I had an idea ! Again !
Yesterday, I was thinking I should have a second validating DNSSEC resolver. I have obviously my own, but it's a good idea to have a second one.
So I made a little research on the web and found two types of answers :
- an open dns resolver like I search for is a bad idea.
- Google DNS, OpenDNS or other corporate open dns.
So, the second category of resolvers are a bad idea : some filter their answers, violating net neutrality and other liberties, like free speech. Google is evil...
We can't trust these corporations. Too big, too much interest, too powerful...
Actually I don't know at all whether it is possible or not ! I launch the idea, look what it gives after !
What we need…
In order for everything to work well, there is several requirements:
- a great number of servers in the pool
- ... with fixed ip
- ... with several softwares (unbound, knot, bind...) in order to be resilient...
- well setted up servers and firewalls, else the machines would fall in a DDoS attack.
- validating servers and up-to-date (here again, configuration problematic) else, poisoning caches...
- server adminis communicating, helping, teaching each other, in order that, if some failure is discovered, the admin is advertised and failure solved as fast as possible
And everything has to be tested before opening public access.
Who can be interested ? Who can be naturally involved in the project ?
- various associations defending freedom, including net liberties, for example framasoft and/or lqdn
- their political support, like pirate parties
- all sort of geeks, pro and/or amateurs
- self-hosting guys
- alternative and/or associative ISP like FFDN
- diaspora podmins
- members of the NTP pool
Obviously, everybody there is kind the same, as you're a geek when member of FDN and/or lqdn.
But what you think of my idea ? Beside the fact it is crazy ?
NB : if you want to comment this article, write me a mail at stephane+blog AROBASE 22decembre DOT eu and I will place it there !