Add DNS Fallback Resolvers

[johnnywu-namebase]

TLDR if someone wants to implement this: #8173 (comment)

---

This issue arises from a chat between Namebase team and @lidel from Protocol Labs about integrating Handshake with IPFS

Given the goals of:

• IPFS doesn’t want to choose winners
• IPFS wants to decouple from ICANN and support non-ICANN namespaces
• IPFS wants to avoid introducing privacy and security risks in implicit defaults
• IPFS wants the alternative namespaces to be DNS compatible. Preferably they can use DoH endpoints

IPFS can accomplish these goals while supporting non-ICANN namespaces by adding a “fallback” resolver option to DNS.Resolvers that points to a list of DoH endpoints. Each DoH endpoint can point to a different decentralized naming system. When a query fails to resolve through the “.” resolver, query all of the “fallback” resolvers. If one of the resolvers has a match without conflict, then proceed with fetching the IPFS file. Otherwise if there’s a conflict, return an error code (ie HTTP 409 conflict).

The “fallback” setting can be set by default to [“https://query.hdns.io/dns-query”] which is HDNS.io’s Handshake DoH resolver (note that HDNS.io doesn’t log or store IP addresses or any other personal information, as specified in the privacy policy linked on the website). Polkadomain.org and butterflyprotocol.io — two other decentralized naming systems which issue TLDs — can be added as well when they create their own DoH resolvers and issue a PR

[johnnywu-namebase]

For community members who may be interested in submitting a PR for this, some great pointers from @lidel:

• go-ipfs 0.9 was not released yet, but the code is in master branch and the docs for DNS config are at: https://github.com/ipfs/go-ipfs/blob/master/docs/config.md#dns
• "Ongoing work" in Configurable DNS Servers #6532 is a good list of code paths that were touched while adding the DNS support, so reading linked PRs there should be enough to build mental model how DNS in go-ipfs works now.
• Additional tldr: config is in go-ipfs-config, generic DNS logic is in go-multiaddr-dns, and the defaults hardcoded in go-ipfs are in https://github.com/ipfs/go-ipfs/blob/3b254a631f57d6290ab8179c0cacd72f24ca7dea/core/node/dns.go#L14-L16

Before starting implementation, one should post the proposed design as a comment here (how config would look like, what implicit default would be, and what needs to be changed to make that possible). Please also ping @lidel and myself to ensure the proposed design is included during their weekly triage session. By getting confirmation on design and config bikeshed first, we avoid investing time into approach that can't be accepted into the main branch and have more confidence moving forward.

[lidel]

Dropping a quick implementation note if anyone wants to work on this:

• add DNS.FallbackResolvers to the config
  • should be a list of DoH endpoints to try in order when a default resolver return an error

This behavior should be enough to support HNS while minimizing privacy concerns around sending all DNS queries to Handshake community-maintained server – we would only send things that were not found on ICANN system, which makes a way safer behavior and is an useful feature for increased robustness of DNS lookup in general

[lidel]

An additional feature request coming from #8836 is to allow passing more than one resolver per TLD in DNS.Resolvers, and use them in-order if the first one fails.

In Kubo's config we have a special type which is "String or Array of Strings" – prior art in Addresses.Gateway and Addresses.API. I think we could convert values of DNS.Resolvers to that and use additional ones as fallbacks if the default is down.