Fixed DNS 0x20 encoding bug in worker threads and removed automatic lowercasing in DNS buffer parsing to preserve case from authoritative sources. Implemented case-insensitive lookups for cache and blockchain while ensuring restoration of the original client query case in all response paths instead of returning randomized DNS 0x20 case from upstream servers.
Automatically fixes net.listen port for public nodes that have the incorrect
test port 42440. Migration preserves comments and formatting by using text
replacement instead of TOML re-serialization.
Significantly improve DNS client security against cache poisoning attacks through multiple defense layers:
Security Improvements:
- Bind UDP sockets to OS-assigned ephemeral ports (0.0.0.0:0) instead of predictable random ports, eliminating port-based attack vectors
- Implement DNS 0x20 encoding with strict case validation, adding 10-15 bits of entropy per query by randomizing domain name case
- Randomize transaction ID starting point using AtomicU16 for better entropy distribution
Attack difficulty increased from ~16 bits (65K attempts) to ~42-47 bits
(4.4-140 trillion attempts), making spoofing 1,000x to 32,000x harder.
Configuration:
- Add 'enable_0x20' option to DNS settings (default: true)
- Users can disable for compatibility with legacy resolvers if needed
- Feature is configurable via alfis.toml
Added new checks for forked blocks.
Added options table.
Added posibility to replace blocks in DB by more appropriate forks.
Divided transactions table to domains and zones tables.
Added a timestamp to domains and zones table, it will give us possibility to purge old domains.
Changed difficulty check to check head and tail (sum of them) of the hash.
Added encrypted (by Chacha20) domain name to DomainData, added contacts and owners vectors for it too.
Added yggdrasil flag to ZoneData - it will restrict all IPs for domains in particular zone to Yggdrasil only.
Changed difficulties of various block types.
Added a temporary (for a run) unique ID to all handshakes.
Start of signing blocks mining will be after 60 seconds after full block.
Added mining status to statusbar.
Revertron