boxo icon indicating copy to clipboard operation
boxo copied to clipboard
verified publisher icon ipfs

bug: all "Unstoppable Domains" (.crypto) DoH resolvers are down

Open lidel opened this issue 1 year ago • 4 comments

This is similar to https://github.com/ipfs/boxo/issues/771 but at the time of writing this all UD DoH resolvers seem to be down, breaking DNSLink websites loaded via boxo/gateway if the domain name uses the .crypto TLD.

Current implicit default is Cloudflare at https://resolver.cloudflare-eth.com/dns-query and it stopped returning DNSLink results earlier today (filled support ticket to CF).

The "official" DoH at https://resolver.unstoppable.io/dns-query just hangs and timeouts.

I guess we wait for Cloudflare fix, but if that does not start working we need to consider altenatives (are there any? removal?)

Update: see https://github.com/ipfs/boxo/issues/772#issuecomment-2578597255

lidel avatar Dec 23 '24 22:12 lidel

Friendly ping to https://github.com/orgs/unstoppabledomains/people: @nickshatilo @bonsaiben

How does DoH story look like for UD? Should we keep defaulting to Cloudflare (assuming its fixed soon)? We would prefer using https://resolver.unstoppable.io/dns-query directly, but it seems to be offline.

I'm testing with:

$ curl 'https://resolver.unstoppable.io/dns-query?name=_dnslink.test.crypto&type=TXT' -H 'accept: application/dns-json' -v
* Host resolver.unstoppable.io:443 was resolved.
* IPv6: (none)
* IPv4: 3.33.139.32
*   Trying 3.33.139.32:443...
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):

and just hangs.

Team is on holiday, but we would like to resolve this in January (either fix .crypto, or remove default resolver.cloudflare-eth.com if not fixed by then)

lidel avatar Dec 23 '24 23:12 lidel

As noted in https://github.com/ipfs/boxo/issues/771#issuecomment-2573189494 now redirects to https://dns.eth.link/dns-query, which does not support UD (.crypto) domains.

We are planning to replace default resolver with https://resolver.unstoppable.io/dns-query giving UD community a chance to get their act together and fix the DNS bridge at the domain name they control:

  • https://github.com/ipfs/boxo/pull/782

If this does not happen and the DoH resolver at https://resolver.unstoppable.io/dns-query remains broken in Q1, we will remove the implicit resolver for .crypto.

lidel avatar Jan 07 '25 14:01 lidel

Cloudflare decommissioned their ENS and UD resolver:

Ref. https://developers.cloudflare.com/fundamentals/api/reference/deprecations/#2025-07-01: image

It no longer resolves .crypto correctly, which means boxo/gateway is no longer able to resolve .crypto domains.

https://github.com/ipfs/boxo/pull/782 switched boxo to use https://resolver.unstoppable.io/dns-query, allowing UD community to fix the issue without our involvement.

We will keep this issue open for next 6 months, if https://resolver.unstoppable.io/dns-query is not fixed till then, support for (currently broken) .crypto TLD resolution will be removed.

lidel avatar Jan 08 '25 20:01 lidel

Friendly ping to https://github.com/orgs/unstoppabledomains/people: @nickshatilo @bonsaiben @unstoppable-devops

If https://resolver.unstoppable.io/dns-query is not fixed by June 8th, we will remove it from implicit defaults at:

https://github.com/ipfs/boxo/blob/405fe8ce640e4e91ea273f89ae0455b5056171e7/gateway/dns.go#L14

lidel avatar May 20 '25 20:05 lidel