📅 Original date posted:2015-07-18
📝 Original message:> It is worth noting that DNS lookups can be done via Tor. In effect that
> gives you 1000+ proxies instead of 56 or 4. BitcoinJ already has code that
> can do this.
Agreed, although I guess the bootstrap time for that is a little on
the high side, and maybe a little too chunky on mobile devices, but
it's absolutely worthwhile as an option. DNSSEC is great because it
doesn't allow resolvers to lie, they can't even pretend that a record
doesn't exist.
> I would agree that it makes sense for proxying of DNS requests to be an
> optional part of the protocol. Wallet developers can then compete on privacy
> vs robustness vs whatever other issues there may be.
My current thinking with Electrum (that ThomasV and I have bounced
around) is to make the default policy DNSCrypt -> fallback to
OpenAlias API pool (which can return DNSSEC data for verification) ->
fallback to default resolver. Turning off DNSCrypt will then make it
default resolver -> fallback to OpenAlias API pool. Turning off the
API pool will make it default resolver or fail. Default resolver can
be set to OS resolver (default) or custom resolvers (eg. Google Public
DNS).
Riccardo
Riccardo Spagni [ARCHIVE] /
npub1lt…57u5h
2023-06-07 15:42:16
in reply to nevent1q…2pcf
Author Public Key
npub1ltdzy3s2e7j4v9yq5jlc3fpm8stxhvxthksp7vyemc2ly2g0ymaqq57u5hPublished at
2023-06-07 15:42:16Event JSON
{
"id": "aaf5e14b51234eab333a4caa0b83a3906d45677b4429220ee566a2b913583e8e",
"pubkey": "fada22460acfa5561480a4bf88a43b3c166bb0cbbda01f3099de15f2290f26fa",
"created_at": 1686152536,
"kind": 1,
"tags": [
[
"e",
"2b792280c7c77e1a9146c50dbbc2a8f3336e57397d73b26f225d7fe35c48cd85",
"",
"root"
],
[
"e",
"0671fccacf5989831d0b7be1df53787014510b39d152ff7394d62828c03dad57",
"",
"reply"
],
[
"p",
"f2c95df3766562e3b96b79a0254881c59e8639f23987846961cf55412a77f6f2"
]
],
"content": "📅 Original date posted:2015-07-18\n📝 Original message:\u003e It is worth noting that DNS lookups can be done via Tor. In effect that\n\u003e gives you 1000+ proxies instead of 56 or 4. BitcoinJ already has code that\n\u003e can do this.\n\nAgreed, although I guess the bootstrap time for that is a little on\nthe high side, and maybe a little too chunky on mobile devices, but\nit's absolutely worthwhile as an option. DNSSEC is great because it\ndoesn't allow resolvers to lie, they can't even pretend that a record\ndoesn't exist.\n\n\u003e I would agree that it makes sense for proxying of DNS requests to be an\n\u003e optional part of the protocol. Wallet developers can then compete on privacy\n\u003e vs robustness vs whatever other issues there may be.\n\nMy current thinking with Electrum (that ThomasV and I have bounced\naround) is to make the default policy DNSCrypt -\u003e fallback to\nOpenAlias API pool (which can return DNSSEC data for verification) -\u003e\nfallback to default resolver. Turning off DNSCrypt will then make it\ndefault resolver -\u003e fallback to OpenAlias API pool. Turning off the\nAPI pool will make it default resolver or fail. Default resolver can\nbe set to OS resolver (default) or custom resolvers (eg. Google Public\nDNS).\n\nRiccardo",
"sig": "46f9e89d685bcd6ecc9653ae05e160c1fdbf2320d5574da8159279187a85d0fda2bf66bc07370cc72ed0479f8fe5f229d73eb08ef2ee18163aabe98aa9ad2a6a"
}