[plagiat0r]

Let me just add one more thing why this idea seems bad to me personally. I'm not atacking you, but the idea.

So the way things work today is this, the way I see it:

1. We have a physical layer -> a wire

2. We have a data link layer -> ethernet + ARP or NDP are common here

3. we have a network layer -> currently, two networks are widely used: IPv4 and IPv6

4. We have a transport layer: tcp and udp and quic

7. We have an actual data, encrypted or not.

So where the DNS fits in this model? People say it is build on top of UDP, so it must be layer7, right? But because of the core function of the DNS protocol, I would put DNS into Layer3, the same as I would put ARP and NDP on layer2 even if NDP is built into IPv6. I would put it on Layer 2 solely by the function it provides.

A sole purpose of the DNS is to make a connect() possible without using direct network addressess, but client use "a string" as a destination. For me this is a Layer 3 protocol, because it is a helper protocol used to establish a connection.

Once you have a connection, on top of it you use other layers to transfer data reliably.

Your solution puts a Layer 7 data into a Layer 3 component by using TXT records. And if there were no TXT records invented, you could still encode binary data in the AAAA records, 8 bytes at a time and hack it to store arbitrary data that a custom "client" can process in 8 byte chunks.

And while clever, this is not the right tool to store layer 7 data.

It is like sitting on an island with a hammer. You need to cut a tree and says: well, I can use hammer to cut the tree or I can try with bare hands. What should I do? While I agree hammer has a higher chance of succeeding, I would advice to find a sharp rock instead. Find or invent a better tool for the job.

[zzem]

Thank you for your insights. I understand the concerns you've raised, but there's also another side to DNS that's often overlooked: its role as a globally available, distributed database for storing small amounts of data linked to domain names.

Now, I'm not saying that people should start to host their files on DNS, but for simple, personal "banner" like pages that say "Hi, I'm X, love cats, catch me on @email" that should be OK, may be easier than setting up a separate hosting, and make the web more inclusive for non-technical users. Storing and transferring a few hundred bytes for this purpose under a distinct namespace/zone in a niche use case should be well within the capacity of the existing DNS software and infrastructure. We already have other standardized, dedicated classes of informational ("Layer 7 data") DNS records like HINFO and RP, so why not store a piece of text that would have a meaning for humans and present it in a nicely formatted (themes) and accessible (HTTP) way.

The way I see it is as a scale: DNS TXT records may be ok to use for small, simple, informational pages; - static hosting (GitHub Pages, Cloudflare Pages, etc.) should be used for longer texts, pages with custom assets (e.g., images), or multi-page sites; - SSGs and dedicated platforms for blog and bigger websites (Jekyll, Wordpress, etc.); - VPSes, EC2, Lambda, Firebase etc. for bigger things; - ending probably with dedicated servers, networking, and own ASNs for big online platforms. There is always some amount of data or activity above which one should switch to the next level, but switching to it requires additional knowledge and resources; and the other way around, buying and maintaining a dedicated server just to host a simple, static website with low traffic is an overkill.

Also, one thing about the app's architecture may be worth highlighting: The app uses a pre-set DoH provider (currently Cloudflare) to resolve DNS queries on the client-side, so the impact on the DNS ecosystem is close to none as only the source DNS server and the DoH resolver store and transfer these TXT records. Such setup also protects sites against mitm attacks. If the traffic becomes too big for Cloudflare infrastructure (if that's even possible), we can always setup and switch to our own dedicated DoH endpoint. Similarly, if the DNS hosting provider thinks it's abusing their servers, they can increase pricing or limit the number and/or length of TXT records their customers can setup for a single domain.

[plagiat0r]

Every bit of information that is stored in the DNS is serving one basic purpose: to allow connection to a string. Additions, like CAA or SPF are also consumed by programs to set some limits of a domain usage.

Every other record you mentioned never gained any adoption, simply because this "database" is meant to be used by programs, not humans. Sure, I may use SOA email to contact a DC, but this is exception, not a rule.

Therefore, from the perspective of a person that does DNS courses for technical staff, I conclude that average Joe will never be able to set TXT records properly, and professionals will not do it either because of the reasons I mentioned.

And while I encourage you to pursue your goal, adoption willy be close to none so I'm not so worried about that. Adoption of this will be much lover that adoption of HWINFO or LOC records (ignore RFC 8482, I mean user provided HWINFO data). Your proposal will be used by 50 people total, optimistically.

For all use cases, we have http invented already. Storage for http is also a solved problem.

[quickthrower2]

Thanks that is a cool insight about what layer DNS should be thought of as. Never even thought about this.

[plagiat0r]

I really do not want to start a flame war about OSI model, but I tent to bend the OSI model and interpret the "layers" by the function they presents.

Another example, lets say you spin up a QuicTun, nacl-based encapsulation tunel, encrypted, running over IP + UDP as a layer7 process, in userland, there is no kernel implementation. For me, this vpn is Layer2 (when tap mode) or Layer3 (when tun mode) regardless that it uses all 7 layers to establish the tunnel. Sure it uses all layers to establish the connection but once it is done, I have layer3 device for further use.

Same for DNS - for me it is Layer3 because of the crucial function it provides, so I could rather say it is functionally on the same layer as IP in a sense, it is crucial to make a connection. Does not matter that it uses all 7 layers to get me the network (A)ddress / (AAAA)ddress, it is still functionally a network layer for me. Only once this is establised, I can exchange data.

And while DNS is running on layer7 - for me personally, the function it performs is "to allow connect() to a string as opposed to a network address (IP/IPv6)" and because of that, it is a Layer3 for me on the functional level, same as a VPN software to access some corporate stuff. Does not matter that VPN uses TLS and DNS under the hood and span across all 7 layers to encapsulate my data, functionally it is layer3 for me.

I do a lot of corporate DNS trainings and people are surprised about this view. Software developers are unhappy that we start the "DNS course" with IP basics, unicast, anycast, 101 overview of BGP, ARIN, provider independed vs Provider Aggregatable address space. Developers would rather learn about DNS, not what an IP address is. Network guys sits happy on the course, but they are not happy to hear my view that:

"there is no DNS without network and there is no network without a DNS"

However, slowly but surely once the full training is finished, both sides understand that IP/IPv6 and DNS are in a symbiosis and can't be separated. We touch a lot of topics, including lack of interoperatibilty between IPv4 and IPV6, DNS64, XLAT464, etc.

Sure, if you run an air-gapped network in some military facility, you can get things working without DNS, but 99.999% networks can't work without a DNS.

[whodev]

> Sure, if you run an air-gapped network in some military facility, you can get things working without DNS, but 99.999% networks can't work without a DNS.

It's funny you say that, because in the air-gapped network in some military facility I work in, we actually replicate certain public DNS entries to have some specific systems and services working for our developers.

[plagiat0r]

Of course, you want SNMP monitors get you and email as an alert, you have to setup auth DNS with xyz.local and use it in air-gapped environments for your alert mails. Hard drive failure?, RX/TX errors on a switch port? fire up mail over SMTP with an SNMP agent, etc. the list goes on and on.

Network without DNS is un-useable. Apologies for my english, it is not my native language.

[whodev]

> you have to setup auth DNS with xyz.local and use it in air-gapped environments for your alert mails

True, but I was talking more about creating DNS entries for NPM (and other package managers) and redirecting them to our internal services. I just thought it was funny to mention since we impersonate public sites on our internal air-gapped network.