<html lang="en">
<head>
<meta charset="utf-8">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1">
+ <style type="text/css">
+ body {
+ margin:40px auto;
+ max-width:660px;
+ line-height:1.6;
+ font-size:14pt;
+ color:#444;
+ padding:0 10px;
+ }
+ h1, h2, h3 {
+ line-height: 1.2;
+ }
+ pre {
+ overflow-x: scroll;
+ }
+ pre, .hex {
+ font-size: 9pt;
+ }
+ .hex {
+ font-family: monospace;
+ word-break: break-all;
+ }
+ </style>
<title>Bitcoin Headers over DNS</title>
</head>
<body>
More frightening, adding Lightning support to your wallet or system introduces new reliance on uncensorability of the P2P network, <a href="https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-December/002369.html">with several new avenues for attack which even Bitcoin Core likely doesn't fully protect against.</a>
</p>
<p>
- bitcoinheaders.net exists to help provide one more, diverse, source of Bitcoin blockchain data - this time using the DNS. By fetching headers and/or neutrino filters from as many sources as possible, you can start to build reliable detection of censorship-based attacks. While this still leave mitigation of the attacks to be developed, detection is always the first step.
+ bitcoinheaders.net exists to help provide one more, diverse, source of Bitcoin blockchain data - this time using the DNS. By fetching headers and/or neutrino filters from as many sources as possible, you can start to build reliable detection of censorship-based attacks. While this still leaves mitigation of the attacks to be developed, detection is always the first step.
</p>
<p>
bitcoinheaders.net currently supports fetching of either full Bitcoin headers or neutrino filter headers, both with a similar format. To ensure reliable access in the face of strict DNS filters, the data is encoded in IPv6 addresses in AAAA records and DNSSec signed to prevent some basic attacks.
</p>
<p>
- All headers and filter headers are encoded with an arbitrary two byte prefix (currently "2001:"), followed by a 0-indexed order nibble (as nameservers often reorder responses). Bitcoin headers are then prefixed by a single 0 byte (two 0 nibbles) and placed into the remaining 80 bytes of six IPv6 addresses. Filter headers are simply placed into three IPv6 addresses with a 17-nibble (8.5 byte) 0 suffix.
+ Headers names are broken into sub-zones of 10,000 records, so queries should take the form of v2.height.(height / 10000).bitcoinheaders.net (or, for basic neutrino filter headers, v2.height.(height / 10000).basic.filter.bitcoinheaders.net).
</p>
<p>
- The genesis block header is, thus, encoded as (note that the responses are usually not sorted):<pre>
-0.0.bitcoinheaders.net. 604800 IN AAAA 2001:0:1000::
-0.0.bitcoinheaders.net. 604800 IN AAAA 2001:1000::
-0.0.bitcoinheaders.net. 604800 IN AAAA 2001:2000::3ba:3edf
-0.0.bitcoinheaders.net. 604800 IN AAAA 2001:3d7a:7b12:b27a:c72c:3e67:768f:617f
-0.0.bitcoinheaders.net. 604800 IN AAAA 2001:4c81:bc38:88a5:1323:a9fb:8aa4:b1e5
-0.0.bitcoinheaders.net. 604800 IN AAAA 2001:5e4a:29ab:5f49:ffff:1d:1dac:2b7c
-which decodes to
-0100000000000000000000000000000000000000000000000000000000000000000000003ba3edfd7a7b12b27ac72c3e67768f617fc81bc3888a51323a9fb8aa4b1e5e4a29ab5f49ffff001d1dac2b7c
- </pre>and the first filter header encoded as:<pre>
-0.0.basic.filter.bitcoinheaders.net. 604800 IN AAAA 2001:9f3:c30f:c37:fb97:7cf3:e1a3:173c
-0.0.basic.filter.bitcoinheaders.net. 604800 IN AAAA 2001:2802:139c:2020::
-0.0.basic.filter.bitcoinheaders.net. 604800 IN AAAA 2001:1631:e8ff:119a:d308:8b6f:5b2b:ced0
-which decodes to 9f3c30f0c37fb977cf3e1a3173c631e8ff119ad3088b6f5b2bced0802139c202
- </pre>
+ All headers and filter headers are encoded with an arbitrary one byte prefix (which you must ignore, as it may change in the future), followed by a 0-indexed order byte (as nameservers often reorder responses). Entries are then prefixed by a single version byte (currently version 1) and placed into the remaining bytes of the IPv6 addresses.
</p>
<p>
- You can find the <a href="https://github.com/TheBlueMatt/headersdns">scripts used to generate the zones as well as this website on GitHub.</a>
+ The genesis block header is, thus, encoded as (note that the responses are usually not sorted):
+ </p>
+ <pre>
+v2.0.0.bitcoinheaders.net. 604800 IN AAAA 2603:7b12:b27a:c72c:3e67:768f:617f:c81b
+v2.0.0.bitcoinheaders.net. 604800 IN AAAA 2600:101::
+v2.0.0.bitcoinheaders.net. 604800 IN AAAA 2601::
+v2.0.0.bitcoinheaders.net. 604800 IN AAAA 2602::3b:a3ed:fd7a
+v2.0.0.bitcoinheaders.net. 604800 IN AAAA 2605:ab5f:49ff:ff00:1d1d:ac2b:7c00:0
+v2.0.0.bitcoinheaders.net. 604800 IN AAAA 2604:c388:8a51:323a:9fb8:aa4b:1e5e:4a29</pre>
+ <p>which decodes to</p>
+ <p class="hex">
+ 0100000000000000000000000000000000000000000000000000000000000000000000003ba3edfd7a7b12b27ac72c3e67768f617fc81bc3888a51323a9fb8aa4b1e5e4a29ab5f49ffff001d1dac2b7c
+ </p>
+ <p>and the 10,000th filter header encoded as:</p>
+ <pre>
+v2.10000.1.basic.filter.bitcoinheaders.net. 604800 IN AAAA 2601:2dee:3a70:76df:a4aa:5ee9:5285:5cdf
+v2.10000.1.basic.filter.bitcoinheaders.net. 604800 IN AAAA 2600:165:e915:4fba:5588:31fa:473:8326
+v2.10000.1.basic.filter.bitcoinheaders.net. 604800 IN AAAA 2602:25cf:4603:7300::</pre>
+ <p>which decodes to</p>
+ <p class="hex">
+ 65e9154fba558831fa047383262dee3a7076dfa4aa5ee952855cdf25cf460373
+ </p>
+ <p>
+ You can find the <a href="https://git.bitcoin.ninja?p=headersdns">scripts used to generate the zones as well as this website via git.</a>
+ </p>
+ <p>
+ If you want a full block source over a protocol other than Bitcoin-P2P, a anycast-cached Bitcoin Core REST interface endpoint is available at <a href="https://bitcoin-rest.bitcoin.ninja/">https://bitcoin-rest.bitcoin.ninja/</a> for mainnet and <a href="https://testnet.bitcoin-rest.bitcoin.ninja/">https://testnet.bitcoin-rest.bitcoin.ninja/</a> for testnet3. It should go without saying that this should only be used as a backup chain source, never as the primary chain source.
</p>
</body>
</html>
projects / headersdns / blobdiff