-
-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: support custom DoH resolvers #8068
Conversation
seems like |
685bd0d
to
45b9be5
Compare
squashed the gomod dep update commits. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall looking good, left a few comments/questions.
There's also a DNS usage to update here https://github.com/ipfs/go-ipfs/blob/ef866a1400b3b2861e5e8b6cc9edc8633b890a0a/core/commands/swarm.go#L491
I'll give it a rebase to resolve the conflicts in |
e4537b2
to
40cbf8b
Compare
gave it a rebase, resolved the conflict, and squashed a few commits. |
@@ -281,6 +283,7 @@ func Online(bcfg *BuildCfg, cfg *config.Config) fx.Option { | |||
func Offline(cfg *config.Config) fx.Option { | |||
return fx.Options( | |||
fx.Provide(offline.Exchange), | |||
fx.Provide(DNSResolver), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This preserves existing behavior. @Stebalien Is this the correct behavior, or would we want some nilDNSResolver
here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, we should use the nilDNSResolver
. I'd consider this a bug fix.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But we can also punt to a second PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's pretty easy to do, so I can do it here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
undone, as it is a behaviour change that leads to a regression; we can easily consider it in a follow up pr.
This needs some config documentation ( Related: consider an upgrade path to DNS over TLS, and maybe even DNS over libp2p. |
sure, I'll add some documentation.
Upgrade path could be very easy by using the appropriate url scheme -- eg
`tls:` or `libp2p:`.
…On Mon, Apr 12, 2021, 23:16 Steven Allen ***@***.***> wrote:
This needs some config documentation (config.md). Especially, how do we
format DoH addresses?
Related: consider an upgrade path to DNS over TLS, and maybe even DNS over
libp2p.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#8068 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAI4SX6DETLPCLRG7BVBMTTINILNANCNFSM42ZCEYHA>
.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- We most likely will accept Multiadrs and URLs for DNS resolver endpoints,
but for now onlyhttps://
URL with DoH endpoint will be used in practice (Brave, ENS). Multiaddr support can be added later. - I requested config changes in add custom DNS Resolver configuration go-ipfs-config#126 (comment) / add custom DNS Resolver configuration go-ipfs-config#126 (review), it also includes example which we could re-use in docs.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is taking a nice shape 👍
I tweaked docs + left some inline comments regarding implicit defaults.
(I believe we should include implicit defaults in this PR, so we can then simply remove special-casing of eth
in go-namesys and be done with it)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Took this for a spin and works as expected 🚀
Only remaining ask is to add DNS record cache and make config bit more flexible (details below and inline)
DNS Cache
I think we need to add cache – DoH lookups are too expensive (~1 second each) for this to be useful for loading websites (each subresource would be slowed down by this). I filled multiformats/go-multiaddr-dns#28 for this, because we should have a global cache, and that seems like a good home for it.
Config
- it should be possible to disable implicit default by setting value to "" (we need this, so people can run cleartext ENS resolver on localhost)
{}
needs more work – details inline
fb908f6
to
66afda4
Compare
DoH resolver cache implementation in libp2p/go-doh-resolver#3 |
there is a failing sharness test, not sure if it is related:
|
047ec45
to
d78cb68
Compare
Updated deps to |
Updated for the changes in the namesys constructor api. |
- document implicit defaults for eth and crypto TLDs - be very honest and link to ToS of cloudflare-eth.com - provide suggestion that one should run own resolver if they really care about decentralization
License: MIT Signed-off-by: vyzo <vyzo@hackzen.org>
b79689b
to
75e0141
Compare
Updated to a released go-libp2p & go-ipfs-config. |
Closes #6532
Closes #6915
Closes #3942
Closes #2934
Depends on: