Seeds of Consensus: Bitcoin Core DNS Seeds in /src/kernel/chainparams.cpp \ stacker news ~bitdevs

Seeds of Consensus: Bitcoin Core DNS Seeds in /src/kernel/chainparams.cpp

394 sats \ 6 comments \ @DiedOnTitan 20 Feb bitdevs

As I continue to explore the code base for Bitcoin, I come back to the way that node peers are discovered for consensus. This is a foundational aspect of Bitcoin - validating blocks and agreeing on their hash values. I have discovered the DNS Seeds that are hardcoded into Bitcoin Core, which reveals the hostnames and some personal names of obviously some trusted and prominent developers. This may be the single most centralized and trustful aspect of Bitcoin. What's interesting to me is that there are a very small handful of hostnames that underpin the entire consensus framework.

What is your take on this potential centralized vulnerability?

$ grep vSeeds.emplace_back src/kernel/chainparams.cpp | sed 's/^\ \{1,\}//' | rev | sort -t";" -k2,2 | rev
vSeeds.emplace_back("dummySeed.invalid.");
vSeeds.emplace_back("seed.bitcoin.sipa.be."); // Pieter Wuille, only supports x1, x5, x9, and xd
vSeeds.emplace_back("dnsseed.emzy.de."); // Stephan Oeste
vSeeds.emplace_back("testnet-seed.bluematt.me."); // Just a static list of stable node(s), only supports x9
vSeeds.emplace_back("dnsseed.bluematt.me."); // Matt Corallo, only supports x9
vSeeds.emplace_back("dnsseed.bitcoin.dashjr.org."); // Luke Dashjr
vSeeds.emplace_back("seed.bitcoin.jonasschnelli.ch."); // Jonas Schnelli, only supports x1, x5, x9, and xd
vSeeds.emplace_back("testnet-seed.bitcoin.jonasschnelli.ch.");
vSeeds.emplace_back("seed.bitcoin.sprovoost.nl."); // Sjors Provoost
vSeeds.emplace_back("seed.signet.bitcoin.sprovoost.nl.");
vSeeds.emplace_back("seed.testnet.bitcoin.sprovoost.nl.");
vSeeds.emplace_back("seed.bitcoinstats.com."); // Christian Decker, supports x1 - xf
vSeeds.emplace_back("seed.btc.petertodd.net."); // Peter Todd, only supports x1, x5, x9, and xd
vSeeds.emplace_back("seed.tbtc.petertodd.net.");
vSeeds.emplace_back("seed.bitcoin.wiz.biz."); // Jason Maurice
vSeeds.emplace_back("v7ajjeirttkbnt32wpy3c6w3emwnfr3fkla7hpxcfokr3ysd3kqtzmqd.onion:38333");
vSeeds.emplace_back("178.128.221.177");

view all related items

248 sats \ 1 reply \ @kristapsk 20 Feb

I'ts not part of consensus, just a way to find initial peers (other nodes). Originally instead of this there was single hardcoded IRC channel on single IRC server (#bitcoin on Freenode). Any user can use addnode= to manually add different peer from the start and then that peer will be used to discover other peers too (and if you help setting up node to your friend, it's good idea to addnode= your node in config for him).

But it's good that you are going through code, don't trust - verify!

0 sats \ 0 replies \ @DiedOnTitan OP 20 Feb

I appreciate the historical context indicating how peers were initially discovered through IRC.

95 sats \ 1 reply \ @ek 20 Feb

It's used to find initial peers, after that it's no longer used since your peers tell you about their peers. So it's just for bootstrapping the peer database.

You can always connect manually to a known peer for bootstrapping.

So imo, it looks worse than it is. I don't see another way to achieve the same thing as effectively.

0 sats \ 0 replies \ @DiedOnTitan OP 20 Feb

Beginning to clarify for me. Thanks. So this seeds the peering database with trusted nodes, but it is not necessarily a centralized attack vector.

