DNSADDR allowed to point to other types then `/p2p`?

[ben221199]

Hello there,

In the DNSADDR spec, resolution using a domain name is explained. In case of mydomain.com (written as /dnsaddr/mydomain.com in multiaddr), I can dig with dig TXT _dnsaddr.mydomain.com and I will receive TXT records with DNSADDR information.

For example, querying the DNSADDR of bootstrap.libp2p.io gives the following records:

_dnsaddr.bootstrap.libp2p.io. 363 IN    TXT     "dnsaddr=/dnsaddr/am6.bootstrap.libp2p.io/p2p/QmbLHAnMoJPWSCR5Zhtx6BHJX9KiKNN6tpvbUcqanj75Nb"
_dnsaddr.bootstrap.libp2p.io. 363 IN    TXT     "dnsaddr=/dnsaddr/ams-rust.bootstrap.libp2p.io/p2p/12D3KooWEZXjE41uU4EL2gpkAQeDXYok6wghN7wwNVPF5bwkaNfS"
_dnsaddr.bootstrap.libp2p.io. 363 IN    TXT     "dnsaddr=/dnsaddr/ny5.bootstrap.libp2p.io/p2p/QmQCU2EcMqAqQPR2i9bChDtGNJchTbq5TbXJJ16u19uLTa"
_dnsaddr.bootstrap.libp2p.io. 363 IN    TXT     "dnsaddr=/dnsaddr/sg1.bootstrap.libp2p.io/p2p/QmcZf59bWwK5XFi76CZX8cbJ4BhTzzA3gU1ZjYZcYW3dwt"
_dnsaddr.bootstrap.libp2p.io. 363 IN    TXT     "dnsaddr=/dnsaddr/sv15.bootstrap.libp2p.io/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN"
_dnsaddr.bootstrap.libp2p.io. 363 IN    TXT     "dnsaddr=/dnsaddr/sv16.bootstrap.libp2p.io/p2p/QmZa1sAxajnQjVM8WjWXoMbmPd7NsWhfKsPkErzpm9wGkp"

Because these records begin with /dnsaddr, there is a recursive query needed. Querying the DNSADDR of am6.bootstrap.libp2p.io gives the following records:

_dnsaddr.am6.bootstrap.libp2p.io. 2 IN  TXT     "dnsaddr=/dns4/am6.bootstrap.libp2p.io/tcp/443/wss/p2p/QmbLHAnMoJPWSCR5Zhtx6BHJX9KiKNN6tpvbUcqanj75Nb"
_dnsaddr.am6.bootstrap.libp2p.io. 2 IN  TXT     "dnsaddr=/dns6/am6.bootstrap.libp2p.io/tcp/443/wss/p2p/QmbLHAnMoJPWSCR5Zhtx6BHJX9KiKNN6tpvbUcqanj75Nb"
_dnsaddr.am6.bootstrap.libp2p.io. 2 IN  TXT     "dnsaddr=/ip4/147.75.87.27/tcp/4001/p2p/QmbLHAnMoJPWSCR5Zhtx6BHJX9KiKNN6tpvbUcqanj75Nb"
_dnsaddr.am6.bootstrap.libp2p.io. 2 IN  TXT     "dnsaddr=/ip4/147.75.87.27/udp/4001/quic/p2p/QmbLHAnMoJPWSCR5Zhtx6BHJX9KiKNN6tpvbUcqanj75Nb"
_dnsaddr.am6.bootstrap.libp2p.io. 2 IN  TXT     "dnsaddr=/ip6/2604:1380:4602:5c00::3/tcp/4001/p2p/QmbLHAnMoJPWSCR5Zhtx6BHJX9KiKNN6tpvbUcqanj75Nb"
_dnsaddr.am6.bootstrap.libp2p.io. 2 IN  TXT     "dnsaddr=/ip6/2604:1380:4602:5c00::3/udp/4001/quic/p2p/QmbLHAnMoJPWSCR5Zhtx6BHJX9KiKNN6tpvbUcqanj75Nb"

These records begin with /ip4, /ip6, /dns4 and /dns6 and are known protocols to resolve the server further. After also resolving all things after it, there could be a connection with the peer.

---

However, I have multiple questions. The are all about the last multiaddr type.

1) First of all, when querying the DNSADDR of mydomain.com, I get results in the form /dnsaddr/<domain>/p2p/<someP2P>. Is the last type really needed? Because recursion is needed, it seems to be it could be possible to do /dnsaddr/<domain> as the first response and /ip4/<someIPv4>/tcp/<somePort>/p2p/<someP2P> as second (recursive) response. (And maybe it could be also the other way around: if /p2p is omitted in the second response, it will take the /p2p value of the first response.)

2) Until now, every target was eventually a peer (/p2p). My question is if it is also possible with DNSADDR to point directly to an IPFS or IPNS address, like this: dig TXT _dnsaddr.mydomain.com => dnsaddr=/ipns/<someIPNS>. In that case it would be possible for the domain mydomain.com to host some information of the domain/website on the IPFS network. Does this work? Are there some rules?

Thanks in advance

Ben

[mxinden]

2. Until now, every target was eventually a peer (/p2p). My question is if it is also possible with DNSADDR to point directly to an IPFS or IPNS address, like this: dig TXT _dnsaddr.mydomain.com => dnsaddr=/ipns/<someIPNS>. In that case it would be possible for the domain mydomain.com to host some information of the domain/website on the IPFS network. Does this work? Are there some rules?

Maybe @lidel knows more here.

[ben221199]

Seems that @lidel is not available or busy. Is there somebody else who knows if DNSADDR can point to other things than p2p?

[zargarzadehm]

Is there any docs step by step or any clue for setup a relay behind dns4 and config Cloudflare Nginx or other tools?

[lidel]

(1) I get results in the form /dnsaddr/<domain>/p2p/<someP2P>. Is the last type really needed?

Depends on your threat model. If you omit /p2p/{peerid} then the layer without it will be vulnerable to MITM attacks.

(2) is if it is also possible with DNSADDR to point directly to an IPFS or IPNS address

afaik no: DNSADDR is for addressing peers, not content, thus only /p2p is allowed.

For content, use DNSLink instead

We have a sister protocol for addressing content, called DNSLink. See https://docs.ipfs.tech/concepts/dnslink/ and https://dnslink.dev/ for more details and examples.

You can set DNS TXT records yourself, or use a service that does it for you, for example:

• DNSLink is supported by services like Fleek (https://docs.fleek.co/domain-management/dns-link/)
• Cloudflare (https://developers.cloudflare.com/web3/ipfs-gateway/concepts/dnslink/)
• it is also how alternative naming systems such as ENS or Handshake point at content on IPFS

HTTP Gateway provided by Kubo supports DNSLink out of the box:

• Example: https://dweb.link/ipns/en.wikipedia-on-ipfs.org
• Related specs: https://github.com/ipfs/specs/blob/main/http-gateways/DNSLINK_GATEWAY.md
• Related DNS config (if you need more than ICANN DNS): https://github.com/ipfs/kubo/blob/master/docs/config.md#dns

ps. I am closing this since this is more a support question than a bug report or feature request. In the future, try asking in https://discuss.ipfs.io/c/help/13 – a wider community will be able to answer questions like this :-)

[ben221199]

Thanks @lidel