Leaving the issue at hand aside, I thought this was a good insight into how bitcoin core nodes find peers on the network (using a hardcoded list of seed nodes)
Also new to me was the list of requirements for running a dns seed node.
I thought this was a good insight into how bitcoin core nodes find peers on the network (using a hardcoded list of seed nodes)
Not quite correct: that's the first method they try. But if that fails, there is a backup list of IP addresses that are tried too. Also, for Tor only nodes, IIRC there's some fixed .onion addresses that are tried too. I2P probably has something similar.
If you run a node with -connect, the seed nodes and other mechanisms aren't used. Similarly, if you use -addnode, provided your node works and returns addresses, the seed nodes aren't that relevant either.
Assuming your ISP isn't themselves MITM attacking you, you only need a single "honest" peer for Bitcoin to properly connect to the P2P network. So the seed node mechanism has a lot of redundancy.
BTW, the reason why DNS is used in the first place is because DNS is heavily cached at multiple levels. That makes it extremely difficult for the people running the DNS seeds to:
Figure out who is requesting IP addresses.
Serve different IP addresses to specific target clients.
This protects users by making it very difficult to use DNS seeds to attack people.
.onion
addresses that are tried too. I2P probably has something similar.-connect
, the seed nodes and other mechanisms aren't used. Similarly, if you use-addnode
, provided your node works and returns addresses, the seed nodes aren't that relevant either..onion
and.i2p
peers too, updated from time to time. https://github.com/bitcoin/bitcoin/tree/master/contrib/seedsonion
ANDi2p
would help here even if ISP is trying to MITM attack you.