add dns support

[matkt]

Signed-off-by: Karim TAAM karim.t2am@gmail.com

PR description

This PR add the support to DNS. By default Besu refuses the use of a DNS but it is possible to use it by adding the following flag --Xdns-enabled=true. Adding this flag will resolve the hostname when starting besu and then it won't change

If there is a need for a more dynamic update (eg for permissioning) add also this flag --Xdns-update-enabled = true ( this will query the DNS every time. So you must trust the DNS on which you are looking for the IP)

Test performed

• Local Clique Permissioning network (valid/invalid hostname)
• Azure IBT2 Permissioning network (init network, restart pod)
• Sync Goerli with static-nodes and without permissioning (dns disabled)
• Provide Static-nodes with or without hostname (dns enabled/disabled)
• Provide bootnodes with or without hostname (dns enabled/disabled)

[sambacha]

Can this DNS option also check CAA policies down the line, or perhaps verify TLS certificate is authorized based on said CAA policy?
Obviously not now, but just trying to see if it's only for ennode usage, 👍

[matkt]

Can this DNS option also check CAA policies down the line, or perhaps verify TLS certificate is authorized based on said CAA policy?
Obviously not now, but just trying to see if it's only for ennode usage, 👍

yes I think it might be interesting to explore this idea. this could be an additional parameter

[CjHare]

Is there a typo in this test name? (Dnd instead of Dns)

[matkt]

Good catch . Changed

[CjHare]

Code and test LGTM.

As it's been just over a month since this PR was raised, any reason for it not being reviewed or preventing merging?

[CjHare]

nit; these local variables could be have more succinct names (as we know they are list of strings from typing).

Maybe something like localPermittedNodes and localPermittedEnodeUrls?

[matkt]

it's changed 👍

[CjHare]

nit; isTrue() and isFalse() can be nicer to read then isEqualTo(true) and isEqualTo(false)

[matkt]

Done

[matkt]

Code and test LGTM.

As it's been just over a month since this PR was raised, any reason for it not being reviewed or preventing merging?

No It's just that I was working on something else 😄 . I also wanted to take the time to validate my implementation on Azure etc. Thanks for your review

[CjHare]

Looks good and once you've verified the Azure deployment you mention, feel free to merge 👍

[shemnon]

Should this be camelCased? bootNodes? It was before and other places in the edited code retain the camel casing. Whatever it chosen it should be consistent.

[matkt]

Done

[shemnon]

Is doing a DNS lookup every time the design intent? If not perhaps ip should be a supplier and this logic gets put in a Suppliers.memoize call? If it is the design intent it's work a comment so a later refactoring doesn't undo it.

[matkt]

No it's a voluntary choice to DNS lookup every time. Because a cache could give a bad IP before it is invalidated again. If the "dns-update-enabled" flag is false it will do it only once.
we could add a cache but I'm afraid that this will prevent nodes from communicating each other while waiting for the next cache update

[matkt]

I just added a comment 👍

[shemnon]

Suggested change

	* <p>If "dns" and "dns-update" are enabled -> DNS lookup every time to have the IP up to date and
	* <p>If "dns" and "dns-update" are enabled -&gt; DNS lookup every time to have the IP up to date and

[shemnon]

Suggested change

	* <p>If the "dns" is enabled but "dns-update" is disabled -> IP is retrieved only one time and
	* <p>If the "dns" is enabled but "dns-update" is disabled -&gt; IP is retrieved only one time and