Author

Topic: Fedimint's reliance on DNS is recently causing 2 federations freezing issues (Read 132 times)

legendary
Activity: 1512
Merit: 7340
Farewell, Leo
Shifting to a decentralized DNS where censorship resistant naming protocol can be used, will be very helpful against domain suspensions.
This "Public-Key Addressable Resource Records" solution reminds me of Tor hidden service. You can already have censorship resistant naming protocol, if you don't have a problem with using public keys as domain names. The yet unsolved problem is to have decentralized naming protocol, but ICANN-like (human readable). Namecoin tried, but judging by the result, I can't say it succeeded.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
...
For the moment, guardians are also advised not to use xyz domain names.

Dave's view / opinion:

I would stay away from any domain ltd that is run by a for profit company. They don't really care who registers what and what they do with it.

And Team Internet (the company that controls the .xyz domain) https://en.wikipedia.org/wiki/Team_Internet seems to be at least to me not doing anything when their domain holders spam. Which leads to blocks.

Just my view, from running some front end mail servers but I would say about 1/3 of the TLDs they have I block at the edge. And that it probably about 3/4 of my block list.

With that being said I do personally have some domains with their TLDs but I am aware of the fact that with all my blocks I am still one of the smaller ones and some places lock them and a few other registrars out at the 90%+ level.

-Dave
hero member
Activity: 1274
Merit: 561
Leading Crypto Sports Betting & Casino Platform
Out of the multiple suggestion by developers, fedimint have decided to remove the DNS dependency and approve guardians to rotate their endpoints, as part of the version 0.4 about to be released, also, a means to the end of issues like having a single guardian requiring to change it's DNS endpoint. Other ways includes TOR and in subsequent versions DID may come in.

Observing all methods, systems like PKARR (Public key addressable resource records) came very close to solving the centralized DNS issue. Shifting to a decentralized DNS where censorship resistant naming protocol can be used, will be very helpful against domain suspensions. The name can be a public key like this https://o4dksfbqk85ogzdb5osziw6befigbuxmuxkuxq8434q89uj56uyy (not accepted by browsers, yet)

For the moment, guardians are also advised not to use xyz domain names.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
One weird thing is they can afford server to run the guardian, but they decide to save money by buying xyz domain. I don't see how the root of the problem can be solved without letting guardian have ability notify the network that their address (whether it's IP, domain or onion address) has been changed.

I can see why they would not want to do it that way. Same reason the seed nodes in core are hard coded. You need some trusted things.

But, as I said they need more then a single point of failure. Having multiple TLDs all with the same name point to something allows for better control.

Actually makes it more secure if they want. You must query all names, and x of y must match. This way if someone gets control of davef.com but all the others I listed are different then it really does not matter. If instead of being blocked imagine the extra chaos if someone got the domain and was hosting their own malicious guardian on the xyz domain that was blacklisted.

-Dave
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
One weird thing is they can afford server to run the guardian, but they decide to save money by buying xyz domain. I don't see how the root of the problem can be solved without letting guardian have ability notify the network that their address (whether it's IP, domain or onion address) has been changed.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
Unless you have your own AS number https://www.arin.net/resources/guide/asn/ and your own IP space relying on IPs instead of DNS just moves the problem.
Your static IPs are only as static as your ISP is good.

What they should be doing is having multiple domains all pointing back to the same place.

davef.com
davef.net
davef.me
davef.org
davef.xyz
davef.win
davef.biz

and so on.

They should mandate that the names are at least at 3 separate accredited registrars AND the DNS are at at least 3 separate hosts.

Done & solved.

-Dave
hero member
Activity: 1274
Merit: 561
Leading Crypto Sports Betting & Casino Platform
Two federations on fedimint; federation one and Bitcoin principal federation is facing a DNS issue, and users under the federation are not able to move their money, despite being assured of the safety of their funds.

According to sources, a guardian using an xyz extension had the domain placed on automated server hold as a blacklist service flagged them. And this always occur with .xyz domain extensions.

Developers made calls on ways to swap the DNS, but it's quite impossible and would require a hotfix upgrade for the transaction process to continue. This means that, aside the hotfix upgrade, the federation won't work until the guardian is back online.

Looking at the current reliance of fediment on DNS it's quite unsafe, because it's something the community cannot control, and members who have their funds in the above mentioned federation should move their money whenever a quorum of guardians comeback online.

Fedimint guardians are basically the technically trusted members in control of the set up and running of the federation's Chaumian eCash system. Read more https://fedimint.org/docs/GettingStarted/What-is-a-Fedimint

What do you think of Fedimint and its dependence on DNS? Would it be complex to set up a federation mint that wouldn't need DNS for a federation to process payment swiftly?

https://github.com/fedimint/fedimint/issues/5482  going through this link some developers are looking at changing it from DNS to IP, though some responses object to this as not being completely meaningful in solving the DNS problem.

Source: https://twitter.com/MutinyWallet/status/1805346636660429021?t=qbGpyZgN7cPUP9yNKK8ZIg&s=19
Jump to: