secnet: "IP"-over-DNS transport
Ian Jackson
ijackson at chiark.greenend.org.uk
Thu Aug 4 15:08:54 BST 2011
FYI I am working on a series which will allow secnet to use DNS as a
transport mechanism. That is:
* secnet will be able to be a stunt DNS server (obv. it will
need an IP address to which it can bind to :53, appropriate
delegations)
* secnet will be able to be a stunt DNS client
So far so good. These are new "comm"s. On clients you'd configure a
comm list including (a) the normal udp comm (b) the stunt dns client
comm. The server would have both comms and the clients would be
recorded as mobile.
I think that part of this will have to be a way to tell secnet to
switch into and out of this mode. That is, I will have to invent a
control socket interface. Thinking about this, I propose to invent a
new kind of closure to which everything can register itself. The
control socket would be AF_UNIX line-based commands, suitable for
nc.openbsd or dedicated clients.
At the moment I imagine the only command would be "site such-and-such,
switch to comm index N" or "all sites, switch to comm index N".
Opinions welcome.
Ian.
More information about the sgo-software-discuss
mailing list