> It is worth noting that DNS lookups can be done via Tor. In effect that > gives you 1000+ proxies instead of 56 or 4. BitcoinJ already has code that > can do this.
Agreed, although I guess the bootstrap time for that is a little on the high side, and maybe a little too chunky on mobile devices, but it's absolutely worthwhile as an option. DNSSEC is great because it doesn't allow resolvers to lie, they can't even pretend that a record doesn't exist. > I would agree that it makes sense for proxying of DNS requests to be an > optional part of the protocol. Wallet developers can then compete on privacy > vs robustness vs whatever other issues there may be. My current thinking with Electrum (that ThomasV and I have bounced around) is to make the default policy DNSCrypt -> fallback to OpenAlias API pool (which can return DNSSEC data for verification) -> fallback to default resolver. Turning off DNSCrypt will then make it default resolver -> fallback to OpenAlias API pool. Turning off the API pool will make it default resolver or fail. Default resolver can be set to OS resolver (default) or custom resolvers (eg. Google Public DNS). Riccardo _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
