If you're a Bitcoin user or application developer, uncensored access to the blockchain is absolutely critical, but can be very difficult to achieve. While Bitcoin Core has put significant effort into ensuring its tracking of known nodes in the P2P network is robust against sybil attackers, replicating that work would be a challenge for any small team. Worse still, in the opaque world of a global P2P network, how do you know if the effort you've put in is enough?
More frightening, adding Lightning support to your wallet or system introduces new reliance on uncensorability of the P2P network, with several new avenues for attack which even Bitcoin Core likely doesn't fully protect against.
bitcoinheaders.net exists to help provide one more, diverse, source of Bitcoin blockchain data - this time using the DNS. By fetching headers and/or neutrino filters from as many sources as possible, you can start to build reliable detection of censorship-based attacks. While this still leaves mitigation of the attacks to be developed, detection is always the first step.
bitcoinheaders.net currently supports fetching of either full Bitcoin headers or neutrino filter headers, both with a similar format. To ensure reliable access in the face of strict DNS filters, the data is encoded in IPv6 addresses in AAAA records and DNSSec signed to prevent some basic attacks.
Headers names are broken into sub-zones of 10,000 records, so queries should take the form of v2.height.(height / 10000).bitcoinheaders.net (or, for basic neutrino filter headers, v2.height.(height / 10000).basic.filter.bitcoinheaders.net).
All headers and filter headers are encoded with an arbitrary one byte prefix (which you must ignore, as it may change in the future), followed by a 0-indexed order byte (as nameservers often reorder responses). Entries are then prefixed by a single version byte (currently version 1) and placed into the remaining bytes of the IPv6 addresses.
The genesis block header is, thus, encoded as (note that the responses are usually not sorted):
v2.0.0.bitcoinheaders.net. 604800 IN AAAA 2603:7b12:b27a:c72c:3e67:768f:617f:c81b v2.0.0.bitcoinheaders.net. 604800 IN AAAA 2600:101:: v2.0.0.bitcoinheaders.net. 604800 IN AAAA 2601:: v2.0.0.bitcoinheaders.net. 604800 IN AAAA 2602::3b:a3ed:fd7a v2.0.0.bitcoinheaders.net. 604800 IN AAAA 2605:ab5f:49ff:ff00:1d1d:ac2b:7c00:0 v2.0.0.bitcoinheaders.net. 604800 IN AAAA 2604:c388:8a51:323a:9fb8:aa4b:1e5e:4a29
which decodes to
0100000000000000000000000000000000000000000000000000000000000000000000003ba3edfd7a7b12b27ac72c3e67768f617fc81bc3888a51323a9fb8aa4b1e5e4a29ab5f49ffff001d1dac2b7c
and the 10,000th filter header encoded as:
v2.10000.1.basic.filter.bitcoinheaders.net. 604800 IN AAAA 2601:2dee:3a70:76df:a4aa:5ee9:5285:5cdf v2.10000.1.basic.filter.bitcoinheaders.net. 604800 IN AAAA 2600:165:e915:4fba:5588:31fa:473:8326 v2.10000.1.basic.filter.bitcoinheaders.net. 604800 IN AAAA 2602:25cf:4603:7300::
which decodes to
65e9154fba558831fa047383262dee3a7076dfa4aa5ee952855cdf25cf460373
You can find the scripts used to generate the zones as well as this website via git.
If you want a full block source over a protocol other than Bitcoin-P2P, a anycast-cached Bitcoin Core REST interface endpoint is available at https://bitcoin-rest.bitcoin.ninja/ for mainnet and https://testnet.bitcoin-rest.bitcoin.ninja/ for testnet3. It should go without saying that this should only be used as a backup chain source, never as the primary chain source.