ipns:// should respect DNS resolver settings

[lidel]

Problem

If Brave user decides to use custom DNS over HTTPS resolver via UI below, go-ipfs does not respect that choice, and uses cleartext resolver provided by the OS.

Proposed change

Every time custom DNS over HTTPS resolver is set via the UI in "Privacy and security" settings, Brave should add/update . (top-level resolver) in DNS.Resolvers map in the $IPFS_PATH/config file.
Making changes to this map requires node reboot for changes to be applied

[lidel]

I believe this should also be applied to .eth and .crypto TLDS when user resolves them via DoH:

Brave should set explicit DoH URLs in DNS.Resolvers for them.

[lidel]

cc @spylogsster thoughts on wiring this up?

[diracdeltas]

someone should double check that IPFS / IPNS / unstoppable domains / ENS are all still disabled in Tor windows, otherwise there is potentially a Tor DNS leak here.

[stephendonner]

Verification PASSED using

Brave	1.43.70 Chromium: 104.0.5112.81 (Official Build) beta (x86_64)
Revision	5b7b76419d50f583022568b6764b630f6ddc9208-refs/branch-heads/5112@{#1309}
OS	macOS Version 11.6.8 (Build 20G730)

Confirmed DNS queries used the specified DNS-over-HTTP provider, which in my case was Cloudflare.

Case 1: IPFS/IPNS URLs - PASSED

1. installed 1.43.70
2. launched Brave
3. loaded each of the following IPFS/IPNS URLs:

IPFS URLs:

• ipfs://bafybeiemxf5abjwjbikoz4mc3a3dla6ual3jsgpdr4cjr3oz3evfyavhwq/wiki/Vincent_van_Gogh.html#Life
• ipfs://bafybeigdyrzt5sfp7udm7hu76uh7y26nf3efuylqabf3oclgtqy55fbzdi/
• ipfs://QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/Tokyo_National_Museum.html
• ipfs:QmYwAPJzv5CZsnA625s3Xf2nemtYgPpHdWEz79ojWnPbdG/readme

IPNS URLs:

• ipns://en.wikipedia-on-ipfs.org/wiki/Tokyo#Islands
• ipns://docs.ipfs.io
• ipns://brantly.eth (Ethereum Name Service/ENS)
• ipns://brad.crypto (Unstoppable Domains)

IPFS

1	2	3	4

IPNS

1	2	3	4

Case 2: Secure DNS - PASSED

1. installed 1.43.70
2. launched Brave
3. loaded brave://settings/security
4. flipped Use secure DNS to Enabled
5. selected With Cloudflare (1.1.1.1)
6. loaded each of the following IPFS/IPNS URLs:

IPFS URLs:

• ipfs://bafybeiemxf5abjwjbikoz4mc3a3dla6ual3jsgpdr4cjr3oz3evfyavhwq/wiki/Vincent_van_Gogh.html#Life
• ipfs://bafybeigdyrzt5sfp7udm7hu76uh7y26nf3efuylqabf3oclgtqy55fbzdi/
• ipfs://QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/Tokyo_National_Museum.html
• ipfs:QmYwAPJzv5CZsnA625s3Xf2nemtYgPpHdWEz79ojWnPbdG/readme

IPNS URLs:

• ipns://en.wikipedia-on-ipfs.org/wiki/Tokyo#Islands
• ipns://docs.ipfs.io
• ipns://brantly.eth (Ethereum Name Service/ENS)
• ipns://brad.crypto (Unstoppable Domains)

IPFS

1	2	3	4

IPNS

1	2	3	4

Case 3: Custom DNS resolver - N/A

[stephendonner]

someone should double check that IPFS / IPNS / unstoppable domains / ENS are all still disabled in Tor windows, otherwise there is potentially a Tor DNS leak here.

