-
Notifications
You must be signed in to change notification settings - Fork 74
Home
Moritz Warning edited this page Jan 15, 2015
·
100 revisions
Welcome to the KadNode wiki!
##FAQ
-
What is KadNode?
KadNode is a tool that resolves names to IP addresses using the BitTorrent P2P network. KadNode runs in the background and intercepts and answers domains request for the .p2p domain. It has a very low resource consumption. The main task is to just return IP addresses for identifiers, not necessarly traditional DNS. -
How to start?
See the Howto Start. -
How does KadNode intercept DNS reqests?
On some systems the Name Service Switch (NSS) support (see /etc/nsswitch.conf) is used. For other systems KadNode includes a basic DNS server that listens on the local host (Supported are A, AAAA and SRV requests - to transmit the port). But this is tricky, because the might interfere with existing local DNS settings. -
How long does it take to resolve an address?
An estimate would be 8 seconds. Unless the address has been been cached. -
So, it's all about DNS?
No, KadNode is not traditional DNS. It just maps and 20 byte identifiers (or sha1(some-string)) to IP addresses. Everybody can announce identifiers. Use verification like HTTPS or other cryptography mechanisms. -
How much traffic does KadNode generate?
See this small Benchmark. -
Does KadNode offer authentication/verification?
Yes, KadNode has an extension (called 'auth') to create a public/secret key pair and to lookup nodes using the public key as you would use a domain name. The resolved IP addresses are those of nodes that have the corresponding secret key. Keep in mind that this approach is not very secure! -
How are public keys distributed?
This is not in the scope of KadNode. So it is your task to enter the keys into the configuration files. KadNode does not intend to solve the task of key distribution. -
Is the authentication/verification secure?
No. The current mechanism is vulnerable to man-in-the-middle attacks! -
How to compile KadNode without UPNP, NAT-PMP or authentication (libsodium) support?
Edit the FEATURES variable in Makefile and remove 'upnp', 'natpmp' or 'auth'. You can check the binary usingkadnode -v. -
Local Peer Discover (LPD) does not work on bridged devices..
Try to disable the multicast_snooping or multicast_querier option, this is needed for OpenWrt: echo 0 > /sys/devices/virtual/net/br-lan/bridge/multicast_snooping -
How does the authentication work?
Please consult the Authentication Details. -
Lookup is slow? What is going on?
KadNode may need a few seconds to resolve an identifier. If it takes considerably longer than 10 seconds, then your node might no properly bootstrapped. Let me now if you have reason to assume otherwise. There has been added a branch for speed enhancements. -
What is "fatal error: sodium.h: No such file or directory"?
When you try to compile KadNode, then you need to have libsodium installed. Otherwise, see Build&Installation below. -
Why do not use the nodes ID to find a node? They do not need to be announced in comparison to value IDs ?
Value IDs might not be free to choose in the future as some BitTorrent security features propose. You can also have only one. -
When are peers exported?
When a peer file is given (--peerfile), good peers are written to it every 24 hours and on proper shutdown (but only after at least 5min runtime). -
Where does the name KadNode come from?
It is short form Kademlia Node; Kademlia is the name of the DHT design used for BitTorrent.
To build KadNode with all features, you first need to build and install libsodium (if the auth feature will be enabled):
wget https://github.com/jedisct1/libsodium/releases/download/1.0.1/libsodium-1.0.1.tar.gz
tar -xvzf libsodium-1.0.1.tar.gz
cd libsodium-1.0.1
./configure && make && sudo make install
Now build and install KadNode:
git clone git@github.com:mwarning/KadNode.git
cd KadNode
make && sudo make install
Before doing make, you can set the features variable to included the features you like to use.
- increase lookup speed
- use "ed25519_ ", "hex_" etc. prefix for all identifiers that will not put into sha1
- for future compatibility and interoperability
- Use http://tools.ietf.org/html/rfc6920 ?
- Proper cryptography (etc. signing, prevention of man-in-the-middle attacks)
- randomize order of results to help load balancing of destinations
- only send an auth package per lookup request and destination to avoid packet multiplier attacks
static linking of libsodium (already done for OpenWrt packages)- clean shutdown - freeing all data structures
- do not return localhost address from kad_lookup_value for requests that originate from to outside
- may happen when local dnsmasq hands out results
- evaluate using telehash.org
A KadNode instance that knows no other peer sends a multicast message every 5 minutes to discovery new nodes. The message format is now compatible with the implementatons used in Taransmission and libtorrent. An informal LPD description can be found on the Internet. KadNode pretends to download the Torrent that the other client is downloading in order to be accepted as peer.
The DNS forwarder on OpenWrt is dnsmasq. To instruct dnsmasq to use KadNode to resolve all DNS request for the .p2p domain using KadNode, you need to add just one line in /etc/config/dhcp. It is easier to do it on the command line:
uci add_list dhcp.@dnsmasq[0].server='/p2p/::1#5353'
uci commit
KadNode will act as an upstream DNS-Server for the .p2p top level domain. ###Logging When KadNode is started as daemon (in background), the logging output is written to /var/log/syslog.