monerod does DNS lookups and attempts to connect to other nodes, even if specifying an exclusive node

[leonklingele]

I tried launching monerod on node A with these args:

"$MONEROD" \
    --add-exclusive-node 127.0.0.1:18090 --allow-local-ip \
    --p2p-bind-ip 127.0.0.1 \
    --rpc-bind-ip 127.0.0.1 \
    --no-igd \
    --hide-my-port \
    --db-sync-mode safe

Port 18090 is forwarded from my other node B via SSH.

Still, monerod on node A does DNS lookups on the seed nodes using Google DNS (8.8.4.4) and tries to connect to the various nodes returned.
This is a privacy issue and should not happen when --add-exclusive-node is used.

EDIT:
Fix Google DNS IP, monerod is not using 8.8.8.8.

[moneromooo-monero]

Which commit hash are you running ?

As for DNS lookups, ifyou don't want them, use DNS_PUBLIC=somethinginvalid or tcp://127.0.0.1

[leonklingele]

Which commit hash are you running ?

Latest stable release (793bc97)

As for DNS lookups, ifyou don't want them

Why do I need to opt-out for privacy? DNS lookups are not required when --add-exclusive-node is used (if the node is specified by IP)

[leonklingele]

tcp://127.0.0.1

That wouldn't help if I had a local DNS resolver running, right?

[moneromooo-monero]

Then it's fixed by 054054c.

Why do you think --add-exclusive-node is a DNS option ? It is not.

Using 127.0.0.1 would not work if you have a DNS resolver listening.

[leonklingele]

Why do you think --add-exclusive-node is a DNS option ? It is not.

Why would the daemon need to connect to a DNS server if it only needs to connect to a single IP which was specified via a command line arg?

[moneromooo-monero]

To get updates and checkpoints.

[leonklingele]

Where does it check for updates / try to retrieve checkpoints from? I assume it uses other nodes. Why is the exclusive node I'm providing not sufficient enough to do that?

[leonklingele]

OK, doesn't look like it. I will try to start monerod with --check-updates disabled. Is there a way to disable checking for checkpoints via DNS?

[moneromooo-monero]

It appears not. --offline disables those, but a "just for DNS" switch would seem useful.

[moneromooo-monero]

#3143

[leonklingele]

I'm now starting monerod with the above flags including --check-updates disabled --disable-dns-checkpoints, however it still looks up seeds.moneroseeds.*

[moneromooo-monero]

Try --seed-node SAMEIP:SAMEPORT

[moneromooo-monero]

Or:

diff --git a/src/p2p/net_node.inl b/src/p2p/net_node.inl
index 269a9ba..1423518 100644
--- a/src/p2p/net_node.inl
+++ b/src/p2p/net_node.inl
@@ -1107,7 +1107,7 @@ namespace nodetool
   template<class t_payload_net_handler>
   bool node_server<t_payload_net_handler>::connect_to_seed()
   {
-      if (m_seed_nodes.empty() || m_offline)
+      if (m_seed_nodes.empty() || m_offline || !m_exclusive_peers.empty())
         return true;
 
       size_t try_count = 0;

[leonklingele]

Try --seed-node SAMEIP:SAMEPORT

Didn't help, even with the patch applied it still does DNS lookups.

[moneromooo-monero]

Can you tell what it is trying to resolve ?

[leonklingele]

• seeds.moneroseeds.ae.org: type A, class IN
• seeds.moneroseeds.li: type A, class IN
• seeds.moneroseeds.se: type A, class IN
• seeds.moneroseeds.ch: type A, class IN

[moneromooo-monero]

Ah, I see it. Fixing...

[moneromooo-monero]

#3145

[leonklingele]

Didn't help :( Just to be sure: I've applied #3143 and #3145 and am passing these args:

"$MONEROD" \
    --add-exclusive-node 127.0.0.1:18090 --allow-local-ip \
    --p2p-bind-ip 127.0.0.1 \
    --rpc-bind-ip 127.0.0.1 \
    --no-igd \
    --hide-my-port \
    --db-sync-mode safe \
    --check-updates disabled \
    --disable-dns-checkpoints

[leonklingele]

Seems to be fixed, see #3146 (comment)

[moneromooo-monero]

I updated 3145, it was checking exclusive nodes before parsing the command line.

[moneromooo-monero]

+resolved