshname domains and resolve domains of others.
Q: Meshname domains are ugly.
A: Yes, if you want decentralization, you either have ugly names or a blockchain. Meshname has ugly names, but it works at least!

How to use meshname domains?

Use a full-featured DNS server with the meshname protocol support, i.e. PopuraDNS.

For a standalone .meshname stub resolver see USAGE.md

Alternative implementations

Mario DNS by acetone, a C++ implementation with a web interface.

Ruby gem by marek22k, source.

meshname's People

Contributors

Stargazers

Watchers

Forkers

bonedaddy freeacetone tomberuk christianwol-ff mic92 marek22k youtacrands-va

meshname's Issues

Adding the Ruby library meshname

Hello,

I don't know if this is the right place for this. So sorry if I'm rude.
I wrote a little Ruby library for Meshname:
https://rubygems.org/gems/meshname
https://github.com/marek22k/meshname
The library implements "meshnamed -getip" and "meshnamed -getname". As well as resolving .meshname and .meship domains.
Documentation can be found on https://www.rubydoc.info/github/marek22k/meshname/Meshname

Maybe you could link to it somewhere or in the wiki?

A little more script, you can make a server: https://gist.github.com/marek22k/795b7e1b9e2dcd5df46ee601f566058e

Publish in AUR

Hello,

I would like to see meshname published in AUR. This would simplify the installation on Arch Linux.

Add .meship spec to repository

@acetoneRu В репу еще надо будет добавить документ с описанием протокола meship.

Originally posted by @zhoreeq in #7 (comment)

Поддержка IPv4

Будет замечательно реализовать поддержку IPv4. Эти домены очевидно будут короче, а также расширят область практического применения протокола meshname фактически максимально и сделают meshnamed несравненным инструментом именованного сообщения без привычных серверов DNS.

Write better documentation

Explain -useconffile flag usage and how it works without a config.

More detailed dnsmasq configuration description. How to set it as a system resolver.

Explain systemd file customization.

Standalone mode must be explained better.

ebuild for gentoo

Прошу описать инструкцию для сборки приложения без доступа к интернету.

В данный момент вызов make запускает систему сборки, которая динамически подгружает внешние модули, прежде чем начать компиляцию.

При доступе к интернету программа компилируется успешно.

Для интеграции в Gentoo, необходимо написать ebuild - сценарий сборки. Его особенность - сборка приложения в sandbox, в котором доступ в интернет весьма нежелателен.

Я не разбираюсь в Go, но хочу использовать meshname, используя штатные встроенные средства установки, а не добавляя программу в систему вручную.

Прошу описать какие файлы необходимо загрузить, куда их складывать в пределах каталога исходных кодов meshname и как пропатчить исходные файлы, чтобы make не нуждался в интернете для загрузки внешних модулей.

What is correct SOA Record for .meshname domains

Hello,

I am currently trying to set up a small name server with Coredns. I currently have the following zone file for this:

$TTL    3600
@   IN  SOA aillnw5rjatwr6zxb2iqozntqi.meshname. meshname.mk16.de. (
    2022010901 ; serial
    86400 ; refresh
    7200 ; retry
    3600000 ; expire
    3600 ; caching
)

aillnw5rjatwr6zxb2iqozntqi.meshname.	IN	AAAA	2a02:180:6:1::1f24
y.aillnw5rjatwr6zxb2iqozntqi.meshname.	IN	AAAA 216:b6db:b148:2768:fb37:e91:765:b382
ygg.aillnw5rjatwr6zxb2iqozntqi.meshname.	IN	AAAA 216:b6db:b148:2768:fb37:e91:765:b382
yggdrasil.aillnw5rjatwr6zxb2iqozntqi.meshname.	IN	AAAA 216:b6db:b148:2768:fb37:e91:765:b382

What should a SOA record for meshname look like? As I understood meshname, there should be no zone transfer, since the DNS servers are always queried directly; therefore an SOA record would be unnecessary. Coredns, however, requires one.

CoreDNS plugin

Предлагаю добавить функцию --tomesh и --toip для двунаправленной конвертации адресов и имен

Предлагаю добавить функцию --tomesh и --toip для двунаправленной конвертации адресов и имен, не прибегая к сторонним приложениям.

Например: meshnamed --tomesh 300:1234::1234

Originally posted by @acetoneRu in #7 (comment)

"localhost" and other reserved aliases for meshname

I suggest adding some special meshname domains:

local.meshname. matching every local IP (localhost).
test.meshname is a special domain, whose destination is implementation-defined (ex. option for meshnamed).
example.meshname. is for documentation purposes.

