New Round of Yggdrasil Development: Enhancements in DNS, Optimization, and XMPP Integration
Title: New Round of Yggdrasil Development: Enhancements in DNS, Optimization, and XMPP Integration
Summary:
In this article, we explore the recent developments in the Yggdrasil network, focusing on the improvements made to the Android clients. The author addresses the challenges faced with DNS and IPv6 integration, offering innovative solutions to ensure smooth browsing within the Yggdrasil network. Additionally, the article highlights the introduction of a comprehensive DNS configuration window and optimizations in TUN interface functionality. Furthermore, the author discusses the integration of XMPP servers within Yggdrasil, presenting potential use cases and inviting readers to try out the newly implemented features. The article concludes by emphasizing the unique advantages of Yggdrasil's direct device-to-device connection and encrypted traffic.
New round of Yggdrasil development
First, I'd like to apologize for not paying attention to the fact that both of the existing Yggdrasil network "clients" for Android have been doing so-so for the last couple of years. Almost a year ago, I wrote an article on how to set up access to Yggdrasil via WireGuard , and I used this bundle myself, so I didn’t deal with clients. But he could!
About a month ago, someone from the community once again showed how they could not open sites in Yggdrasil in the browser, and I got sick of it. I decided to deal with the problem and away we go! This article can be considered a summary of some intermediate results.
Unsolicited optimization
If you decide to use DNS in conjunction with IPv6-only domains in the absence of "real" IPv6, you will get a fig. Especially on Android. Yes, and not just one.
First, the system resolver that Android borrowed from FreeBSD has " optimizations " for networks that don't have global IPv6. Thus, if you decide that within your network you want to connect to some computer with an address fe80::50ff:21ff:fe27:e71
by a domain name, then your browser or application simply will not receive a record AAAA
, since it will not be requested from the DNS server.
In short, the resolver tries to create a UDP socket capable of connecting to the address 2000::
, and if there is no such route, then the OS will return an error, and there AAAA
will simply be no resolve. And since Yggdrasil uses an address range 0200::/7
that is not included in 2000::/3
, then everything is bad.
Once upon a time, for another client, I simply inserted a crutch that added this route during the creation of the VPN interface, and it worked. This approach was then finalized, they made a check for the presence of a global IPv6, and adding only if there is no route.
But in this client, I solved the problem more gracefully - I just added a route 2000::/128
, anyway, no one will connect to this address, and if someone gets into some real IPv6, the OS will immediately return an error, the packets will not fly to the Yggdrasil code for processing , and the browser / application will receive an error immediately, and not by timeout.
Wait, what are two different clients?
Oh, it's open source, baby :)
I once sawed one client when he was still the only one. It was abandoned by its original developer . But then a third developer somehow intercepted it, and stopped accepting pull requests from me. That application was left with a list of ancient non-working DNS servers, and a bunch of bugs.
And the second client was written by one of the developers of Yggdrasil itself, but for about a year and a half it was in its infancy, without the necessary workarounds, with a default icon from Android Studio, etc. When I came up with the necessary fixes, I asked the community which client to modify, the community answered " official ".
The second fig DNS + IPv6
It turned out that browsers based on the Chrome engine consider themselves smarter, or simply do not trust the OS, or are too tied to Google. They check for a route to the Google DNS server with an IPv6 address: 2001:4860:4860::8888
.
For this workaround, I had to make a separate option so that users can turn it on only if they need to.
What else has been done?
You didn’t think that I would just write about DNS and calm down?
In addition to solving problems with DNS, I have added a full DNS configuration window, so far there are 4 of my DNS servers located in different countries and available for use inside Yggdrasil. They block ads with AdGuard Home , resolve domains from ALFIS (a micro-blockchain I authored) and even from OpenNIC. All for privacy and independence.
In addition, we managed to optimize the very work with TUN (virtual network interface), that is, work with memory and buffers. This increased throughput and reduced memory consumption.
As for the button for quickly turning on and off from the curtain and notification with status, I will not even write. Oops...
Well, I ended up being added as a developer to the repository a couple of weeks ago, and I'm continuing to gradually improve the client. Today I released a new release based on v0.4.7 released a couple of days ago , and we are already preparing a release in F-Droid. There are some very interesting ideas ahead...
What to do with it or why is it all?
The thought came to me in the coming days that Yggdrasil was an example of what the Internet itself was supposed to be. Direct connection between any devices*. Just imagine what opportunities arise in a network where you don’t have to worry about all sorts of NATs, and all traffic is encrypted, and it doesn’t need to be encrypted at the application level!
The first server works through the regular Internet and Yggdrasil. SRV records are configured so that server connections go through the Internet first, and client connections go through Yggdrasil. It's all about priorities.
The second server generally works only in Ygg, using the domain from ALFIS. Theoretically, he can communicate with servers on the Internet, but they will not accept his certificate.
How to try them?
Install Yggdrasil on your Android device.
Set up one peer from the list of public peers there .
In the DNS section, I recommend choosing a couple from the list.
Enable Yggdrasil.
Install the Conversations XMPP client, for example from F-Droid .
There, register a new account on the server
yggdrasil.link
orxmpp.ygg
.Try to write to me on
revertron@yggdrasil.link
orrevertron@xmpp.ygg
respectively.
Even if you don't like using XMPP, or don't find a useful use right away, there's always an encrypted, secure, ad-blocking, tracker-blocking DNS inside Yggdrasil ;)
In the meantime, we will continue to cut new services inside Yggdrasil. Hold on...
* Да-да, "S in IoT stands for security" :)
Hashtags: #YggdrasilNetwork #AndroidClients #DNSOptimization #IPv6Integration #XMPPIntegration #Security #Privacy
Tags: Yggdrasil network, Android clients, DNS, IPv6, optimization, TUN interface, XMPP servers, direct connection, encrypted traffic, security, privacy
Keywords: Yggdrasil network, Android clients, DNS optimization, IPv6 integration, TUN interface, XMPP servers, direct device-to-device connection, encrypted traffic, security, privacy, ad-blocking, tracker-blocking, browser compatibility, network enhancements
Description for search bots:
Discover the latest developments in the Yggdrasil network as the Android clients undergo significant improvements. This article highlights the challenges faced with DNS and IPv6 integration, innovative solutions to optimize browsing, and the integration of XMPP servers within Yggdrasil. Explore the advantages of Yggdrasil's direct device-to-device connection, encrypted traffic, and enhanced security features. Don't miss the opportunity to try out the new features and experience ad-blocking and tracker-blocking capabilities within Yggdrasil.
Просмотры:
Коментарі
Дописати коментар
Олег Мічман в X: «Donations and support for media resources, bloggers, projects, and individuals. https://t.co/HPKsNRd4Uo https://t.co/R6NXVPK62M» / X
https://twitter.com/olukawy/status/1703876551505309973