Andreas Schildbach [ARCHIVE] on Nostr: 📅 Original date posted:2014-05-16 📝 Original message:On 05/15/2014 07:48 PM, ...
📅 Original date posted:2014-05-16
📝 Original message:On 05/15/2014 07:48 PM, Gregory Maxwell wrote:
> On Thu, May 15, 2014 at 4:50 AM, Andreas Schildbach
> <andreas at schildbach.de> wrote:
>> I'm bringing this issue up again. The current Bitcoin DNS seed
>> infrastructure is unstable. I assume this is because of we're using a
>> custom DNS implementation which is not 100% compatible. There have been
>> bugs in the past, like a case sensitive match for the domain name.
>
> If software is using the DNS seeds in a way where one or two being
> unavailable is problematic, then the software may be using them
> poorly.
>
> Generally DNS seeds should only be used as fast connectivity hints,
> primarily for initial connectivity. Relying on them exclusively
> increases isolation vulnerabilities (e.g. because the dns seed
> operators or any ISP or network attacker on the path between you and
> the seeds can replace the results with ones that isolate you on a
> bogus network).
I just used "nslookup", after seeing the issues in bitcoinj.
I agree that clients should be robust regarding DNS lookups (and
bitcoinj isn't), but still I think the first step needs to be
maintaining a quality infrastructure.
📝 Original message:On 05/15/2014 07:48 PM, Gregory Maxwell wrote:
> On Thu, May 15, 2014 at 4:50 AM, Andreas Schildbach
> <andreas at schildbach.de> wrote:
>> I'm bringing this issue up again. The current Bitcoin DNS seed
>> infrastructure is unstable. I assume this is because of we're using a
>> custom DNS implementation which is not 100% compatible. There have been
>> bugs in the past, like a case sensitive match for the domain name.
>
> If software is using the DNS seeds in a way where one or two being
> unavailable is problematic, then the software may be using them
> poorly.
>
> Generally DNS seeds should only be used as fast connectivity hints,
> primarily for initial connectivity. Relying on them exclusively
> increases isolation vulnerabilities (e.g. because the dns seed
> operators or any ISP or network attacker on the path between you and
> the seeds can replace the results with ones that isolate you on a
> bogus network).
I just used "nslookup", after seeing the issues in bitcoinj.
I agree that clients should be robust regarding DNS lookups (and
bitcoinj isn't), but still I think the first step needs to be
maintaining a quality infrastructure.