Setup wizard helper

Can u add a script (or graphical application) to easily install meshname. And also cross-platform support (Windows, Android, IOS, MacOS)

Поддомены .ygg и .cjd. Обозначение рамок проекта

В настоящее время реализация meshname понимает домены ygg и cjd. Предлагаю убрать всё, что непосредственно не относится к протоколу для избежания возможных конфликтов с параллельными разработками вроде ALFIS DNS. Таким образом meshnamed станет эталонной реализацией протокола и направится в сторону своей целевой ниши. Я в свою очередь постараюсь осветить отточенный и изящный протокол в русскоязычном сообществе, в первую очередь на Хабре.

Shorter domains

For IPv6 addresses that have been shortened by ::, spec should represent it with (unused) - character. It would help shorten domains like amlmkgtcumelsaaaaaaaaaaaai.meship to amlmkgtcumels-aaba.meship

Доменная зона meship и ее стандарт

Концепция независимой конвертации адресов в имена и обратно очень перспективна на мой взгляд. Предлагаю описать стандарт, предусмотреть план действий для быстрой развертки и простого использования, учесть первоочередные потребности (возможно, в виде зарезервированных имён).

В первую очередь предлагаю добавить в стек упрощенную конвертацию (простой base32), и использовать для этой цели псевдодоменную зону "meship". Это позволит в некоторых случаях использовать технологию meshname даже без участия администратора на другом конце (самое очевидное: использовать домены в работе с программами, не поддерживающими IPv6, при этом не прописывая статику в hosts и прочие извращения).

Return NS record for xxx.meshname

Один из вариантов реализации полноценных поддоменов и служебных записей - возвращать помимо AAAA ещё и NS. Тогда дальнейшая реализация просто выводится за пределы собственно meshname/meship и перенести задачу поддоменов и служебных записей на DNS-сервер, поднимаемый на соответствующем IP

Originally posted by @Scondo in #7 (comment)

Удалить это

это надо удалить

DNS server is not responding

Hello, I recently installed Mesh Name or compiled it myself. Now I am faced with the problem that nothing happens when I make a request.
Start with: ./meshnamed -listenaddr 127.0.0.1:12345
Request try 1:

$dig -p 12345 @127.0.0.1 aiaprmpzoslh7xjscrorzqbwpe.meshname AAAA

; <<>> DiG 9.16.22-Debian <<>> -p 12345 @127.0.0.1 aiaprmpzoslh7xjscrorzqbwpe.meshname AAAA
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39809
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;aiaprmpzoslh7xjscrorzqbwpe.meshname. IN	AAAA

;; Query time: 4999 msec
;; SERVER: 127.0.0.1#12345(127.0.0.1)
;; WHEN: Tue Jan 04 18:23:49 CET 2022
;; MSG SIZE  rcvd: 53

Request try 2:

$dig -p 12345 @127.0.0.1 aiaprmpzoslh7xjscrorzqbwpe.meship AAAA

; <<>> DiG 9.16.22-Debian <<>> -p 12345 @127.0.0.1 aiaprmpzoslh7xjscrorzqbwpe.meship AAAA
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21412
;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;aiaprmpzoslh7xjscrorzqbwpe.meship. IN	AAAA

;; ANSWER SECTION:
aiaprmpzoslh7xjscrorzqbwpe.meship. 3600	IN AAAA	200:f8b1:f974:967f:dd32:145d:1cc0:3679

;; Query time: 0 msec
;; SERVER: 127.0.0.1#12345(127.0.0.1)
;; WHEN: Tue Jan 04 18:26:47 CET 2022
;; MSG SIZE  rcvd: 112

Somehow the non-existent TLD .meship seems to work to me. In this case, however, it does not resolve to the correct IP address.
.meshname doesn't work at all.

I tried the following mesh name domain / IP address:

aisaohridkpnggzcv7rerltohy.meshname		324:71e:281a:9ed3::ace

Is that ahead? How can I fix the problem?

Improve security of meshnamed systemd unit

systemd-analyze security meshnamed:

