A lot of our current tech stacks are topheavy. I'm all for re-examining foundational internet technologies and objectively examining how stuff can be pushed down the stack as it were; I'm arguably one of the people destroying DNS if that's your mindset, seems like a good key-value store and "data diode" to me.
I think email (SMTP) still hasn't been fully exploited as a job scheduling tool (events... mini batches... SMTP).
Bearing in mind, I don't expect people to burden the public infrastructure with these kinds of activities. I think if you're going to use the DNS for telemetry you need to scale your deployment to handle at least hundreds of requests a second; this isn't hard with DNS, it's just not the mindset of DNS operators intending to use the DNS as it always has been used. There are also some blatantly political considerations which need to be swept away to make it truly seamless.
The gnashing of teeth is obviously suspect when you consider the trajectory of HTTP: from web pages to XHR, SOAP and DoH. However questionable you might find the architectural choices, HTTP continues to work in spite of the abuse. Likewise, the demise of DNS is unlikely.
Have a think then about modern encryption and consensus on top of Usenet, which is the SMTP-compatible message queue of your dreams (in terms of available capacity)
Regarding cloudflare DNS over HTTPS: It could be that it tries to server data encoded as JSON, which is impossible in JSON. Some control characters and bytes 128-255 cannot be represented as JSON strings.
IME they block DNS other than their own (not even rewrite, just outright block). Not through experience trying to use iodine, but because I frequently have to drop my explicit DNS server in order to be able to reach the captive portal and connect legitimately.
Yeah, like a sibling comment replied, the idea of iodine is that you don't use your own resolver but the one that the captive portal provided.
You need a domain name, xxx.example, then you can uplink data yyyyyy through the tunnel by querying yyyyyy.xxx.example and iodined, authoritative for xxx.example, will receive this query by the captive portal's resolver. To downlink data, you read responses (txt, cname or null records) that iodined will send for your queries.
This probably fills up the cache of the captive portal's resolver (:
Oh I see. I'm surprised if they upstream DNS requests though, it doesn't serve any legitimate purpose? The whole point is that they respond 172.16.0.1 or whatever for the CP to everything? (Until MAC address known or however they track.)
Sometimes they require 3rd party stuff, hotlinked images, js on frontpage, etc.
I was on a ferry ship with paid sattelite wifi internet once and they only faked DNS responses for gstatic.com, google, etc. But they allowed my domain (DNS queries to it) and stripe.com (because that's how you paid) -- so they only faked responses for a small set of popular domains. IP access to the internet was, apart from stripe, blocked.
And because stripe uses FastlyCDN, they allowed all of fastlycdn network ranges (not useful for iodine), so I could browse reddit (they also use fastly) using stripe's CDN (only html, without i.redd.it image hosting, that's elsewhere).
AFAIR Fastly doesn't have a free plan, so I couldn't tunnel at higher speeds (via HTTP) but only via DNS.
But yeah, sometimes they just outright respond to any query with their IP and you are out of luck.
Of course. A captive portal can also be more sneaky and mangle the packets to redirect them to their own DNS service, since it's not encrypted.
But that's the beauty of iodine. It will still work because if the captive portal's name servers actually fully resolve requests, it will contact your upstream iodine controlled name servers and forward the response as-is, because that's just how DNS works.
Of course it's also fairly easy to detect/block since your DNS usage will be completely abnormal.
"Hmm. Promising. Unfortunately, it doesn't seem to like the TXT records having binary data in them (bug? certainly TXT records are allowed to hold binary data, see here and then here), so it might not Just Work."
Aside: IMHO, dnstxt from djbdns is easier for requesting TXT records than dig; it's a much smaller, simpler program.
tinydns from djbdns can store any data in TXT records, i.e., arbitratry bytes specified by octal. Perhaps other authoritative servers can also do this today. At the time djbdns was released AFAIK it was the only one.
"TXT (``text'') record for fqdn. tinydns-data creates a TXT record for fqdn containing the string s. You may use octal \nnn codes to include arbitrary bytes inside s; for example, \072 is a colon."
Nope. How could you get any easier than plain DNS? That would require a torrent client and bittorrent protocol. The beauty of this hack is that it exists on top of the ubiquitous DNS system.
I think the obvious match here is how IPFS can use a dnslink TXT file to point to the content-addressable top of an IPFS-distributed static web https://docs.ipfs.tech/concepts/dnslink/ . This is how a lot of dweb/web3 websites maintain and advertise a non-http mirror. It works out of the box for sites served using https://distributed.press/ (non-commercial, open source) or https://fleek.co/ (hosted).
If you use Brave, or have the IPFS browser extension, you can access sites like https://ffdweb.org/ as an option, or preferentially.
It's not far from OpenAFS which uses SRV records to point to fileservers. It's not magnet/torrent but it's certainly DNS discovery for data on a different protocol.
I think email (SMTP) still hasn't been fully exploited as a job scheduling tool (events... mini batches... SMTP).
Bearing in mind, I don't expect people to burden the public infrastructure with these kinds of activities. I think if you're going to use the DNS for telemetry you need to scale your deployment to handle at least hundreds of requests a second; this isn't hard with DNS, it's just not the mindset of DNS operators intending to use the DNS as it always has been used. There are also some blatantly political considerations which need to be swept away to make it truly seamless.
The gnashing of teeth is obviously suspect when you consider the trajectory of HTTP: from web pages to XHR, SOAP and DoH. However questionable you might find the architectural choices, HTTP continues to work in spite of the abuse. Likewise, the demise of DNS is unlikely.