syscoin-seeder ============== Syscoin-seeder is a crawler for the Syscoin network, which exposes a list of reliable nodes via a built-in DNS server. Features: * regularly revisits known nodes to check their availability * bans nodes after enough failures, or bad behaviour * accepts nodes down to v0.3.19 to request new IP addresses from, but only reports good post-v0.3.24 nodes. * keeps statistics over (exponential) windows of 2 hours, 8 hours, 1 day and 1 week, to base decisions on. * very low memory (a few tens of megabytes) and cpu requirements. * crawlers run in parallel (by default 24 threads simultaneously). REQUIREMENTS ------------ $ sudo apt-get install build-essential libboost-all-dev libssl-dev USAGE ----- Assuming you want to run a dns seed on dnsseed.example.com, you will need an authorative NS record in example.com's domain record, pointing to for example vps.example.com: $ dig -t NS dnsseed.example.com ;; ANSWER SECTION dnsseed.example.com. 86400 IN NS vps.example.com. On the system vps.example.com, you can now run dnsseed: ./dnsseed -h dnsseed.example.com -n vps.example.com That means your domain needs to be able to have arbitrary NS entries for subdomains. Alternatively, if you want to use the apex domain as seed address, you can just point this domains NS entry to the server where the seeder is running. To help understand the NS settings, the request process works like this: 1. The client sends an A request to his DNS Server for dnsseed.example.com. 2. His DNS server goes up the DNS chain and finds which DNS server knows this address. 3. The authorative server for example.com tells us that vps.example.com is the NS server for dnsseed.example.com. 4. The A request gets send to vps.example.com. 5. syscoin-seeder takes this request and returns a set of IPs back to the client. So in short: Set an NS record on dnssseed.example.com pointing to whereever the syscoin-seeder is running. Make sure the address you put in there (vps.example.com) points to this server. Run syscoin-seeder with the above parameters. If all goes right, a query to dnsseed.example.com should report several IP addresses as A records. Note that it might take a few hours for DNS settings to propagate over the internet. If you want the DNS server to report SOA records, please provide an e-mailadres (with the @ part replaced by .) using -m. COMPILING --------- Compiling will require boost and ssl. On debian systems, these are provided by `libboost-dev` and `libssl-dev` respectively. $ make This will produce the `dnsseed` binary. TESTING ------- It's sometimes useful to test `dnsseed` locally to ensure it's giving good output (either as part of development or sanity checking). You can inspect `dnsseed.dump` to inspect all nodes being tracked for crawling, or you can issue DNS requests directly. Example: $ dig @:: -p 15353 dnsseed.example.com ^ ^ ^ | | |__ Should match the host (-h) argument supplied to dnsseed | | | |_______ Port number (example uses the user space port; see below) | |_______________ Explicitly call the DNS server on localhost RUNNING AS NON-ROOT ------------------- Typically, you'll need root privileges to listen to port 53 (name service). One solution is using an iptables rule (Linux only) to redirect it to a non-privileged port: $ iptables -t nat -A PREROUTING -p udp --dport 53 -j REDIRECT --to-port 15353 If properly configured, this will allow you to run dnsseed in userspace, using the -p 15353 option. Another solution is allowing a binary to bind to ports < 1024 with setcap (IPv6 access-safe) $ setcap 'cap_net_bind_service=+ep' /path/to/dnsseed