Add support for DNS #2214
Add support for DNS #2214
Conversation
|
Congrats, the tests are passing now. |
|
@filips123 Should this PR be merged if it doesn't work without Zeroname plugin? |
|
@imachug It should be. Zeroname is still the default domain system and almost no one would disable it. But I think that this issue should be fixed quickly. But I actually only tested this few months ago with ENS plugin (which uses same structure as this). I will also try to test this again now. Update: I tested this again and I can confirm that it works only when Zeroname is enabled. When Zeroname is disabled, the site will try to load (it will open wrapper and page title will be set), but the actual page will load forever. See debug log here - the error is (almost) the same as in #2128. When Zeroname is enabled, it will work normally. |
|
@HelloZeroNet Do you know what could be a reason for that error? |
|
I think this should be a separate plugin, because depending on the traditional dns system somehow defeat the decentralized and uncensorable goals of the project. I will check why is it not working without zeroname |
|
@HelloZeroNet I don't think so. I would agree with you if my plugins would be the only way for domains in ZeroNet. But since users can also use Zeroname (or any other domain plugin), it would actually make it more decentralized as users won't be forced to use one particular domain system. |
|
Exactly! Multiple centralized solutions provides more decentralization than one centralized solution (and I would even say multiple solutions is better than one period). Of course, the best would be multiple decentralized solutions, but we have more work to get to that point. |
And it is actually not so easy to implement a really decentralized solution. Almost every third-party domain system for integration with ZeroNet (or any other project) would require either:
|
|
@HelloZeroNet @shortcutme Did you find why this plugin doesn't work without Zeroname? |
|
Yes, I pushed an update (Rev4238) that should make it work without the Zeroname plugin. It happened because of the missing actionSiteMedia patching without the Zeroname plugin. |
|
@HelloZeroNet Should I change anything in this plugin or it will simply work? From your commits, I saw that you removed |
|
Hi @filips123 @HelloZeroNet |
|
@filips123 With reverse proxy I can use any TLD I want to host on ZeroNet. I don't really think this _dnslink will allow me to use for example: zeronet.example.org. IN CNAME zeronet.gateway.example.org That would be the goal no? The headers and sandbox in any case where /raw/ requested should be removed! |
ghost
mentioned this pull request
|
@filips123 i've been thinking about how to bridge ENS to Zeronet for a while now. With the new ENS system and 3,4,5-letter domains being auctioned now, I think the system will gain traction within the crypto community. What's the status of #2164? Is this working? If so, then imo the next step is to bridge back to the clearnet for users NOT running the client. Cloudflare offers this for IPFS websites. Currently in the process of moving almost all of our front-end code over to IPFS. Honestly, it has its issues (mainly caching seems sketchy, but perhaps more seeding is needed), but overall its been working flawlessly for months. You can read about it here, if you're unfamiliar: The idea is, our proxy at 0net.io would serve (as it does now) the files to Clearnet users, however, they would be able to use While still making improvements to the proxy's underlying infrastructure, its realatively stable at this point https://status.0net.io. Let me know if you'd be interested in adding that support to your plugin. And, well, how you think we'd go about implementing that into the current proxy's code. Regardless, good luck with this effort. Don't hesitate to reach for help testing, debugging, whatever. cheers! |
|
@d14na This has nothing to do with dnslink on Zeronet far as I read your comment. Lastly forget 0net.io because that is a big trash. If you want to proxy clearnet to ZeroNet you will need your own servers for front and back-end!!!!! |
|
A private key can only be recovered if you sign something twice using the same random number, which is next to impossible |
|
@HelloZeroNet I bundled all plugin's dependencies (DNSPython and DNSLink) into ZIP file along with plugin's source code. That ZIP file is then added to Python's path (Python can load modules from ZIP) in case if dependencies are not already installed. I also included support for DNS-reverse-proxy (implemented by @imachug) which enables you to create a site which is hosted on ZeroNet and access it like normal website. To do this, you need to create DNSLink TXT record that points to site address and CNAME/A/AAAA that points to ZeroNet instance. In case of local ZeroNet instance, the site can be accessed at |
|
@HelloZeroNet @shortcutme Can you check and merge this? Dependencies are now bundles with source code (and all licenses are compatible) so there shouldn't be any problem with using this plugin. This would allow accessing ZeroNet sites from classic DNS domains which is useful in case if site author already has domain (or want to use free OpenNIC domain) and don't want to register another Namecoin domain. And it would also allow accessing ZeroNet as reverse-proxy. So if the domain has CNAME/A/AAAA record that points to ZeroNet instance and TXT record which contains the address of the site, the site will be directly accessible from that domain. In case of local instances, this will have to include port But this is actually not so important for this PR so it would be great if you can merge it. And even if classic DNS is centralized, adding it as additional, but enabled by default, domain system won't defeat decentralized goals of ZeroNet, as users will actually have more choice between domain systems. And with ENS support, it would make it even more decentralized. |
|
Ok, I'm not against it, I will do some tests later on it. |
|
My PR for DNS-over-HTTPS support has been merged, so we don't need to depend on my fork anymore. However, we still need to use Git-based version, as changes still aren't released in new version. |
Before this commit, all requests with non-IP `HOST` header were considered as proxy requests. This means that using ZeroNet as a public proxy with own domain would also be considered as proxy request, so all requests would fail. This now checks if `HOST` is in `ui_host` config and if it is, it is considered as normal request and not as a proxy. This should now allow using ZeroNet on a public domain.
This allows setting custom WebSocket URL for proxy requests. It is useful when ZeroNet is deployed as public proxy in virtual machine or container, where `SERVER_NAME` and `SERVER_PORT` don't contain public server URL.
|
@imachug I tested DNS reverse proxy with my public ZeroNet proxy and problem is that sometimes cookies are not sent to WebSocket connection which means that connection fails with Multiuser plugin. Do you think it would be possible to send that cookie to WebSocket connection even if it is in a different origin than the website? Also, zero button links to Also, can you check if there can be any possible security problems with accessing WebSocket from a different origin and such? |
AFAIK there's no way to add a cookie to another site. The only solution I've managed to come up with is sending the cookie via the websocket, say, in the first message. @HelloZeroNet Do you think that might work? |
Where do you want it to redirect to? Probably the root of the site? |
I think that's safe. We're using wrapper_key as a security measure so there's no problem as long as the key verification is in action. |
In non-web-based WebSocket clients (in Node.js and Python) you can set cookies. However, I'm not sure if browsers also allow this. So yes, if sending cookies is not possible, it should be sent either in URL or in first message.
Yes. |
You can set cookies in browsers too but only if they are same-origin. |
|
There is one other thing. Is there any reason why WebSocket requests are made to different origin that is specified in |
|
I think there was a reason but I can't remember now. @HelloZeroNet? |
|
Yeah PAC-based proxy configs/extensions does not work with websocket. So when you access http://zeronet.bit you still have to connect http://127.0.0.1:43110/Websocket |
|
What is the state of this PR? |
|
Just accessing DNS domains works. However, DNS reverse proxy with Multiuser plugin sometimes doesn't because of cookies and CORS. |
|
I have idea how this cross-origin cookie/multiuser handling could be implemented:
Advantage of this is that if cookies are sent in first place, there isn't any need for any additional message, which means that it shouldn't affect speed. Additionally, it stays compatible with all current clients. |
A small fix: user masterseed, not address. |
|
Master seed or master address? Cookie currently contains master address, so that response should probably also use it. And given that it will probably be used in somewhere in browser's storage (probably cookie just like now, but client just reads it from cookie and sends it to server if needed), it probably won't be good to store sensitive information such as master seed. |
|
Daaaaaamn, and that's what we're calling "secure"... /cc @HelloZeroNet |
Both SecureDNS and Dnswarden were shut down recently so I replaced them with LibreDNS. I hope current providers won't also shut down and that there will be some alternatives.
This adds support for classic DNS. It closes #104 and it is part of #2049.
The plugin uses DNSPython library for getting DNS responses and DNSLink for resolving DNSLink records.
It uses a few DNS-over-HTTPS resolvers with OpenNIC TLD support, but it can also be configured to use other resolvers or system configuration. Results are also cached in files so domains will still work if the computer is offline.
There are already a few (my) domains that use DNS plugin which you can use for testing:
py.zeroframe.ossjs.zeroframe.ossNote that because now plugin has additional dependencies, I had to change the configuration for Travis CI, GitLab CI, Docker and Vagrant to also install dependencies from (enabled) plugins. @HelloZeroNet ZeroBundle also needs to be updated to do this.
Also, DNSPython currently doesn't support DNS-over-HTTPS so I created PR rthalley/dnspython#393 with support for it. Until it is not merged and released, we have to use my temporary branch. Then you would need to update it to use a newly created version.
I also think that there this domain plugins aren't currently working if default
Zeronameis disabled. I already reported this in #2128, when it was partly fixed (before that it was completely impossible to create domain plugin), but it appears that there are still problems ifZeronameis disabled. I wasn't able to test this with this plugin, but it needs to be investigated.There are currently also some problems with CI. Tests works, but there is problem with linter (
flake8). Because DNSPython needs to be loaded after Tor monkey-patching is completed, I needed to load them from a class method. I implemented that with importing modules inside a function and adding them toglobals(). This works normally as modules are now availible at global context. However,flake8doesn't like that and throwsF821 undefined nameerrors. Is there any way to tellflake8thatdnsanddnslinkare actually existing names?@HelloZeroNet @imachug @ValdikSS Can you test and rewiev this?