as per DNSSEC stuff - some weird stuff happens with dns caching

my ubiquiti boxes only relay DNSSEC stuff when its not in their cache

i.e. if it knows about the entry, it doesn't relay DNSSEC stuff by default

theres a way around this, but I haven't bothered

kind of stopped my DANE/TLSA stuff for wallet2 a bit because it didn't always work like I wanted

I should probably still just push on that, and let everyone else do DNS caching stuff, but yikes

basically the patch allowed someone to set a DANE/TLSA entry instead of doing SSL cert signing stuff, but it got ruined with some routers

dsc_ selsta ^

vtnerd__: perhaps most DNSSEC applications that use libunbound do *not* use this `ub_ctx_resolvconf()` that Monero uses, because often times it defaults to whatever is in /etc/resolv.conf, which is whatever the router pushed, and routers can be tricky resolving DNSSEC (?)

'routers can be tricky resolving DNSSEC' <== which is the ISP in most default cases

yeah if its using `/etc/resolv.conf` its probably using router pushed DHCP dns

yeah thats another issue

right

in my case it wasn't an ISP issue, it was the local router

the caching software by default doesn't store the relevant DNSSEC entries, so it only gets forwarded on first fetch, not on subsequent cached requests

you apparently have to set a specific config to do this sometimes iirc

well, at least Monero doesnt pull random DNS server out of its ass (which can be perceived as questionable behaviour), currently it is either 1) following resolv.conf 2) or manually supplying it an address - so maybe we should not fix anything at all

instead we need to wait till the router vendors fix their hardware :P

at the least I would try pointing it at your local ISP first to see ...

right

yeah I wouldn't hardcode a DNS server, because that would be considered a privacy leak unfortunately

funny - Alex Gladstein actually mentions Monero these days twitter.com/gladstein/status/1552026101110546432

How's that guy?

Who's*

head of Human Rights Foundation, claims to be a big privacy advocate but always pumps Bitcoin

tweets like the above shows he's finally acknowledging that Bitcoin privacy sucks and is beyond capability of ordinary users

there's also rumors that HRF is a CIA front, and they promoted BTC specifically because they know it's traceable

he's spent years saying Bitcoin privacy is great and nobody needs Monero or anything else

A shill, eh

or rather - he's spent years saying all you need is bitcoin, and ignoring everything else

a shill in a highly sensitive organization, supposedly protecting dissidents and other marginalized people

sometimes I also think those BTC maxis with huge social medai followings are following some questionable agendas because there is no other explanation for their stupidity and short sightedness

Well, Monero is the best chain out there, there's a limit to how long these people can ignore it.

Or conceal, if so they try.

yeah, the blinders are coming off

that thread is the 1st time I've seen him bring up Monero in a discussion

I was looking at the BTC marketcap vs XMR earlier today

its 150x bigger

we have some catching up to do still :P

yeah. but if we're hitting 20% of BTC's daily txns, I think that really means BTC is way over-valued

thats definitely some stats to be proud of :)

and keeping in mind that over 75% of BTC txns are mixers/tumblers and inter-exchange arbitrage, BTC's true utility is actually far less than XMR's

dsc_: And those Btcs are unlikely to move anytime son due to its deflationary and high fee nature.

soon*

See ya

Is it possible to set up a monero node that can only be accessed from your local network?

yes

I don't know how but it's definitely possible, I don't think it's difficult

You'd avoid forwarding data for that IP/port on your router.

Or if you're lucky and have two NICs, only one of which has access to the WAN, you'd bind to the other's IP.

Gotcha, so I'd basically follow a regular guide and skip router port-forwarding. That makes sense