From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1Wkzm8-00081Q-ON for bitcoin-development@lists.sourceforge.net; Thu, 15 May 2014 17:49:00 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.215.46 as permitted sender) client-ip=209.85.215.46; envelope-from=gmaxwell@gmail.com; helo=mail-la0-f46.google.com; Received: from mail-la0-f46.google.com ([209.85.215.46]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1Wkzm7-0003kS-Q4 for bitcoin-development@lists.sourceforge.net; Thu, 15 May 2014 17:49:00 +0000 Received: by mail-la0-f46.google.com with SMTP id ec20so1086934lab.5 for ; Thu, 15 May 2014 10:48:53 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.152.4.1 with SMTP id g1mr8430427lag.20.1400176133042; Thu, 15 May 2014 10:48:53 -0700 (PDT) Received: by 10.112.89.68 with HTTP; Thu, 15 May 2014 10:48:52 -0700 (PDT) In-Reply-To: References: Date: Thu, 15 May 2014 10:48:52 -0700 Message-ID: From: Gregory Maxwell To: Andreas Schildbach Content-Type: text/plain; charset=UTF-8 X-Spam-Score: -1.6 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (gmaxwell[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1Wkzm7-0003kS-Q4 Cc: Bitcoin Development Subject: Re: [Bitcoin-development] DNS seeds unstable X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 May 2014 17:49:01 -0000 On Thu, May 15, 2014 at 4:50 AM, Andreas Schildbach wrote: > I'm bringing this issue up again. The current Bitcoin DNS seed > infrastructure is unstable. I assume this is because of we're using a > custom DNS implementation which is not 100% compatible. There have been > bugs in the past, like a case sensitive match for the domain name. If software is using the DNS seeds in a way where one or two being unavailable is problematic, then the software may be using them poorly. Generally DNS seeds should only be used as fast connectivity hints, primarily for initial connectivity. Relying on them exclusively increases isolation vulnerabilities (e.g. because the dns seed operators or any ISP or network attacker on the path between you and the seeds can replace the results with ones that isolate you on a bogus network).