node/dns: allow setting different public-host for root server

[rithvikvibhu]

Currently, RootResolver gets the public-host config and this IP address is used when queried for root NS:

❯ dig . NS +nocomments

; <<>> DiG 9.16.1-Ubuntu <<>> . NS +nocomments
;; global options: +cmd
;.                              IN      NS
.                       85213   IN      NS     _g6cr3n0._synth.
;; Query time: 4 msec
;; SERVER: 127.0.0.50#53(127.0.0.50)
;; WHEN: Tue Mar 21 14:26:07 UTC 2023
;; MSG SIZE  rcvd: 68

Here, _g6cr3n0._synth. translates to the public IP of the node. While this works in most cases, when:

• the node is a publicly reachable node, and
• is running a private root server (bound to loopback)

then dig +trace breaks.
When tracing, dig will try to query the root NS at the public IP which won't work since it is private.

---

I think we should have a new config option: ns-public-host which:

• may (or not) be public
• is passed to new RootResolver({publicHost: ...})
• and is returned for dig . NS

Can confirm this change makes dig domain +trace work properly.

[pinheadmz]

isn't there rs-host and ns-host already?

[pinheadmz]

#630 ?

[rithvikvibhu]

Yes, ns-host defines what interface/IP to bind to. But the synth record that the NS responds with is for public-host which can be different from ns-host.

hsd/lib/dns/server.js

Lines 139 to 143 in 6b47c3a

	// Create SYNTH record to use for root zone NS
	let ip = IP.toBuffer(this.publicHost);
	if (IP.family(this.publicHost) === 4)
	ip = ip.slice(12);
	this.synth = `_${base32.encodeHex(ip)}._synth.`;

[pinheadmz]

hm ok i thought this in that context referred to the DNS server, so this.publicHost === server.publicHost === rs-host ?

[rithvikvibhu]

Currently,

• config.publicHost == pool.publicHost == ns.publicHost
• config.nsHost is only for NS binding
• config.rsHost is only for RS binding

I think we need to replace the first one with:

• config.publicHost == pool.publicHost
• config.nsPublicHost == ns.publicHost (and maybe fallback to the old publicHost)