Proposal: Configurable DNS resolvers for human-readable names #42
Conversation
|
One thing that is not clear to me here is why IPFS needs to allow plugging alternative name resolution algorithms. Seems like they should be plugging themself at the OS layer instead. My concern is that primary value of URL is that it provides universal way for sender to send a name that receiver can use to obtain content regardless of their configurations. If that becomes conditioned on node configurations of sender and receiver they loose value and in fact can harm the ecosystem by creating a reputation of unreliable or too complicated. Another thing worth considering is that DIDs seem to be gaining momentum, at least in web3 space, maybe that could be a place to plug alternative naming and resolution schemes as opposed to overloading DNS. Huge +1 on making IPNS reliable so that DNSLinks use |
There was a problem hiding this comment.
This is awesome - great work! No expectation to respond to everything in GitHub. I'm also game to connect verbally if that's easier.
One suggestion: should we scope this proposal to:
- DNS over HTTPS is supported in js/go-ipfs/libp2p
- DNSLink provides interop for human-readable names and enables independence from PKI and ICANN.
and let everything about "IPNS provides a reliable solution for cryptographically-verifiable mutable names that won't break, as long someone is re-publishing the latest record" live in #19 ?
This would allow this proposal to simplify a bit and I assume they could be executed/delivered in parallel (with the best customer value occurring when both are completed)?
| - most likely not the best choice for security-sensitive use cases where human-readable names are not required: means DNS is used in contexts where cryptographic addressing should be used instead. | ||
| - **OS-level DNS resolver is used for all DNS TXT record lookups.** | ||
| - IPFS node is unable to control which DNS resolver is used for specific TLD, all queries go to global DNS server configured in the operating system | ||
| - This harms competition and slows down innovation in the decentralized naming space. For example, if user changes their DNS resolver to one that is capable of resolving all TLDs over ENS, they are unable to resolve TLDs from OpenNIC or UnstoppableDomains. |
There was a problem hiding this comment.
n00b questions:
- Is there a DNS resolver that is capable of resolving all TLDs over ENS? Is this more about something that could come in the future (per https://ccnso.icann.org/sites/default/files/field-attached/presentation-dns-blockchain-ens-24jun19-en.pdf )?
- Is this a general issue even at the OS level that a user won't be able to have DNS that works with ENS, OpenNIC, and UnstoppableDomains together? Can someone have a local DNS proxy that can resolve using ENS, OpenNIC, UnstoppableDomains, etc.?
There was a problem hiding this comment.
Ad 1. Yes, https://eth.link provides endpoint at https://eth.link/dns-query, but we will use it only for resolving *.eth, unless (Brave) user chooses otherwise
Ad 2. Correct, my opinion is that requiring users to run DNS proxy is not realistic. Ability to specify DoH resolver per TLD removes the need for that, but if someone wants to run own DNS resolver, they can also do this here – just point at localhost one.
| - Alternatives to [ICANN](https://en.wikipedia.org/wiki/ICANN) exist, and we want them to work with our stack to decrease dependency on a single organization. | ||
| - [ENS](https://ens.domains) provides custom TLDs (`.eth`) and leverage DNSLink for interop with IPFS and delegated lookups with clients that are unable to run own blockchain resolver. | ||
| - Updating `ipfs-ns` `contenthash` is a chore and costs extra (gas etc). | ||
| - Using `ipns-ns` means setting `contenthash` only once, introduces cost savings and simplifies publishing. |
There was a problem hiding this comment.
The convenience makes sense. Question about .ENS users: are they going to be comfortable/supportive of mutating changes happening outside of the blockchain? Haven't they now effectively lost the transaction history for part of their domain (i.e., the CID for the content the domain is pointing to)?
There was a problem hiding this comment.
ENS users have a choice between pointing at IPFS identifiers in one of two namespaces:
ipfs-ns– immutable identifiers – never changeipns-ns- mutable cryptographic identifiers, only owner of the publishing key can make change and update there it points at
The latter is still a cryptographic identifier, but yes, it is being mutated outside of blockchain.
For many that is a killer feature, because it means they don't need to pay gas every time they want to update their website. IPNS makes ENS way cheaper, more practical and I'd argue safer – you don't need to take out your hardware wallet to update your blog.
| #### Counterpoints & pre-mortem | ||
| _Why might this project be lower impact than expected? How could this project fail to complete, or fail to be successful?_ | ||
|
|
||
| - Configurable per TLDs [DNS over HTTPS](https://en.wikipedia.org/wiki/DNS_over_HTTPS) resolver for may be not enough to mitigate concerns around centralized nature of ICANN's DNS. |
There was a problem hiding this comment.
Do you have any anecdotes that lead to think this could be the case?
There was a problem hiding this comment.
Cynical commentary goes like this:
- DoH by definition points at some centralized HTTPS server
- We don't want to ship some preconfigured DoH server for all ICANN names with go-ipfs, to avoid pointing all users at the same endpoint
- DoH endpoint choice should be made by user or user agent
- Still, it is possible that most people will use DoH endpoints from Google or Cloudflare, because those are fast and reliable, so we mitigated privacy leak and mitigated ISP-level spoofing, but then put all eggs in one basket
| _How might this project’s intent be realized in other ways (other than this project proposal)? What other potential solutions can address the same need?_ | ||
|
|
||
| - Deprecate IPNS. | ||
| - Announce ENS being the official solution for DNS names and replace every DNS lookup to go via ENS. |
There was a problem hiding this comment.
Would customer actually be ok with this given the Gas fees to publish a new CID?
