-
-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ENS lookups are being done with DNSLink and failing. #10639
Comments
Kubo is using the DNSLink standard to do the ENS lookups, it's not falling back to ICANN DNS here. Instead this looks like an issue with the default ENS resolver in kubo which is cloudflare's https://github.com/ipfs/kubo/blob/master/docs/config.md#dnsresolvers. It looks like their resolver is having a problem, but if you switched to another one (e.g. I tried https://dns.eth.limo/dns-query and things looked good). Examples:
It seems to be an outage on their end and similar to other ones in the past #8836. The simplest incremental improvement here is likely being able to support multiple DNSLink resolvers from the ENS community (e.g. #8173 (comment)) so that if the ENS community designates multiple trusted resolvers (e.g. Cloudflare + eth.limo) there'd be some operational resiliency A next stage would be being able to make performing ENS queries easy and inexpensive enough that many people (or ideally anyone) could run them rather than just a few bigger infra providers. My understanding is that right now this isn't doable, but I would definitely be interested in engaging with the broader ENS community on this if there was interest. Note: in my capacity working with the Shipyard team (https://blog.ipfs.tech/shipyard-hello-world/) I've had some conversations with the ENS Labs and eth.limo folks about this, while I think there's interest I suspect more community demand is required to make this into a reality though given that having more resilient / decentralized ENS resolution is a big task. This issue will likely get closed if there's nothing else I'm missing but if there's interest in chatting more about this we can do so on https://discuss.ipfs.tech/ or the IPFS Chat channels (Matrix, Slack, Discord, etc.) |
Why isn't this just using an Ethereum JSON-RPC server? That would also make it trivial to configure, as users would just have to specify an Ethereum JSON-RPC server of their choice, which some ENS users may already have and of which there are many ways to gain access to one and several public ones. |
There are various reasons, but imo the most important one is to keep maintenance cost low and prefer vendor-agnostic way of doing things to ensure our code does not pick "winners" and is not artificially locking people into using specific project/blockchain/smartcontract to do name mapping. As Kubo maintainers:
👉 https://dnslink.dev is vendor-agnostic way of mapping DNS names to content paths and acts as universal bridge. Does not require anyone's blessing, you can create DNSLnk bridge for your own blockchain naming system and it will work with every deployment. Note TLDR Kubo/IPFS stack does not support ENS. Kubo supports DNSLink, and ENS happens to work if compatible ENS 2 DNSLink bridge is set up On solving ENS issue at hand: use different DoH resoverENS DoH resolver at We are tracking upstream fix in ipfs/boxo#771. If you want to fix your Kubo without waiting for upstream fix, set On running own ENS-based DNSLink resolverYou can also create / run your own ENS 2 DNS gateway (prior art: https://github.com/wealdtech/coredns-ens), expose things as DNS TXT record and be compatible with every legacy Kubo/Boxo without having to change any line of code. We are open to discussing adding verifiable ENS in some way, but as far I understand, there is no public JSON-RPC that allows client to retrieve enough information to verify the name, making entire idea moot. Happy to be proven otherwise with a working PoC, but at the end of the day, whatever you expose over proprietary Ethereum JSON-RPC, you can also expose over RFC-compliant DNS TXT response. |
Your points about having an agnostic system for resolution make sense to me. On verifiable ENS, if you have a recent blockhash to anchor to (which is widely available from many places on the internet), you can get a proof of ENS name resolution from an Ethereum JSON-RPC client and then validate that proof client side. Without a blockhash to anchor to though, you cannot prove anything (this is true for all blockchains). Is it reasonable to acquire a blockhash from one or more centralized sources and then ask a configured Ethereum JSON-RPC server for a proof, or were you hoping for something that wouldn't require a blockhash anchor even? |
Unsure if there is any "value add" in moving trust from DNS resolver to "trusted" blockchain anchor provider if both are run by same organization. For now, to solve issue at hand, we will switch the implicit DoH resolver to eth.limo: |
The idea is that getting the latest blockhash is something that is made widely available for free from a bunch of places on the internet, such as blockchain explorers and the like, while doing ENS lookups is a far more expensive/complicated process. To maximize censorship resistance, while also being pragmatic, one could build a client that can fetch the latest blockhash from a bunch of different sources (make sure they all return same result), trustlessly make the ENS lookup call from a single untrusted source, and then verify the results locally against the blockhash. People could anonymously run Ethereum JSON-RPC servers and add themselves to a list of available JSON-RPC providers for ENS resolution that IPFS can use, and we wouldn't need to do any validation to make sure the clients adding themselves to that list are malicious, because the responses from them would all be validated locally against the blockhash fetched from multiple semi-trusted sources around the internet. I agree that for now switching to eth.limo is probably the best immediate solution, but my hope is that the Ethereum community and IPFS community can work together to get a better solution built (like the one described above) in the future. |
For now, the issue at hand got fixed by #10655. Other things can be done, but require will and funding from both communities and go beyond the scope of this bug. If anyone is reading this and is interested in making ENS x IPFS better, see ipfs/boxo#771 (comment) |
Checklist
Installation method
ipfs-desktop
Version
Gateway version page in the GitHub issue template results in a 404.
Config
You cannot run
ipfs
CLI commands with IPFS desktop. I think what you want is this though (some redacted):Description
Attempting to navigate to
ipns://2.horswap.eth
with IPFS Companion installed redirects me to http://2.horswap.eth.ipns.localhost:8080/. That page results in an IPFS 500 error page that says:Based on the error, it appears that IPFS is attempting to resolve
2.horswap.eth
using DNS rather than using ENS.This used to work. I recently updated IPFS Desktop which seems like the most likely cause of this the problem.
The text was updated successfully, but these errors were encountered: