feat(gateway): support dns addresses from indexer

[ozwaldorf]

DNS advertisements should be supported by the gateway

[kckeiks]

Can you please explain the use case?

[ozwaldorf]

It'd allow for a few things, such as:

• valid dns+https to be resolved/used for requesting from the provider node
• resolving docker network dns hosts (helpful for testing/benchmarking a fully local setup with docker compose)
• using localhost in advertisement (nice to have)

[kckeiks]

valid dns+https to be resolved/used for requesting from the provider node
using localhost in advertisement (nice to have)

Do these not work at the moment? We're using Hyper's client which should be doing DNS resolution already.

[ozwaldorf]

Do these not work at the moment? We're using Hyper's client which should be doing DNS resolution already.

Dns isn't handled in the distance calculation atm, so provider_addresses() will always return None

[kckeiks]

Do these not work at the moment? We're using Hyper's client which should be doing DNS resolution already.

Dns isn't handled in the distance calculation atm, so it will always return None from provider_addresses

Why does DNS need to be included in the distance calculation? Can you please describe a specific example?

[kckeiks]

You mean mindmaxdb isn't going to resolve names for us? If so, this issue makes sense.

[kckeiks]

The only thing is, Node providers should not be advertising their domain name right? They have to specify their IP address IIRC?

[kckeiks]

https://github.com/fleek-network/ursa/blob/main/crates/ursa-rpc-service/src/config.rs#L6

[kckeiks]

Restricting this to only IPs would be a good requirement because we want to make as fewer network calls as possible.

[ozwaldorf]

You mean mindmaxdb isn't going to resolve names for us? If so, this issue makes sense.

Exactly, unless we resolve them and give maxminddb an IpAddr

The only thing is, Node providers should not be advertising their domain name right? They have to specify their IP address IIRC?
https://github.com/fleek-network/ursa/blob/main/crates/ursa-rpc-service/src/config.rs#L6
Restricting this to only IPs would be a good requirement because we want to make as fewer network calls as possible.

This is a fair point, resolving the dns would require an additional network request, it'd be good to consider speed vs security here. For example not using https would allow for MITM but saves a dns request and the possible latency there.

Kind of brings up a question though, if the domain and https is not advertised and used by the gateway, what's the point of requiring nodes to set that up?

[kckeiks]

This is a fair point, resolving the dns would require an additional network request, it'd be good to consider speed vs security here. For example not using https would allow for MITM but saves a dns request and the possible latency there.

The gateway can use HTTPS. It uses/knows of whatever application protocol the providers advertised so if we needed to support that, the changes shouldn't take place in the gateway but in the node.

Kind of brings up a question though, if the domain and https is not advertised and used by the gateway, what's the point of requiring nodes to set that up?

Idk about this. Maybe someone else can comment.

ps. Sorry I mistakenly edited your comment 🙈.

[kckeiks]

If we were to move to HTTPS, I would suggest that the nodes advertise both their IP and domain name so we could avoid the DNS call.