Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add multiple DNS sources #212

Open
Divide-By-0 opened this issue Aug 21, 2024 · 0 comments
Open

Add multiple DNS sources #212

Divide-By-0 opened this issue Aug 21, 2024 · 0 comments
Labels
enhancement New feature or request low

Comments

@Divide-By-0
Copy link
Member

Divide-By-0 commented Aug 21, 2024

We add a trust assumption on Google DNS HTTPS service when generating proofs (even for server side now), but the verifier is free to validate the "pubkey" by their own means.

This is fine for most cases but not ideal; in the ideal scenario, we default to this Google key, but also try to fetch the key directly via a DNS query if we can -- if that fails, fine we go with google, if it succeeds then we verify that both keys are the same and output a scary warning if they aren't (but still proceed with Google as a default). Basically, we want a user to be able to tell if something is going wrong i.e. Google is censoring that key for whatever reason. IMO, we can add this as a future feature request, and merge this in for now in order to unblock and immediately resolve SSR rendering issues. Do you agree?

I think we can use google & cloudflare at the same time to make sure DNS is accurate (both via DNS over HTTPS)

Note that the dns package causes issues with SSR. See full discussion on #210.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request low
Projects
None yet
Development

No branches or pull requests

1 participant