domain name system server daemon
a tool to cryptographically assign yourself a dns name.
- C - Client Daemon (on device to be addressed)
- S - Server Daemon (on device to be addressed)
Through the entire protocol, if there is anything specified after the request, it is not considered problematic, and can be used to use additional specific parameters to the requests or responses from the server, such as comments, versions, messages, etc. These are in lowercase in the communication examples below, since they are not required by the protocol.
- C sends desired hostname, public key, and signature of hostname to S
- S sends C the all clear to proceed if the hostname is available or if it's registered to the public key by responding with something to sign. If the domain is used and the public key doesn't match at this point, it rejects with an error about the public key not being the correct one, terminating the connection to the client right after.
- C responds to S with the signed message, the public key, the hostname that was desired, and the current IP address desired to have the name. It alson responds with a signature of the desired hostname and IP list.
- S responds to C by responding yay/nay for the client getting the address and the IP address that was desired. The connection is then terminated with the client. If the client gets a nay message, the client needs to restart the communication.
The protocol uses
When using TCP, it's in the same connection. Over UDP, the progress state is stored for 15 seconds before it clears state.
Keys are passed in base64 encoding.
HOSTNAME: current desired hostname
PUBLIC_KEY: public key of the client daemon
RANDOMSERVERDATA: Data from the server for verification and prevention of replay attacks or insertion of data.
IPv4_ADDR: IPv4 Address desired
IPv6_ADDR: IPv6 Address desired
SIGN(): Sign the data in the parentheses
[,]: List of something (syntax verbatim, no spaces inside the brackets permitted)
REQUEST: Step 1 Client.
QUERY: Step 2 Server (continue)
DENIED: Step 2 Server (halt)
VERIFY: Step 3 Client
OK: Step 4 Server (finished)
UNAVAILABLE: Step 4 Server (finished, failed)
INVALID: Can be sent anywhere to indicate termination due to invalid state. Nothing after that string needs to be transmitted.
REQUEST HOSTNAME PUBLIC_KEY SIGN(HOSTNAME) QUERY HOSTNAME PUBLIC_KEY RANDOMSERVERDATA VERIFY HOSTNAME PUBLIC_KEY SIGN(RANDOMSERVERDATA) [IPv4_ADDR,IPv6_ADDR] SIGN(HOSTNAME, [IPv4_ADDR,IPv6_ADDR]) OK HOSTNAME [IPv4_ADDR,IPv6_ADDR]
Public Key mismatch
REQUEST HOSTNAME PUBLIC_KEY SIGN(HOSTNAME) DENIED HOSTNAME PUBLIC_KEY
Server denies at second step
REQUEST HOSTNAME PUBLIC_KEY SIGN(HOSTNAME) QUERY HOSTNAME PUBLIC_KEY RANDOMSERVERDATA VERIFY HOSTNAME PUBLIC_KEY SIGN(RANDOMSERVERDATA) [IPv4_ADDR,IPv6_ADDR] SIGN(HOSTNAME, [IPv4_ADDR,IPv6_ADDR]) UNAVAILABLE HOSTNAME [IPv4_ADDR,IPv6_ADDR]