pull down to refresh

As I continue to explore the code base for Bitcoin, I come back to the way that node peers are discovered for consensus. This is a foundational aspect of Bitcoin - validating blocks and agreeing on their hash values. I have discovered the DNS Seeds that are hardcoded into Bitcoin Core, which reveals the hostnames and some personal names of obviously some trusted and prominent developers. This may be the single most centralized and trustful aspect of Bitcoin. What's interesting to me is that there are a very small handful of hostnames that underpin the entire consensus framework.
What is your take on this potential centralized vulnerability?
$ grep vSeeds.emplace_back src/kernel/chainparams.cpp | sed 's/^\ \{1,\}//' | rev | sort -t";" -k2,2 | rev vSeeds.emplace_back("dummySeed.invalid."); vSeeds.emplace_back("seed.bitcoin.sipa.be."); // Pieter Wuille, only supports x1, x5, x9, and xd vSeeds.emplace_back("dnsseed.emzy.de."); // Stephan Oeste vSeeds.emplace_back("testnet-seed.bluematt.me."); // Just a static list of stable node(s), only supports x9 vSeeds.emplace_back("dnsseed.bluematt.me."); // Matt Corallo, only supports x9 vSeeds.emplace_back("dnsseed.bitcoin.dashjr.org."); // Luke Dashjr vSeeds.emplace_back("seed.bitcoin.jonasschnelli.ch."); // Jonas Schnelli, only supports x1, x5, x9, and xd vSeeds.emplace_back("testnet-seed.bitcoin.jonasschnelli.ch."); vSeeds.emplace_back("seed.bitcoin.sprovoost.nl."); // Sjors Provoost vSeeds.emplace_back("seed.signet.bitcoin.sprovoost.nl."); vSeeds.emplace_back("seed.testnet.bitcoin.sprovoost.nl."); vSeeds.emplace_back("seed.bitcoinstats.com."); // Christian Decker, supports x1 - xf vSeeds.emplace_back("seed.btc.petertodd.net."); // Peter Todd, only supports x1, x5, x9, and xd vSeeds.emplace_back("seed.tbtc.petertodd.net."); vSeeds.emplace_back("seed.bitcoin.wiz.biz."); // Jason Maurice vSeeds.emplace_back("v7ajjeirttkbnt32wpy3c6w3emwnfr3fkla7hpxcfokr3ysd3kqtzmqd.onion:38333"); vSeeds.emplace_back("178.128.221.177");
I'ts not part of consensus, just a way to find initial peers (other nodes). Originally instead of this there was single hardcoded IRC channel on single IRC server (#bitcoin on Freenode). Any user can use addnode= to manually add different peer from the start and then that peer will be used to discover other peers too (and if you help setting up node to your friend, it's good idea to addnode= your node in config for him).
But it's good that you are going through code, don't trust - verify!
reply
I appreciate the historical context indicating how peers were initially discovered through IRC.
reply
It's used to find initial peers, after that it's no longer used since your peers tell you about their peers. So it's just for bootstrapping the peer database.
You can always connect manually to a known peer for bootstrapping.
So imo, it looks worse than it is. I don't see another way to achieve the same thing as effectively.
reply
Beginning to clarify for me. Thanks. So this seeds the peering database with trusted nodes, but it is not necessarily a centralized attack vector.
reply
I went through each of these hostnames, pinging them, then doing a WHOIS lookup to determine the Autonomous System (AS) number, which informs which network the host routes to. Ping however will only grab one IP from a list of possible IP Addresses. It turns out that most of these hostnames point to numerous IP addresses. Which makes perfect sense for fault tolerance, geographic dispersion, and redundancy reasons. The next step I listed all IP addresses tied to each seed hostname:
$ dig +short a seed.bitcoin.sipa.be 93.81.254.159 173.241.227.243 5.45.74.50 68.219.242.34 121.226.58.95 136.244.19.126 31.164.160.162 209.204.29.18 51.15.11.99 18.198.16.76 216.82.38.46 92.43.187.34 54.91.248.109 18.217.35.153 31.188.245.244 18.222.149.135 35.205.117.63 37.60.240.209 188.68.53.44 37.60.234.45 73.117.132.138 35.237.144.170 62.24.76.122 109.86.60.33 179.228.234.7
To get a better feel for these IP addresses, I wrote a script to collect various data points on each of these IP addresses. Here is the result of the first hostname:
Hostname IP Address Reverse IP seed.bitcoin.sipa.be 104.62.136.12 104-62-136-12.lightspeed.mssnks.sbcglobal.net seed.bitcoin.sipa.be 134.122.100.130 seed.bitcoin.sipa.be 108.44.152.24 pool-108-44-152-24.clppva.fios.verizon.net seed.bitcoin.sipa.be 86.104.228.41 seed.bitcoin.sipa.be 185.231.220.189 swinglicious.com seed.bitcoin.sipa.be 68.219.242.34 seed.bitcoin.sipa.be 188.166.72.55 seed.bitcoin.sipa.be 65.109.85.139 static.139.85.109.65.clients.your-server.de seed.bitcoin.sipa.be 109.173.126.157 broadband-109-173-126-157.ip.moscow.rt.ru seed.bitcoin.sipa.be 195.56.63.11 seed.bitcoin.sipa.be 167.235.110.208 static.208.110.235.167.clients.your-server.de seed.bitcoin.sipa.be 185.70.43.193 185-70-43-193.protonmail.ch seed.bitcoin.sipa.be 18.162.156.95 ec2-18-162-156-95.ap-east-1.compute.amazonaws.com seed.bitcoin.sipa.be 172.234.95.35 172-234-95-35.ip.linodeusercontent.com seed.bitcoin.sipa.be 69.181.240.40 c-69-181-240-40.hsd1.ca.comcast.net seed.bitcoin.sipa.be 62.54.183.27 seed.bitcoin.sipa.be 195.201.86.117 static.117.86.201.195.clients.your-server.de seed.bitcoin.sipa.be 62.210.88.131 23ce2d6f-677d-476e-883f-9d322bdbbc84.fr-par-1.baremetal.scw.cloud seed.bitcoin.sipa.be 192.95.31.84 ns502652.ip-192-95-31.net seed.bitcoin.sipa.be 5.253.18.218 seed.bitcoin.sipa.be 71.188.127.21 static-71-188-127-21.cmdnnj.fios.verizon.net seed.bitcoin.sipa.be 5.189.144.87 m3087.contabo.host seed.bitcoin.sipa.be 177.170.79.252 177-170-79-252.user.vivozap.com.br seed.bitcoin.sipa.be 13.228.111.109 ec2-13-228-111-109.ap-southeast-1.compute.amazonaws.com seed.bitcoin.sipa.be 185.152.138.74 static17.byfly.gomel.by
Just discovered https://bitnodes.io/ which has accomplished much of the initial goal of my project, which was to map the Bitcoin node network and track its growth over time.
reply