-
Notifications
You must be signed in to change notification settings - Fork 74
Home
Moritz Warning edited this page Dec 17, 2018
·
100 revisions
Welcome to the KadNode wiki!
-
What is KadNode?
In short, KadNode is Transmissions DHT implementation with interfaces and packaging.
Slightly longer; KadNode is a tool that resolves names to IP addresses using the BitTorrent P2P network. KadNode runs in background and intercepts and answers name request for the .p2p domain. It has a very low resource consumption. The main task is to just return IP addresses for identifiers, not necessarly traditional DNS. -
How to start?
See the Howto Start. -
How does KadNode intercept DNS reqests?
On some systems the Name Service Switch (NSS) support (see /etc/nsswitch.conf) is used. For other systems KadNode includes a basic DNS server that listens on the local host (Supported are A, AAAA and SRV requests - to transmit the port). But this is tricky, because the might interfere with existing local DNS settings. -
How long does it take to resolve an address?
An estimate would be 8 seconds. Unless the address has been been cached. If you use only private peers and not the whole BitTorrent network of many thousands of nodes, then the lookup time can be expected to be half a second or less. -
On what libraries does KadNode depend?
With all features, it depends on libc, libmbedtls, libminiupnpc and libnatpmp. But for common usage, only the first two are needed. -
So, it's all about DNS?
No, KadNode is not traditional DNS. It just maps identifiers (sha256 of some-string) to IP addresses. Everybody can announce identifiers. Use verification like TLS or other cryptography mechanisms to authenticate IP addresses. -
Can KadNode be used as a DNS server?
KadNode is not a DNS server, it has a DNS interface. But it can act as a simple DNS proxy to hook into the DNS resolver stream of the operating system if nothing else works. It is meant to be an interface to a real DNS-Server (bind, dnsmasq etc.) -
How much traffic does KadNode generate?
See this small Benchmark. -
Does KadNode offer authentication/verification?
Yes, KadNode has an extension (called 'auth') to create a public/secret key pair and to lookup nodes using the public key as you would use a domain name. The resolved IP addresses are those of nodes that have the corresponding secret key. Keep in mind that this approach is not very secure! -
How are public keys distributed?
This is not in the scope of KadNode. So it is your task to enter the keys into the configuration files. KadNode does not intend to solve the task of key distribution. -
Is the authentication/verification secure?
No. The current mechanism is vulnerable to man-in-the-middle attacks! -
Local Peer Discover (LPD) does not work on bridged devices..
Try to disable the multicast_snooping or multicast_querier option, this is needed for OpenWrt: echo 0 > /sys/devices/virtual/net/br-lan/bridge/multicast_snooping -
What about Namecoin and others?
Namecoin tries to imitate traditional DNS where a domain is globally unique. KadNode merely maps identifiers to IP addresses without more thought. The authentication extension for KadNode is more of an experiment for a more specific application. -
Lookup is slow? What is going on?
KadNode may need a few seconds to resolve an identifier. If it takes considerably longer than 10 seconds, then your node might no properly bootstrapped. Let me now if you have reason to assume otherwise. There has been added a branch for speed enhancements. -
Why do not use the nodes ID to find a node? They do not need to be announced in comparison to value IDs ?
Value IDs might not be free to choose in the future as some BitTorrent security features propose. You can also have only one. -
When are peers exported?
When a peer file is given (--peerfile), good peers are written to it every 24 hours and on proper shutdown (but only after at least 5min runtime). -
Where does the name KadNode come from?
It is short form Kademlia Node; Kademlia is the name of the DHT design used for BitTorrent.
- increase lookup speed
- do not return localhost address from kad_lookup_value for requests that originate from to outside
- may happen when local dnsmasq hands out results
- evaluate https://grepular.com/Publishing_PGP_Keys_in_the_DNS
A KadNode instance that knows no other peer sends a multicast message every 5 minutes to discovery new nodes. The message format is now compatible with the implementatons used in Taransmission and libtorrent. An informal LPD description can be found on the Internet. KadNode pretends to download the Torrent that the other client is downloading in order to be accepted as peer.
The DNS forwarder on OpenWrt is dnsmasq. To instruct dnsmasq to use KadNode to resolve all DNS request for the .p2p domain using KadNode, you need to add just one line in /etc/config/dhcp. It is easier to do it on the command line:
uci add_list dhcp.@dnsmasq[0].server='/p2p/::1#5353'
uci commit
KadNode will act as an upstream DNS-Server for the .p2p top level domain.
If it does not work it may mean that KadNode tries to connect to the IPv4 localhost address.
Change ::1 by 127.0.0.1 in this case.
When KadNode is started as daemon (in background), the logging output is written to /var/log/syslog.