New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chainparams: Add achow101 DNS seeder #30007
base: master
Are you sure you want to change the base?
Conversation
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. Code CoverageFor detailed information about the code coverage, see the test coverage report. ReviewsSee the guideline for information on the review process.
If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update. |
Concept ACK
|
Concept ACK Some of our DNS seeds are currently not performing well, so adding a new/more reliable one seems logical to me. I have also been running this seeder myself for some time (at seed.bitcoin.fish.foo) and the program seems to work well from the operator side too, not requiring any intervention in the few weeks i've been running it. I ran a different test to @laanwj on mainnet IPV4 only, and did find seeds generally returning results: Details
I will try to expand my test script soon to include testnet and also to query whether the flags are accurate for returned results so I can verify both this new seed, and existing seeds. |
I've changed it to 60 seconds. |
@virtu FYI, would it be easily possible to run some of the metrics of https://21.ninja/dns-seeds/ for this new seeder? |
Concept ACK. By the way, it would be great if mainnet DNS seeders are considering to sign by default the peers records. This could be amply checked in |
There are some that do (#19714), but as far as i know, there is no cross-platform API for checking DNSSEC status from user code. i've unlocked that issue for discussion. |
Concept ACK @mzumsande, the seed is now being monitored on dev.21.ninja. There may be some graph artifacts until a second data point becomes available. But so far data looks good: 40 advertised addresses (half of them ipv4, the other ipv6), and 35 of them reachable. |
Why does the seeder consider 'default port' for good nodes? |
DNS cannot provide port numbers, but a port must be known when connecting to a node. So we assume the default port, and because of that assumption, DNS seeders need to return nodes that are listening on the default port. |
Concept ACK There's discussion in #29911 about whether we should mention the specific feature bits here. I tested that the mainnet seed result returns both IPv4 and IPv6 records and tried to connect to a random result. I didn't do any fancier analysis. |
Concept ACK on adding another DNS seeder
TXT records could work but that will require lot of other changes (out of scope) |
Right-DNS can serve arbitrary information, but it would complicate things in the client: the cross-platform libc resolver, Also, IIRC caching DNS servers don't always cache TXT records (because they can store arbitrary data); the caching and the privacy that comes with it, is the advantage of using DNS in the first place, over simply using bitcoin protocol for seeding. Mind that the DNS seeds are only an entry point to the network. The gossip network itself can handle alternative ports fine, so from that point on, nodes with other ports can be discovered by a node. In the main threat scenario that would make this entry point useless, a hypothetical future where port 8333 would be blocked by ISPs, it's extremely likely that the DNS seeds would also be blocked entirely as they're easy to enumerate. |
I've implemented DNSSEC |
That's neat! i think it's still missing some part, resolving through Google's DNS (which has more verbose error messages than my ISP) gives: $ dig x9.dnsseed.signet.bitcoin.achow101.com. @1.1.1.1
⋮
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; EDE: 10 (RRSIGs Missing): (failed to verify signatures for x9.dnsseed.signet.bitcoin.achow101.com. opt-out proof)
⋮ |
Should be fixed now |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All good now!
ACK ee218aa
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ACK ee218aa
@achow101 Are you sure you want to put this on a common domain with other things? |
Concept ACK on using different software for various DNS seeders. Need to do more review / testing on this one. |
I wrote a DNS seeder and have been running it for the past 2 months now. I believe it is ready/good enough to be used as an additional DNS seeder for all of our supported public networks.