IBC#015: Bitcoin Core Initialization — Part 9
DNS Seed Validation, Name Lookup Configuration and Proxy Randomization
Hello everyone and welcome to this new episode of Inside Bitcoin Code.
A special welcome to the new people that recently subscribed to this newsletter, I hope that you will enjoy what I write. A small suggestion for you: if you know nothing about coding start reading the posts from Learn2Code to get some basic knowledge before diving in the real deal.
A huge thanks to each of the 139 subscribers of this newsletter and to those who decided to contribute with some sats to this project. It means the world to me!
Today we are going to continue our trip inside the initialization of Bitcoin Core with DNS seed validation
Let’s start!
DNS Seed Validation
As a first step, the code verifies if the -dnsseed was passed through the initialization arguments. If abilitated, it allows a new node to connect to a special DNS server which maintains a list of active nodes. This facilitates the discovery of peers in the Bitcoin network. [Code Link]
// Requesting DNS seeds entails connecting to IPv4/IPv6, which -onlynet options may prohibit:
// If -dnsseed=1 is explicitly specified, abort. If it's left unspecified by the user, we skip
// the DNS seeds by adjusting -dnsseed in InitParameterInteraction.
if (args.GetBoolArg("-dnsseed") == true && !g_reachable_nets.Contains(NET_IPV4) && !g_reachable_nets.Contains(NET_IPV6)) {
return InitError(strprintf(_("Incompatible options: -dnsseed=1 was explicitly specified, but -onlynet forbids connections to IPv4/IPv6")));
};DNS seeding requires an IPv4 or IPv6 connection to work. However, if the -onlynet options is set, these types of connections are forbidden, thus a check is done on whether or not these two incompatible options are present at the same time. In case this happens, an error is returned.
Name Lookup Configuration
After that, the software goes on to check whether or not the -dns flag has been explicitly set. In case it is set to true (which is the default), the node is able to resolve hostnames to IP addresses, while if it is set to false, only raw IPs will work. The latter guarantees more privacy, at the cost of requiring more manual configuration.
// Check for host lookup allowed before parsing any network related parameters
fNameLookup = args.GetBoolArg("-dns", DEFAULT_NAME_LOOKUP);Proxy Randomization
Finally, the -proxyrandomize argument is checked for. This setting is specific for Tor proxy connections and allows to implement the so-called stream isolation. This technique ensures that different activities within the same application use separate Tor circuits. This prevents an attacker from correlating your various online activities.
bool proxyRandomize = args.GetBoolArg("-proxyrandomize", DEFAULT_PROXYRANDOMIZE);In case it is set to true (which is the default), each node connection uses a different Tor circuit, while if it is set to false, the same circuit is used. The former guarantees a higher level of anonimity, at the cost of slowing down connections.
Let’s keep in touch:
Check out my writings on btc++ insider edition
Try my new app Sats Tracker, an expense tracker app for people living in the Bitcoin standard.
Zap me a coffee: tuma@wallet.yakihonne.com
"a new node to connect to a special DNS server" is this a possible weak point in the network? take down this DNS server(s) and you take away the ability of new nodes to connect?