kckeiks
commented
1 year ago Can you please explain the use case?
Open ozwaldorf opened 1 year ago
kckeiks
commented
1 year ago Can you please explain the use case?
ozwaldorf
commented
1 year ago It'd allow for a few things, such as:
localhost in advertisement (nice to have)kckeiks
commented
1 year ago valid dns+https to be resolved/used for requesting from the provider node using localhost in advertisement (nice to have)
Do these not work at the moment? We're using Hyper's client which should be doing DNS resolution already.
ozwaldorf
commented
1 year ago Do these not work at the moment? We're using Hyper's client which should be doing DNS resolution already.
Dns isn't handled in the distance calculation atm, so provider_addresses() will always return None
kckeiks
commented
1 year ago Do these not work at the moment? We're using Hyper's client which should be doing DNS resolution already.
Dns isn't handled in the distance calculation atm, so it will always return
Nonefromprovider_addresses
Why does DNS need to be included in the distance calculation? Can you please describe a specific example?
kckeiks
commented
1 year ago You mean mindmaxdb isn't going to resolve names for us? If so, this issue makes sense.
kckeiks
commented
1 year ago The only thing is, Node providers should not be advertising their domain name right? They have to specify their IP address IIRC?
kckeiks
commented
1 year ago kckeiks
commented
1 year ago Restricting this to only IPs would be a good requirement because we want to make as fewer network calls as possible.
ozwaldorf
commented
1 year ago You mean mindmaxdb isn't going to resolve names for us? If so, this issue makes sense.Exactly, unless we resolve them and give maxminddb an IpAddr
The only thing is, Node providers should not be advertising their domain name right? They have to specify their IP address IIRC?
https://github.com/fleek-network/ursa/blob/main/crates/ursa-rpc-service/src/config.rs#L6
Restricting this to only IPs would be a good requirement because we want to make as fewer network calls as possible.This is a fair point, resolving the dns would require an additional network request, it'd be good to consider speed vs security here. For example not using https would allow for MITM but saves a dns request and the possible latency there.
Kind of brings up a question though, if the domain and https is not advertised and used by the gateway, what's the point of requiring nodes to set that up?
kckeiks
commented
1 year ago This is a fair point, resolving the dns would require an additional network request, it'd be good to consider speed vs security here. For example not using https would allow for MITM but saves a dns request and the possible latency there.
The gateway can use HTTPS. It uses/knows of whatever application protocol the providers advertised so if we needed to support that, the changes shouldn't take place in the gateway but in the node.
Kind of brings up a question though, if the domain and https is not advertised and used by the gateway, what's the point of requiring nodes to set that up?
Idk about this. Maybe someone else can comment.
ps. Sorry I mistakenly edited your comment 🙈.
kckeiks
commented
1 year ago If we were to move to HTTPS, I would suggest that the nodes advertise both their IP and domain name so we could avoid the DNS call.
DNS advertisements should be supported by the gateway