Done in #23831 👍

[stephendonner]

Also did the following:

1. installed 1.43.73
2. launched Brave
3. loaded brave://ipfs
4. clicked Install and restart
5. shut Brave down
6. removed the following from the config file in the brave_ipfs folder:

"/dnsaddr/bootstrap.libp2p.io/p2p/QmQCU2EcMqAqQPR2i9bChDtGNJchTbq5TbXJJ16u19uLTa","/dnsaddr/bootstrap.libp2p.io/p2p/QmbLHAnMoJPWSCR5Zhtx6BHJX9KiKNN6tpvbUcqanj75Nb","/dnsaddr/bootstrap.libp2p.io/p2p/QmcZf59bWwK5XFi76CZX8cbJ4BhTzzA3gU1ZjYZcYW3dwt",

7. set With NextDNS in brave://settings/security
8. launched Wireshark
9. filtered for dns
10. loaded ipns://brad.crypto

Confirmed DNS lookups went to my selected DoH provider, NextDNS.

brave://settings/security	Wireshark, dns

[stephendonner]

Verification PASSED using

Brave	1.43.78 Chromium: 104.0.5112.102 (Official Build) beta (x86_64)
Revision	8e5396254975ef939f2ef7d0bd334e48a052b536-refs/branch-heads/5112@{#1478}
OS	macOS Version 11.6.8 (Build 20G730)

Case 1: no DoH override: loading IPFS and IPNS URLs works and there are DNS requests with *_dnslink.<ipns part>

1. installed 1.43.x
2. launched Brave
3. loaded brave://ipfs
4. clicked Install and restart
5. shut Brave down
6. launched Wireshark
7. filtered for dns
8. loaded ipns://brantly.eth (ENS)
9. loaded ipns://brad.crypto (Unstoppable Domains)
10. loaded ipns://en.wikipedia-on-ipfs.org/wiki/Asia/#Economy
11. loaded ipfs://QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/Tokyo_National_Museum.html

step 8	step 9	step 10	step 11

Case 2: DoH override: loading IPFS and IPNS URLs works and there are no DNS requests with *_dnslink.<ipns part>

1. installed 1.43.x
2. launched Brave
3. loaded brave://ipfs
4. clicked Install and restart
5. shut Brave down
6. removed the following from the config file in the brave_ipfs folder:
7. "/ip4/104.131.131.82/tcp/4001/p2p/QmaCpDMGvV2BGHeYERUEnRQAwe3N8SzbUtfsmvsqQLuvuJ","/ip4/104.131.131.82/udp/4001/quic/p2p/QmaCpDMGvV2BGHeYERUEnRQAwe3N8SzbUtfsmvsqQLuvuJ"
8. set With NextDNS in brave://settings/security
9. launched Wireshark
10. filtered for dns
11. loaded ipns://brantly.eth (ENS)
12. loaded ipns://brad.crypto (Unstoppable Domains)
13. loaded ipns://en.wikipedia-on-ipfs.org/wiki/Asia/#Economy
14. loaded ipfs://QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/Tokyo_National_Museum.html

step 11	step 12	step 13	step 14

Confirmed DNS lookups went to my selected DoH provider, NextDNS.

Confirmed I didn’t see any DNS requests to *dnslink.

Case 3: Invalid DoH override: IPNS URLs don't load

1. installed 1.43.x
2. launched Brave
3. loaded brave://ipfs
4. clicked Install and restart
5. set With Custom in brave://settings/security to https://a.b.c.d
6. loaded ipns://brantly.eth (ENS)
7. loaded ipns://brad.crypto (Unstoppable Domains)
8. loaded ipns://en.wikipedia-on-ipfs.org/wiki/Asia/#Economy
9. loaded ipfs://QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/Tokyo_National_Museum.html

step 6	step 7	step 8	step 9

Confirmed when DoH server is clearly wrong, IPNS resolution doesn't work

[cypt4]

Some related issues found in Kubo:
ipfs/kubo#9199
ipfs/kubo#9204

[autonome]

Should this be reopened?