makoto_inoue
Jul 8 · 5 min read

In the previous post , I introduced EthDNS, a DNS plugin which integrates IPFS gateway and ENS. With EthDNS, you can easily assign a .eth name to your IPFS contenthash and share with others under .eth.link domain without any browser extensions.

However, we went one step further at #IPFScamp SciFi fair (was one of the sessions during the 4 day camp organised by Protocol labs) where we created a special wifi hotspot called “EthDNS” and participants were able to access to a .eth url directly on any browser leading to win "Last minute hack" award.

In reality, this is a totally useless solution as we do not own the .eth TLD in DNS and cannot expose this solution into the public domain. Having said that, I learned a lot along the way about how EthDNS and IPFS gateway work. Following the spirit of "If you don't document it, it did not happen," I will write down the steps to reproduce it so you can try it on your own.

Step 1. Startup EthDNS

EthDNS is a plugin of CoreDNS DNS server.

You can specify the internet domain, Ethereum node detail, and IPFS gateway address via Corefile In the current publicly available solution, the configuration looks like this (I replaced actual ip address and url with variable like $IPFS_GATEWAY_IP).

Corefile 
# This section enables DNS lookups for the eth.link domain.
eth.link {
ens {
# connection is the connection to an Ethereum node. It is *highly*
# recommended that a local node is used and this is a path to that
# node's IPC socket, as remote connections can cause DNS requests
# to time out
connection https://mainnet.infura.io/v3/$INFURA_PROJECT_ID
# ipfsgatewaya is the address of an ENS-enabled IPFS gateway.
# This value is returned when a request for an A record is received
# and the domain has a contenthash record in ENS but no A record.
# Multiple values can be supplied, separated by a space.
ipfsgatewaya $IPFS_GATEWAY_IP
# ipfsgatewayaaaa is the address of an ENS-enabled IPFS gateway.
# This value is returned when a request for an AAAA record is received
# and the domain has a contenthash record in ENS but no A record.
# Multiple values can be supplied, separated by a space.
ipfsgatewayaaaa 2a01:4f8:160:4069::2
}
errors
log
}

The example connects to Infura but you can connect to your local geth instance like /home/ethereum/.ethereum/geth.ipc. To enable .eth, we simply added another entry with .eth as follows

eth { 
ens {
connection https://mainnet.infura.io/v3/$IPFS_PROJECT_ID
ipfsgatewayaaaa $IPFS_GATEWAY_IPV6
ipfsgatewaya $IPFS_GATEWAY_IP
}
}

Once all configured, it’s time to start up EthDNS via docker.

docker run -p 53:53/udp -p 853:853 -p 443:443 --volume=$DIRECTORY_WHERE_COREFILE_EXISTS:/etc/coredns mcdee/coredns:lates

If no error, it should show log like below.

eth.:53
.:53
2019-06-28T10:09:42.081Z [INFO] CoreDNS-1.5.1
2019-06-28T10:09:42.082Z [INFO] linux/amd64, go1.12.6, c9e36136-dirty
CoreDNS-1.5.1
linux/amd64, go1.12.6, c9e36136-dirty

To test your EthDNS server from your own machine, modify DNS setting of your machine to point to the machine itself (do this before starting up your server).

$dig -t TXT wealdtech.eth
; <<>> DiG 9.10.6 <<>> -t TXT wealdtech.eth
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14841
;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;wealdtech.eth. IN TXT
;; ANSWER SECTION:
wealdtech.eth. 3600 IN TXT "contenthash=e501017000117777772e7765616c64746563682e657468"
wealdtech.eth. 3600 IN TXT "dnslink=/ipns/www.wealdtech.eth"

Running dig command shows that Ethereum contenthash is set as TXT record of DNS entry as well as dnslink, which allows all public ipfs gatweays to handle names like https://ipfs.io/ipns/wealdtech.eth.link. This makes ENS powered IPFS site even more censorship resistant in case some countries decide to ban access to any url under .eth.link domain.

Step 2. Reconfigure IPFS gateway to accept this imaginary .eth top level domain.

Everything ran smoothly until this point. However, we kept getting 404 error when we actually tried to open up the page.

Why? Because we initially configured EthDNS to point to public IPFS gateway. However Nginx server inside the public IPFS gateway was not aware of .eth domain hence raised 404.

To work around, you actually need to point to IPFS gateway which is in the same private network as your EthDNS (aka my laptop) server is.

Initially we simply started ipfs damon after changing the default gateway port to 80

$diff ~/.ipfs.bak/config ~/.ipfs/config | grep Gateway
> "Gateway": "/ip4/0.0.0.0/tcp/80",
< "Gateway": "/ip4/127.0.0.1/tcp/8080"

However, it was still throwing 404.

It turned out that IPFS has the list of legitimate top level doamin and throws an error if the tld is not one of them. To work it around, you have to addd ETH as special domain under jbenet/go-is-domain and recompile the IPFS gateway binary. Here is the one line we added to support .ETH domain.

$git diff
diff --git a/tlds_custom.go b/tlds_custom.go
index 8fe80f8..5a62e38 100644
--- a/tlds_custom.go
+++ b/tlds_custom.go
@@ -4,5 +4,6 @@ package isdomain
// systems, like TOR and Namecoin.
var ExtendedTLDs = map[string]bool{
"BIT": true,
+ "ETH": true,
"ONION": true,
}

To point to modified module, you add the following line into go.mod file and

~/src/go-ipfs (master)$git diff 
diff --git a/go.mod b/go.mod
index 845548a46..deb6dff19 100644
--- a/go.mod
+++ b/go.mod
go 1.12
+
+replace github.com/jbenet/go-is-domain => ../go-is-domain

Step 3. Point the local network to EthDNS.

Once this is complete, all you need to do is to configure your local network to point to your EthDNS server (aka my laptop). Kudos to Kubuxu for setting up all.

There is one caveat though. For some reason we were only able to access to .tld domain via laptop, but not via mobile (we only tested via Android). We assumed that Android has extra layer of security to prevent access to the url which ip address is from local network to protect users from spoofing URL but we don't know exactly why.

Summary

I went through the step by step detail of setting up EthDNS and configuring IPFS server to add support for an imaginary TLD so that you can resolve .eth on your closed network. To find out more about ENS and EthDNS, please check out my lightning talk slide at IPFS camp.

We only started working on this a night before I headed to IPFS camp, and finished the whole setup 3-4 hrs before the actual SciFi fair.

Thanks to Jim McDonald who patiently answered all my questions remotely, and all Protocol labs members who helped me debugging the issue.

The Ethereum Name Service

News about the Ethereum Name Service (ENS) from the team building it. Follow this publication for the latest ENS developments.

Thanks to Jim McDonald

makoto_inoue

Written by

http://makoto.github.io/me

The Ethereum Name Service

News about the Ethereum Name Service (ENS) from the team building it. Follow this publication for the latest ENS developments.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade