When started for the first time, dcrd doesn’t know the IP addresses of any active full nodes. Because randomly querying all IP addresses on the internet looking for full nodes is prohibitively expensive, dcrd bootstraps this process by querying a hardcoded list of DNS seeds maintained by the community. The seeds should respond with one or more DNS A records with the IP addresses of full nodes that may accept incoming connections.
The Unix command dig can be used to demonstrate this process. The following example shows the DNS records returned from a testnet Decred seed.
$ dig +noall +answer testnet-seed.decred.org testnet-seed.decred.org. 30 IN A 188.8.131.52 testnet-seed.decred.org. 30 IN A 184.108.40.206 testnet-seed.decred.org. 30 IN A 220.127.116.11 testnet-seed.decred.org. 30 IN A 18.104.22.168 testnet-seed.decred.org. 30 IN A 22.214.171.124 [...]
The DNS seeds are maintained by Decred community members running dcrseeder.
DNS seed results are not authenticated and a malicious seed operator or network man-in-the-middle attacker can return only IP addresses of nodes controlled by the attacker, isolating dcrd on the attacker’s own network and allowing the attacker to feed it bogus transactions and blocks. For this reason, dcrd does not rely on DNS seeds exclusively.
Once dcrd has connected to the network, its peers can begin to send
(address) messages with the IP addresses and port numbers of
other active peers on the network, providing a fully decentralized method of
peer discovery without relying upon DNS.
An active peer is considered one that has transmitted a message
within the last 3 hours.
Nodes which have not transmitted in that time frame should be forgotten.
dcrd keeps a record of known reliable peers in a persistent on-disk json file which usually allows it to connect directly to those peers on subsequent startups without having to query DNS seeds.
Disable DNS seeding¶
It is possible to disable DNS seeding in dcrd by using the
If DNS seeding is disabled, dcrd will either need to load peers from its local
json file, or a peer IP address needs to be provided with
--connect flag will disable DNS seeding and force dcrd to only connect to
dcrd will not listen for any incoming connections when
--connect is set.
dcrseeder is a crawler for the Decred network, which exposes a list of reliable nodes via a built-in DNS server.
When dcrseeder is started for the first time, it will connect to a known trusted
dcrd instance, perform a
getaddr request and then disconnect. The
response contains the IPs of all peers known by the node. dcrseeder will then
connect to each of these IPs, perform a
getaddr request, and continue
traversing the network in this fashion. dcrseeder maintains a list of all known
peers and periodically checks that they are online and available.
When dcrseeder is queried for node information, it responds with details of a random selection of the reliable nodes it knows about.
The code for dcrseeder can be found on GitHub.