0 sats \ 0 replies \ @Coinsreporter 20 Feb

0 sats \ 0 replies \ @DiedOnTitan OP 20 Feb

I went through each of these hostnames, pinging them, then doing a WHOIS lookup to determine the Autonomous System (AS) number, which informs which network the host routes to.

Ping however will only grab one IP from a list of possible IP Addresses. It turns out that most of these hostnames point to numerous IP addresses. Which makes perfect sense for fault tolerance, geographic dispersion, and redundancy reasons. The next step I listed all IP addresses tied to each seed hostname:

$ dig +short a seed.bitcoin.sipa.be
93.81.254.159
173.241.227.243
5.45.74.50
68.219.242.34
121.226.58.95
136.244.19.126
31.164.160.162
209.204.29.18
51.15.11.99
18.198.16.76
216.82.38.46
92.43.187.34
54.91.248.109
18.217.35.153
31.188.245.244
18.222.149.135
35.205.117.63
37.60.240.209
188.68.53.44
37.60.234.45
73.117.132.138
35.237.144.170
62.24.76.122
109.86.60.33
179.228.234.7

To get a better feel for these IP addresses, I wrote a script to collect various data points on each of these IP addresses. Here is the result of the first hostname:

Hostname              IP Address       Reverse IP
seed.bitcoin.sipa.be  104.62.136.12    104-62-136-12.lightspeed.mssnks.sbcglobal.net
seed.bitcoin.sipa.be  134.122.100.130
seed.bitcoin.sipa.be  108.44.152.24    pool-108-44-152-24.clppva.fios.verizon.net
seed.bitcoin.sipa.be  86.104.228.41
seed.bitcoin.sipa.be  185.231.220.189  swinglicious.com
seed.bitcoin.sipa.be  68.219.242.34
seed.bitcoin.sipa.be  188.166.72.55
seed.bitcoin.sipa.be  65.109.85.139    static.139.85.109.65.clients.your-server.de
seed.bitcoin.sipa.be  109.173.126.157  broadband-109-173-126-157.ip.moscow.rt.ru
seed.bitcoin.sipa.be  195.56.63.11
seed.bitcoin.sipa.be  167.235.110.208  static.208.110.235.167.clients.your-server.de
seed.bitcoin.sipa.be  185.70.43.193    185-70-43-193.protonmail.ch
seed.bitcoin.sipa.be  18.162.156.95    ec2-18-162-156-95.ap-east-1.compute.amazonaws.com
seed.bitcoin.sipa.be  172.234.95.35    172-234-95-35.ip.linodeusercontent.com
seed.bitcoin.sipa.be  69.181.240.40    c-69-181-240-40.hsd1.ca.comcast.net
seed.bitcoin.sipa.be  62.54.183.27
seed.bitcoin.sipa.be  195.201.86.117   static.117.86.201.195.clients.your-server.de
seed.bitcoin.sipa.be  62.210.88.131    23ce2d6f-677d-476e-883f-9d322bdbbc84.fr-par-1.baremetal.scw.cloud
seed.bitcoin.sipa.be  192.95.31.84     ns502652.ip-192-95-31.net
seed.bitcoin.sipa.be  5.253.18.218
seed.bitcoin.sipa.be  71.188.127.21    static-71-188-127-21.cmdnnj.fios.verizon.net
seed.bitcoin.sipa.be  5.189.144.87     m3087.contabo.host
seed.bitcoin.sipa.be  177.170.79.252   177-170-79-252.user.vivozap.com.br
seed.bitcoin.sipa.be  13.228.111.109   ec2-13-228-111-109.ap-southeast-1.compute.amazonaws.com
seed.bitcoin.sipa.be  185.152.138.74   static17.byfly.gomel.by

Just discovered https://bitnodes.io/ which has accomplished much of the initial goal of my project, which was to map the Bitcoin node network and track its growth over time.