The way DNS works in i2p makes it unreliable and vulnerable to attacks. It wouldn’t be to hard for an adversary to do a man in the middle or even do a fake version of a site. Also resolving DNS names is hard and takes a lot of effort.
Honestly the entire system needs to be rethought.
Are I referring to name resolution on the network or for when you’re trying to access open Internet webpages via an out proxy?
Name resolution via i2p
I still am not sure what your question is asking. Typically, name resolution is handled by your local I2P router using an address book. You trust whatever subscriptions are dumping into your address book. There isn’t really a central naming authority. Names can be set by whatever authority you choose.
Are you concerned about getting a bad address book subscription? What, concretely, do you mean by DNS?
I2p is vulnerable to a malicious party spreading a “alternate” base address for a domain name. All someone would need to do is get a bad entry into something like notbob.
Ideally domain names should work via consensus. A node could request a domain name and then the major of the network could agree to issue a cert. On the client side there could be some sort of cert verification.
non maliciously this is occasionally a problem. different registrars have different rules, some will delete a name after so long the destination is dead, others wont. so registrars will let you register an abandoned name with a new destination, but some wont. But local address books will default to the older destination over the newer one.
i think it was done this way so there could be no one thing declaring google.i2p goes to a destination, locally you decide. wouldn’t be a bad idea to incorporate some sort of cert though, a lot of that work would fall to the registrars to agree i’d think, like on expiring names.
i think the idea of using dht for this so it’s more like a network consensus thing has come up, but there’s reasons not to do this.
I think the reason it isn’t like that is because it is incredibly complex to do. Also if there is a design flaw it could be used to attack people.
I think my big gripe with I2P is the speed. I expected it to be much faster than accessing a tor hit in service. And it just absolutely completely disappointed me. Connecting to a monero node on tor got me 500KiB/s, on i2p i got 40KiB/s at best. Very disappointed.
I was under the impression that I2P was built with hidden services in mind. And I’ve been disabused of that notion.
I have gotten several mb/s
It really depends on the peers