✗ RestrictSUIDSGID=                                           Service may create SUID/SGID files                                              0.2
✗ SystemCallArchitectures=                                    Service may execute system calls with all ABIs                                  0.2
✗ SystemCallFilter=~@clock                                    Service does not filter system calls                                            0.2
✗ SystemCallFilter=~@debug                                    Service does not filter system calls                                            0.2
✗ SystemCallFilter=~@module                                   Service does not filter system calls                                            0.2
✗ SystemCallFilter=~@mount                                    Service does not filter system calls                                            0.2
✗ SystemCallFilter=~@raw-io                                   Service does not filter system calls                                            0.2
✗ SystemCallFilter=~@reboot                                   Service does not filter system calls                                            0.2
✗ SystemCallFilter=~@swap                                     Service does not filter system calls                                            0.2
✗ SystemCallFilter=~@privileged                               Service does not filter system calls                                            0.2
✗ SystemCallFilter=~@resources                                Service does not filter system calls                                            0.2
✓ AmbientCapabilities=                                        Service process does not receive ambient capabilities                      
✗ CapabilityBoundingSet=~CAP_AUDIT_*                          Service has audit subsystem access                                              0.1
✗ CapabilityBoundingSet=~CAP_KILL                             Service may send UNIX signals to arbitrary processes                            0.1
✗ CapabilityBoundingSet=~CAP_MKNOD                            Service may create device nodes                                                 0.1
✗ CapabilityBoundingSet=~CAP_NET_(BIND_SERVICE|BROADCAST|RAW) Service has elevated networking privileges                                      0.1
✗ CapabilityBoundingSet=~CAP_SYSLOG                           Service has access to kernel logging                                            0.1
✗ CapabilityBoundingSet=~CAP_SYS_(NICE|RESOURCE)              Service has privileges to change resource use parameters                        0.1
✗ RestrictNamespaces=~CLONE_NEWCGROUP                         Service may create cgroup namespaces                                            0.1
✗ RestrictNamespaces=~CLONE_NEWIPC                            Service may create IPC namespaces                                               0.1
✗ RestrictNamespaces=~CLONE_NEWNET                            Service may create network namespaces                                           0.1
✗ RestrictNamespaces=~CLONE_NEWNS                             Service may create file system namespaces                                       0.1
✗ RestrictNamespaces=~CLONE_NEWPID                            Service may create process namespaces                                           0.1
✗ RestrictRealtime=                                           Service may acquire realtime scheduling                                         0.1
✗ SystemCallFilter=~@cpu-emulation                            Service does not filter system calls                                            0.1
✗ SystemCallFilter=~@obsolete                                 Service does not filter system calls                                            0.1
✗ RestrictAddressFamilies=~AF_NETLINK                         Service may allocate netlink sockets                                            0.1
✗ RootDirectory=/RootImage=                                   Service runs within the host's root directory                                   0.1
✓ SupplementaryGroups=                                        Service has no supplementary groups                                        
✗ CapabilityBoundingSet=~CAP_MAC_*                            Service may adjust SMACK MAC                                                    0.1
✗ CapabilityBoundingSet=~CAP_SYS_BOOT                         Service may issue reboot()                                                      0.1
✓ Delegate=                                                   Service does not maintain its own delegated control group subtree          
✗ LockPersonality=                                            Service may change ABI personality                                              0.1
✗ MemoryDenyWriteExecute=                                     Service may create writable executable memory mappings                          0.1
✗ RemoveIPC=                                                  Service user may leave SysV IPC objects around                                  0.1
✗ RestrictNamespaces=~CLONE_NEWUTS                            Service may create hostname namespaces                                          0.1
✗ UMask=                                                      Files created by service are world-readable by default                          0.1
✗ CapabilityBoundingSet=~CAP_LINUX_IMMUTABLE                  Service may mark files immutable                                                0.1
✗ CapabilityBoundingSet=~CAP_IPC_LOCK                         Service may lock memory into RAM                                                0.1
✗ CapabilityBoundingSet=~CAP_SYS_CHROOT                       Service may issue chroot()                                                      0.1
✗ ProtectHostname=                                            Service may change system host/domainname                                       0.1
✗ CapabilityBoundingSet=~CAP_BLOCK_SUSPEND                    Service may establish wake locks                                                0.1
✗ CapabilityBoundingSet=~CAP_LEASE                            Service may create file leases                                                  0.1
✗ CapabilityBoundingSet=~CAP_SYS_PACCT                        Service may use acct()                                                          0.1
✗ CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG                   Service may issue vhangup()                                                     0.1
✗ CapabilityBoundingSet=~CAP_WAKE_ALARM                       Service may program timers that wake up the system                              0.1
✗ RestrictAddressFamilies=~AF_UNIX                            Service may allocate local sockets                                              0.1
✗ ProcSubset=                                                 Service has full access to non-process /proc files (/proc subset=)              0.1

→ Overall exposure level for meshnamed.service: 9.1 UNSAFE 😨

Are these permissions really all necessary? If not, which ones can be disabled?

zhoreeq / meshname Goto Github PK

meshname's Introduction

meshname

F.A.Q.

How to use meshname domains?

Alternative implementations

See also

meshname's People

Contributors

Stargazers

Watchers

Forkers

meshname's Issues

Recommend Projects

Recommend Topics

Recommend Org