Clone this wiki locally
We classify devices into:
- signpost dumb
- signpost aware
- signpost enabled
A signpost dumb device has no notion of what a signpost is. In order to use the signpost system, a dumb device has to tunnel its DNS requests to a signpost resolver, hosted somewhere external to the device.
An example of a dumb device could be an iPhone.
A signpost aware device is a device where we are able to intercept DNS requests and turn them into requests to a signpost server, as needed. It is also a device where it is not a good idea to run a full signpost. The reason for this might be power constraints or only flaky connectivity.
An example of an aware device could be an Android device.
A signpost enabled device is a device that has a client resolver and a signpost server installed. The client resolver intercepts all DNS requests and passes the ones that are signpost requests onto its local signpost server. The signpost server has an up to date view of the users signpost system. It resolves signpost requests directly for the user. The signpost also provides signpost services on the local network. It advertises its services using multicast DNS.
As the device has a signpost server installed, it can also take part in tunnelling a connections between other devices.
An example could be a stationary machine or a laptop.
Issues with controlling connections between devices
Connections terminating at -dumb and -aware devices
A connection terminating at a -dumb or -aware device, can either be setup through a tunnel in the sky, or as a direct peer-to-peer connection. The tunneled approach gives the signposts the ability to terminate an active connection should it be needed. The reason could be that a policy that comes into effect should prevent the client from having access to the device. A direct peer-to-peer connection on the other hand allows the devices to fully utilize the available bandwidth. It is a tradeoff between security and performance.
Connections terminating at an enabled device
A connection terminating at an enabled device can be regulated by the locally running signpost, and connections can be actively terminated, should it be needed.