-
Notifications
You must be signed in to change notification settings - Fork 143
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
<domain> is very limited in LUD-16, add additional DNS record types to allow flexibility #93
Comments
I agree with you. It would have been better to make the server listen on a subdomains like Luckily there are reverse proxies out there that can route requests from a central domain to other domains and that's what you can do if you want to run separate servers. |
Is it too late to add a provision to the spec so that you can make a DNS lookup on the subdomain (i.e. TXT record on _lud16.<domain> ) and get the lightning URL from there? |
This still won't help the situation, wouldn't that force everybody to use the domain name of the reverse proxy? Ideally this would work so that people can simply use their email addresses as lightning addresses. |
I am also confused about that. The word "central" in your comment is a red flag to me. I also don't think a specific subdomain like |
I've been thinking about this since 2017 and at one point started working on an outline for a "BCRPTR" RRtype spec (Blockchain Resource Pointer) and it roughly mimicked the SRV format. SRV records have a very specific format and meaning, TXT records have the flexibility to craft a format better suited (think SPF records). But this may be overthinking it. I think the best approach would be something that could work across all protocols by convention more than anything else: So, underscore scoping could actually work quite well here: Given: [email protected] Instead of coming up with something complex like a SRV record or TXT specification, you just use:
You wouldn't even need a DNS RRType down the road because I think this could get the job done as is. |
I wrote up an article on this for Bitcoin Magazine https://bitcoinmagazine.com/technical/simplifying-bitcoin-addresses-dns |
I strongly support the idea of defining an SRV Record on
For example:
But I guess it is too late to change the specs. |
What protocols are you trying to work across?
SRV seems pretty simple. What you have below seems to be a TXT specification.
Not sure why you want to use DNS to register every single user on a domain. Seems like the DNS should be used to point to a specific server that is general enough for all users. It doesn't make sense to me to bloat DNS with information about all users.
No idea what this is referring to.
What's the motivation to add a static on-chain address to DNS, escpecially for something related to lightning? It's discouraged to re-use addresses and I don't know why we'd want to use DNS as a way to continuously publish new addresses that everyone can read.
Why would a new RRType be needed if SRV works (now, or down the road)? |
I like this proposal. It seems simple, yet general enough. |
I suggested TXT records instead of SRV records because using SRV is still overthinking it. There are at least two additional fields in SRV which would be largely unused but must be present. With a TXT record and using the underscore scoping you can just is the RHS to get specify exactly what you're referencing on the LHS:
I mentioned these wider examples to show how we can get from using a format we're all familiar with [email protected] to specify resources across numerous use cases, blockchains, layer 1, smart contracts, etc. You could use your email address, for example, to specify multiple attributes about that identity endpoint. The protocols around each mechanism (Lightning, ENS resolvers, Bitcoin wallet providers) would just need to know what to lookup, and get the answer for what their destination is. |
What is wrong with the priority and weight fields of SRV records? Aren't these valuable scaling features for large domains? Not sure how the ethereum name service has any relevance here. I agree that your |
While you're at it, it would be a relatively large security upgrade to offer a DNSSEC-secured lookup over the current HTTPS (TLS-CA)-secured ones. This could come in many forms, a simple way would be DANE, which most TLS libraries offer support for. The simplest protocol, of course, would just be to have clients request the invoice through the DNS itself - by having a client do a request to a random subdomain and get a TXT record back, of course the server side of that is a bit more complicated. |
Most TLS libraries offer support for? When you last mentioned DANE here in some other issue I looked around for how to implement that and barely could find any information. Ended up with a single Golang library mostly abandoned that no one seemed to be using. What did I search wrong? Where can I find some example implementations? |
No idea about what's available for golang, but openssl (and presumably its derivatives) and gnutls both support DANE. If you can get the authenticated TLSA DNS record its also pretty easy to apply DANE checks against any TLS library that exposes the certificates - its ultimately standard TLS with certificate pinning that opts you out of the standard TLS CA cluster* |
In LUD-16, you have
<domain>
. It is my assumption (although it's not clearly defined) that this is referring to the DNS A record for the domain? This is very inflexible. It is every likely that one may not want to run a service on the host defined by the DNS A record to serve lightning invoices. It is very likely that their main website will be hosted there. E-mail has MX records for this very purpose. I propose that you create a new optional DNS record type that defines the host that should be contacted to request the invoice from. If that record is defined, then don't use the A record. If the record isn't defined, use the A record (just like e-mail).Additionally, you may want to give the user the flexibility on what TCP port is used to connect to instead of port 80 or 443. You might want to also define a DNS SRV record that allows this to be changed. This can be very useful to people who have only one IP address but still want to run the invoice serving service on a different machine than their website.
The text was updated successfully, but these errors were encountered: