--p2p-host does not accept dns-names "valid advertisement host required"

[besu-p2p-host]

Description

For users with a dynamic IP-address the option "p2p-host" does not work very well. Using a dns name for example besu.dyndns.org linked to ip-address result in the error message "valid advertisement host required".

With prym you can run p2p-host-dns=besu.dyndns.org. Read more here https://docs.prylabs.network/docs/prysm-usage/p2p-host-ip#broadcast-your-public-ip-address

This is not a bug but a very important feature for us with a dynamic IP or VPN users who care about their privacy. Please implement this.

[daniellehrner]

The P2P network of Ethereum works only with IP addresses, not with domain names. That is why --p2p-host is not accepting domain names.

If I understand the docs of Prysm correctly they only support static IP addresses. Correct me if I am wrong, but I would assume they only look up the IP address of the domain name at start up, but don´t update it afterwards anymore.

[besu-p2p-host]

Correct me if I am wrong, but I would assume they only look up the IP address of the domain name at start up, but don´t update it afterwards anymore.

I thought this feature existed specifically to help everyone with a dynamic IP. I dont know either but it makes sense to me if the feature works like this. That the DNS resolver checks the dns name thats broadcasted from time to time whenever someone needs to connect to the node... If its configured to run with the p2p-host-dns besu.dyndns.org.

[daniellehrner]

I thought this feature existed specifically to help everyone with a dynamic IP. I dont know either but it makes sense to me if the feature works like this. That the DNS resolver checks the dns name thats broadcasted from time to time whenever someone needs to connect to the node... If its configured to run with the p2p-host-dns besu.dyndns.org.

I would clarify this with the Prysm team, just to be sure.

As for Besu we can consider that, but I cannot give you any guarantees or timeline for it. But I understand your need for it. Do you maybe know how often your IP address changes and how often it would make sense to check if it has changed?

[besu-p2p-host]

I would clarify this with the Prysm team, just to be sure.

Directly from @nisdas / Nishant (Prysm team@Discord);

For discovery, it is only a one time resolution at startup

But for libp2p peers, multiaddresses support dns identites. So it helps with peers who have dynamic ips. I am guessing in besu's case, they use devp2p not libp2p. So its a different case

It is very hard to estimate :(. It can be three times a day but also once a week. I dont know anything about the tech behind this or how an "established connection" is stored or how they communicate....... But in a dreamworld... I wish it would broadcast the dns name only, and everyone who cannot connect to the dns name anymore (because of the first resolved IP is not correct/working) would retry and hopefully get the new IP.

(written by someone who doesnt know a damn thing about this :D) _

[ajsutton]

So to provide some context...

Execution clients use devp2p for connections between nodes and discovery v4 for the UDP based node discovery. Both of those only support IPs and DNS can't be used.

Consensus clients use libp2p connections between nodes and discovery v5 for the UDP based node discovery. discv5 has two key improvements over v4 - firstly it supports using dns names when advertising nodes, but it also supports automatic detection of your external IP address so it works fine with dynamic IP addresses and doesn't actually need to use DNS.

The difference between devp2p and libp2p doesn't really matter here because it's the discovery layer that you need to make work and it can propagate information about IP changes about as quickly as DNS will. So sadly your consensus client will just work automatically if you don't specify an external IP to advertise and let it detect the right one - it will automatically update each time your IP changes. But execution clients have no way of doing that until discv5 gets adopted at the execution layer.

The bigger issue you're likely to have with a dynamic IP that changes regularly is that each time it changes you're going to lose all peers and take some time to reconnect, purely because IP change will interrupt all the existing TCP connections to peers you've discovered.

If you only need to look up the external IP to advertise at startup, you could do this with a wrapper script that uses host or nslookup to resolve the IP and then sets that as the advertised IP for besu. But if the IP changes often while you're running you'd need to setup a monitoring script that restarts besu each time the IP changes.

[abhayprasadnovartis]

Hi, Any update on this? or still this is an open issue? Cant we provide DNS name in p2p host as of now?

[ajsutton]

The execution layer (which besu implements) still uses devp2p so only supports IP addresses. There are no plans to support DNS at the protocol level that I'm aware of which means at best besu could support DNS for private networks using a custom modification to devp2p.

[abhayprasadnovartis]

Thanks @ajsutton for response. While searching I came across Node allowlists support domain names in enode URLs as an early access feature. Use the --Xdns-enabled option to enable domain name support. The link for the same is as below. Will this setting work to resolve "Valid advertisement host required issue"? Link -: https://besu.hyperledger.org/en/stable/private-networks/how-to/use-permissioning/local/

[moodysalem]

I would also like this feature, I've noticed my client takes a really long time to find peers, probably because my node runs behind a VPN (which supports port forwarding) with an IP that often changes and I don't have a good way to set this option

[icemagno]

Just to clarify ... when I am using external nodes ( from another hosts ) what kind of confihuration I must use?

I having "host not permited" issues from my permission file. Using "DOKER" nat and DNS activated. Using host names in permission file.

The nodes connect fine when all are in my internal Docker environment.