by Stuart Gathman

Fedora CJDNS package accepted

One of my spare time projects for the last few months has been getting my Fedora package for CJDNS accepted. Today, it was approved.

CJDNS history

CJDNS was originally a project to address the increasing government censorship through DNS. The goal was to create a decentralized DNS replacement. DNS is a hard problem, because the government authorities also address legitimate issues like squatters on trademarked domains1.

As part of the infrastructure for CJDNS, CJD created an end-to-end IP6 vpn with cryptographic address allocation. This protects against spoofing of IPs, and Man-in-the-middle attacks. CJDs DNS solution was problematic, but the IP6 VPN was simple and elegant, and has taken off. All that is to explain why an IP6 VPN is named CJDNS when it has nothing to do with DNS. There have, of course, been efforts to rename the project, but none have gained much traction.

CJDNS addresses

A CJDNS node creates an elliptic curve public/private key pair. The truncated SHA-512 hash of the public key forms the IP6 address. To allow interoperation with the IANA internet, only IPs in the FC00::/8 net are used. FC00::/7 is reserved by IANA for private address spaces.

Source routing

The CJDNS protocol is source routed. This makes experimenting with new routing algorithms much easier, as other nodes don’t need to know about your new algorithm. They just follow the route instructions provided by the source node, and send back an error packet if there is a problem (a peer no longer exists, for instance). I’ve been working on electric routing.

  1. In my opinion, the DNS censorship problem has been adequately addressed with namecoin. Namecoin domains typically point to traditional DNS servers. I’ve proposed an extension to namecoin that attempts to provide a decentralized replacement for traditional DNS servers. ↩︎

comments powered by Disqus