Consider avoiding DNS calls (going through Cloudlfare) to connect to seednodes

[erciccione]

Firo-qt makes several DNS calls to seednodes every time it's launched, to bootstrap and join the Firo network.
These servers are owned by the Firo team and protected by CloudFlare:

firo/src/chainparams.cpp

Lines 345 to 353 in cf19353

	vSeeds.push_back(CDNSSeedData("amsterdam.firo.org", "amsterdam.firo.org", false));
	vSeeds.push_back(CDNSSeedData("australia.firo.org", "australia.firo.org", false));
	vSeeds.push_back(CDNSSeedData("chicago.firo.org", "chicago.firo.org", false));
	vSeeds.push_back(CDNSSeedData("london.firo.org", "london.firo.org", false));
	vSeeds.push_back(CDNSSeedData("frankfurt.firo.org", "frankfurt.firo.org", false));
	vSeeds.push_back(CDNSSeedData("newjersey.firo.org", "newjersey.firo.org", false));
	vSeeds.push_back(CDNSSeedData("sanfrancisco.firo.org", "sanfrancisco.firo.org", false));
	vSeeds.push_back(CDNSSeedData("tokyo.firo.org", "tokyo.firo.org", false));
	vSeeds.push_back(CDNSSeedData("singapore.firo.org", "singapore.firo.org", false));

While seednodes are necessary, contacting them through DNS and more so, CloudFlare, has privacy implications. Cloudflare is used by the vast majority of internet services and are known for tracking users across websites/services. Every time a user fires up a firo-qt wallet, CloudFlare knows a request for a Firo seednode was made and from where. Basically, every time firo-qt is launched, CloudFlare knows the person behind that ip address is using Firo and the exact moment they launched the wallet. These are sensitive information.

A solution would be to directly call the IP addresses. This would avoid DNS calls entirely. I know Bitcoin used dns for seednodes (i don't know how they do now), but if there aren't strong reasons to do so, i'd avoid it.

I tried to run firo-qt by hardcoding the ip addresses of seednodes instead of using DNS and could connect to the network without issues or noticeable performance impact. I opened a pr with the changes in case we decide to go that way: #1442

On a related note i opened another issue, to discuss the diversification of seednodes: #1441

[Nishiji-eng]

Why hasn't this been merged or progress made on this?

[Nishiji-eng]

@erciccione
On second thought Hard-coding IPs would make the network less robust against IP changes, especially DDoS, or de-listings. Dynamic DNS lookup ensures resilience and decentralization.
In Bitcoin it queries these DNS seeds to get a list of IP addresses of peers. These hostnames resolve to multiple IP addresses, which are managed/updated by the seed operators.

The solution would to be to avoid DNS which could also be achieved by onion seed nodes and could be configured for these seed nodes so if user selects Tor option it will get the hardcoded onion address for these seed node servers. Only one other cyrpto has onion seed nodes which is Monero, Maybe Zcash had an old commit at one time where they had just one.

get_dns_seed_nodes