There was a problem hiding this comment.
Chicken and egg, of sorts: fixing IPNS would remove the problem of gas cost.
However, the way I see it, the real problem here is not the cost of gas or chore of updating ENS record.
Using this as a global resolver would be just a charade: most domains will remain on ICANN network for years to come, so ENS would act as a centralized proxy for 99,9....% of ICANN lookups 🙈
|
@Gozala the ability to override OS-level resolver is crucial for both user choice/security (OS-level one is most likely plaintext from ISP) and for our browser integration story. Brave wants to add suport for ENS via DoH at https://eth.link/dns-query, with more systems to come, and I believe go-ipfs should provide primitives to follow DNS resolver choices user made via their user agent. Being able to support non-ICANN names is something we get as a side effect of this work. We already support ENS in a hacky, hardcoded way in go-ipfs. What we propose to do here is to remove vendor-specific code and use DNS for interop. My plan is to ship go-ipfs with some predefined DoH endpoints, so TLDs like As for DIDs, I don't believe there are any primitives for human-readable names, so out of scope here(?) |
Removed IPNS-specific work as it is already tracked in #19
lidel
changed the title
|
@BigLep I refactored this proposal to focus on adding configurable DNS resolvers to our stack + mentioned how improving human-readable names improve user onboarding story for NFT / dapps / static websites. IPNS parts are out of the scope of this proposal, but left them in explainer in the beginning, as it is important to see the full mutability picture. IPNS improvements will be tracked in #19, like you suggested. |
|
@lidel: should we also add in that Brave expecting this DoH work to get so that DNS queries are not leaked? I assume we'd add any links that provide more context about why this is important for this partner specifically. |
mikeal
added
confidence:low
There was a problem hiding this comment.
Also see some prior work in ipfs/kubo#6560 (which unfortunately died in the bike-shed).
TL;DR: I'd really like to have this.
|
|
||
| **There are known gaps in the mutable story:** | ||
| - IPNS records are only published by the original author, which severely limits the utility of our mutable names | ||
| - It is not possible to pin/republish `/ipns/{libp2p-key-cid}` names by other peers, so when original publisher disappears, IPNS links no longer resolve and we see "IPNS rot". |
There was a problem hiding this comment.
This isn't entirely true, from a protocol standpoint, at least. If the IPNS author sets an infinite "EOL" on an IPNS record, anyone can republish. However, IPNS records expire by-default to limit how "stale" of a record an attacker could return to a client.
There was a problem hiding this comment.
While protocol is mostly ok, IPNS rot is a mixture of implementation choices:
- The default is not an infinite EOL, so everything expires unless original publisher bumps the record over and over again
- Expired records are ignored during resolution, even if no valid one is present and expired ones are all we have
- Only original publisher can bump EOL and keep record available by republishing it
| - They point at reliable immutable paths (`dnslink=/ipfs/{cid}`) (no IPNS record means it resolves fast and never break). | ||
| - It works around the need for running a service responsible for constant republishing of IPNS record. | ||
| - This is a pragmatic choice, however: | ||
| - adds admin related to DNS updates (need to learn DNS provider's API for automating this, which introduces soft vendor-lock-in) |
There was a problem hiding this comment.
There are actually several "well known" APIs for updating "dynamic" DNS records. We should support those.
There was a problem hiding this comment.
Mind providing examples, so I know we talk about the same thing?
I think "several" is the problem here. I am not aware of any vendor-agnostic API for updating DNS records that is supported across multiple DNS vendors. Everything is a soup of vendor-specific HTTP APIs and I don't think IPFS project should endorse vendor lock-in like that.
There was a problem hiding this comment.
Hm. Yeah, I'm seeing the same thing. For simple A records, it looks like you can basically just "template" a URL. But that's not going to work for custom records.
There is RFC 2136, but it doesn't look well supported. I guess IPNS is simpler...
|
|
||
| **TLDR:** **We need to fix and future-proof the way mutable names work in our stack:** | ||
| - Make IPNS useful on its own, and inside of DNSLink records. | ||
| - DNS TXT record should be set only once, updates should be published over IPNS. |
There was a problem hiding this comment.
Why? Purely so we don't have to have a way to auto-update DNS records?
There was a problem hiding this comment.
Correct. It removes the need for keeping DNS credentials and in context of ENS it removes the cost of paying for gas during each update.
Thanks for elaborating, basically I would like if this was something that user could configure at OS level (even if in user space) so that brave, ipfs and others could recognize and respect as opposed to each coming up with own solution and creating a very complex user experience. |
|
@Gozala this is way beyond this proposal, but in the future go-ipfs could expose own DoH endpoint on localhost, so other services can use it as DNS cache/resolver. No need for additional service. |
Maybe I'm missing something here, but what I was trying to imply is not sticking more things into ipfs config, but rather looking at things in e.g. The reason I'm bringing this up is because there is a tendency to build things into ipfs, e.g. we have key manager, despite every OS having a native one. I realize that is not the case here, but talking to others teams might enable us to have a greater impact. |
|
This is a valid point, but feels out of scope of this project:
TLDR: Introducing a OS-level config for DNS resolution is out of scope here, but could be added in the future, as a follow-up project ("if go-ipfs config does not have custom resolver defined, fallback to user/OS-level config"). |
BigLep
added
the
Steward Priority
|
Implementation can be tracked in the "Ongoing work" section of ipfs/kubo#6532 |
cc @Gozala @autonome @aschmahmann – this summarizes various discussions/plans we had this year, give it a read in spare moment in case I missed or misrepresented something 🙏