MX'ing and jpunix.com
-----BEGIN PGP SIGNED MESSAGE----- JPUNIX.COM (soon to be alias.net) offers a MX service for individuals that want to run an anonymous remailer but don't want the domain they are operating from to be immediately apparent. By making application to perry@jpunix.com, a remailer operator will be granted a DNS MX record pointing to the domain address of the requestor's choice and will appear to reside in the jpunix.com (alias.net) domain. Additional masking can be provided by having the MX record point to myriad.pc.cc.cmu.edu. What good does this do? I have an agreement with myriad.pc.cc.cmu.edu (Matt Ghio) where myriad will take the MX-pointed record and additionally alias it through the smail daemon on myriad. This function adds the unique benefit where determining the actual location of the remailer in question will be foiled when using nslookup. Since an additional alias is performed the result of an nslookup will always point to myriad. The actual location of the remailer remains hidden inside the alias on myriad. Lastly, Matt has the EXPN function of his sendmail daemon disabled so the identity of the remailer can't be determined by alias expansion. Future modifications to this scheme include adding an addition step whereby the MX-alias process will cause a version of Raph Levien's premail to post-process the message to add one or more random remailer paths the the overall path that the message travels. This step in still in the planning stages and has not been implemented yet. If you have and questions, or want to set up an MX record, send email to: perry@jpunix.com or ghio@myriad.pc.cc.cmu.edu John Perry < perry@jpunix.com> -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLzFN6lOTpEThrthvAQHfAAQAkzoGHz7iaJKHMzB5GEQr8OvEwhDY0F9s lCZUJhTw3KV2hVWDoUtZNPwiSf4vcsDhGx0CDQrDUon2vXC0mOHj4zBbDhhuUD5l /NCPOmtWKFSnWiny2JbD0esNIuxIaWfa/tVTkDoDq/zPtsG0awmHTpGMSeIkkxvy II1mDwnZ9n0= =2jQD -----END PGP SIGNATURE-----
From: "John A. Perry" <perry@jpunix.com> Additional masking can be provided by having the MX record point to myriad.pc.cc.cmu.edu. What good does this do? I have an agreement with myriad.pc.cc.cmu.edu (Matt Ghio) where myriad will take the MX-pointed record and additionally alias it through the smail daemon on myriad. This is the beginning of private name service. The machines behind this MX record are not particularly visible to the outside. Given the existence of such machine, it makes sense to consider giving them names which are also not too visible from the outside. A group of remailer operators who had access to the DNS setups on their machines could create their own personal top-level domain. For sake of discussion, let's call it ".cp". Now random Unix boxes on the Internet won't be able to gain access to .cp addresses, but the remailer club would. Outside parties would be able to be shown .cp addresses but would not be able to resolve where the machines actually were on the Internet, much less find them IRL. (Access control on who can pull .cp records will have to be added the the DNS software in order to do this.) Consider this in the light of Matt Ghio's MX service. Matt MX's for the alias.net addresses. Inside alias.net, the individual remailers could use .cp addresses to talk to each other. In fact, those who want zero contact with the outside world could advertise only .cp addresses and mail only to other .cp addresses. For sake of experimentation, I've set up a primary top-level nameserver here on my machine for ".cp". In order to access it, you'll need to act as a secondary name server for the domain. Hacking alternate roots into BIND comes later. Just add the following line to your named.boot file: secondary cp 204.94.187.1 db-secondary.cp If you do this, you'll be able to ask for a second-level domain. If you want a .cp domain, send mail to hostmaster@ndip.cp Tell the kind hostmaster what name you want, what you want it for, where you name servers are, etc. This is an experimental service and is not guaranteed to be reliable. It might also serve as a test bed for doing cryptographic name service trials. Eric
participants (2)
-
eric@remailer.net -
John A. Perry