Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Teach the seeder about network upgrades #3

Open
gtank opened this issue Jun 10, 2020 · 1 comment
Open

Teach the seeder about network upgrades #3

gtank opened this issue Jun 10, 2020 · 1 comment
Labels
enhancement New feature or request

Comments

@gtank
Copy link
Contributor

gtank commented Jun 10, 2020
edited
Loading

Unlike the Bitcoin DNS seeder the original zcash-seeder was based on, this seeder has the need and capacity to serve different subsets of the network based on what NU the client is on.

This feature should be based on supported protocol version and supply subdomains that will seed only peers that are on the requested network epoch.

An example configuration might look like:

heartwood.seeder.example.com {
    dnsseed {
        network mainnet
        bootstrap_peers 127.0.13.37:8233
        crawl_interval 30m
        record_ttl 600
        protocol_versions 170011
    }
}

However, it should also be possible to automatically generate those subdomains with a map between name strings and protocol version ranges. In that case, each subdomain SHOULD share the same crawl process to the extent possible to avoid producing unnecessary network traffic.
@gtank gtank added the enhancement New feature or request label Jun 10, 2020
This was referenced Jun 11, 2020
Merged
Merged
zkbot added a commit to zcash/zcash that referenced this issue Jun 25, 2020
@zkbot
Auto merge of #4566 - gtank:new_seeders, r=ebfull
ab2b7c0 
Add Foundation's and gtank's DNS seeders

This adds our new DNS seeders to the list. They're running [CoreDNS](https://coredns.io) with a [Zcash crawler plugin](https://github.com/ZcashFoundation/dnsseeder), the result of a Zcash Foundation in-house development effort to replace zcash-seeder with something memory safe and easier to maintain.

These are validly operated seeders per the existing policy (https://zcash.readthedocs.io/en/latest/rtd_pages/dnsseed_policy.html):

> A DNS seed operating organization or person is expected to follow good host security practices, maintain control of applicable infrastructure, and not sell or transfer control of the DNS seed. Any hosting services contracted by the operator are equally expected to uphold these expectations.

In both cases the code is running on well-operated public cloud infrastructure in either a container or the most sandboxing appropriate to the environment. The DNS records pointing to the seeders are controlled by reputable third-party DNS providers under accounts with 2FA enabled.

> The DNS seed results must consist exclusively of fairly selected and functioning Zcash nodes from the public network to the best of the operator’s understanding and capability.

The crawler attempts to connect to all discoverable Zcash peers and ensures their continued uptime on a regular basis. The results are always a uniformly randomized subset of all known live peers.

> For the avoidance of doubt, the results may be randomized but must not single out any group of hosts to receive different results unless due to an urgent technical necessity and disclosed.

See above. However, we reserve the right to begin offering [NU-targeted results](ZcashFoundation/dnsseeder#3) based on opt-in client queries.

> The results may not be served with a DNS TTL of less than one minute.

Mainnet results are served with a TTL of 600 seconds, and Testnet results with a TTL of 300 seconds to account for greater flux on that network.

> Any logging of DNS queries should be only that which is necessary for the operation of the service or urgent health of the Zcash network and must not be retained longer than necessary nor disclosed to any third party.

There is no logging of DNS queries in either production configuration, which can be somewhat confirmed by examining the Corefile(s) [[1]](https://github.com/ZcashFoundation/coredns-zcash/blob/master/coredns/Corefile)[[2]](https://github.com/ZcashFoundation/coredns-zcash/blob/master/scripts/gcp-start.sh#L9-L27) we use.

> Information gathered as a result of the operators node-spidering (not from DNS queries) may be freely published or retained, but only if this data was not made more complete by biasing node connectivity (a violation of expectation (1)).

The seeder currently has no persistence outside of its static config file, so this data is neither retained nor shared by the operators.

> Operators are encouraged, but not required, to publicly document the details of their operating practices.

Our deployments are described in detail by the [coredns-zcash](https://github.com/ZcashFoundation/coredns-zcash) repo. Reader, you could run one too!

> A reachable email contact address must be published for inquiries related to the DNS seed operation.

For general questions related to either seeder, contact [email protected] or mention @gtank in the Foundation's Discord. For bug reports, open an issue on the [dnsseeder](https://github.com/ZcashFoundation/dnsseeder) repo.
@teor2345
Copy link
Contributor

teor2345 commented May 6, 2021

Typically, we'll only have seeders for two network upgrades active at any one time - the current network upgrade, and the next network upgrade. (Or the previous one, if we've just passed an activation.)

At network upgrade activation, we should switch the default seeder from current to next.

@teor2345 teor2345 mentioned this issue May 6, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gtank @teor2345