📅 Original date posted:2014-05-16
📝 Original message:On 05/15/2014 07:48 PM, Gregory Maxwell wrote:
> On Thu, May 15, 2014 at 4:50 AM, Andreas Schildbach
> <andreas at schildbach.de> wrote:
>> I'm bringing this issue up again. The current Bitcoin DNS seed
>> infrastructure is unstable. I assume this is because of we're using a
>> custom DNS implementation which is not 100% compatible. There have been
>> bugs in the past, like a case sensitive match for the domain name.
>
> If software is using the DNS seeds in a way where one or two being
> unavailable is problematic, then the software may be using them
> poorly.
>
> Generally DNS seeds should only be used as fast connectivity hints,
> primarily for initial connectivity. Relying on them exclusively
> increases isolation vulnerabilities (e.g. because the dns seed
> operators or any ISP or network attacker on the path between you and
> the seeds can replace the results with ones that isolate you on a
> bogus network).
I just used "nslookup", after seeing the issues in bitcoinj.
I agree that clients should be robust regarding DNS lookups (and
bitcoinj isn't), but still I think the first step needs to be
maintaining a quality infrastructure.
Andreas Schildbach [ARCHIVE] /
npub1xg…adsv7
2023-06-07 15:21:21
in reply to nevent1q…x6ql
Author Public Key
npub1xg2m84malu0cfm4444r0kysx4rgk27e75aj6sz6538kw8fcz627qeadsv7Published at
2023-06-07 15:21:21Event JSON
{
"id": "23820d2634dc2b30bb95a8dd5719615248c269517e7e5187a4016a2aa5b4fa14",
"pubkey": "3215b3d77dff1f84eeb5ad46fb1206a8d1657b3ea765a80b5489ece3a702d2bc",
"created_at": 1686151281,
"kind": 1,
"tags": [
[
"e",
"27f2cc162bf57c487222b138d4571ce221ca7cd25d269ba16d303b1b70b76927",
"",
"root"
],
[
"e",
"043cedcb8eef6a7c4d6f889effca871dcb8f9a01cb86aa2b84cb2e6f4a3ecdc2",
"",
"reply"
],
[
"p",
"4aa6cf9aa5c8e98f401dac603c6a10207509b6a07317676e9d6615f3d7103d73"
]
],
"content": "📅 Original date posted:2014-05-16\n📝 Original message:On 05/15/2014 07:48 PM, Gregory Maxwell wrote:\n\u003e On Thu, May 15, 2014 at 4:50 AM, Andreas Schildbach\n\u003e \u003candreas at schildbach.de\u003e wrote:\n\u003e\u003e I'm bringing this issue up again. The current Bitcoin DNS seed\n\u003e\u003e infrastructure is unstable. I assume this is because of we're using a\n\u003e\u003e custom DNS implementation which is not 100% compatible. There have been\n\u003e\u003e bugs in the past, like a case sensitive match for the domain name.\n\u003e\n\u003e If software is using the DNS seeds in a way where one or two being\n\u003e unavailable is problematic, then the software may be using them\n\u003e poorly.\n\u003e\n\u003e Generally DNS seeds should only be used as fast connectivity hints,\n\u003e primarily for initial connectivity. Relying on them exclusively\n\u003e increases isolation vulnerabilities (e.g. because the dns seed\n\u003e operators or any ISP or network attacker on the path between you and\n\u003e the seeds can replace the results with ones that isolate you on a\n\u003e bogus network).\n\nI just used \"nslookup\", after seeing the issues in bitcoinj.\n\nI agree that clients should be robust regarding DNS lookups (and\nbitcoinj isn't), but still I think the first step needs to be\nmaintaining a quality infrastructure.",
"sig": "b134da106607ba8c71ac87796029b4e1a9f19d2695f3b59c6442381ab6fb90c01bf1709c20c04f11e643a5598d75e9cc546e43d84d7886540b7d871691dc8aa8"
}