1Expectations for DNS Seed operators 2==================================== 3 4Bitcoin Core attempts to minimize the level of trust in DNS seeds, 5but DNS seeds still pose a small amount of risk for the network. 6As such, DNS seeds must be run by entities which have some minimum 7level of trust within the Bitcoin community. 8 9Other implementations of Bitcoin software may also use the same 10seeds and may be more exposed. In light of this exposure, this 11document establishes some basic expectations for operating dnsseeds. 12 130. A DNS seed operating organization or person is expected to follow good 14host security practices, maintain control of applicable infrastructure, 15and not sell or transfer control of the DNS seed. Any hosting services 16contracted by the operator are equally expected to uphold these expectations. 17 181. The DNS seed results must consist exclusively of fairly selected and 19functioning Bitcoin nodes from the public network to the best of the 20operator's understanding and capability. 21 222. For the avoidance of doubt, the results may be randomized but must not 23single-out any group of hosts to receive different results unless due to an 24urgent technical necessity and disclosed. 25 263. The results may not be served with a DNS TTL of less than one minute. 27 284. Any logging of DNS queries should be only that which is necessary 29for the operation of the service or urgent health of the Bitcoin 30network and must not be retained longer than necessary nor disclosed 31to any third party. 32 335. Information gathered as a result of the operators node-spidering 34(not from DNS queries) may be freely published or retained, but only 35if this data was not made more complete by biasing node connectivity 36(a violation of expectation (1)). 37 386. Operators are encouraged, but not required, to publicly document the 39details of their operating practices. 40 417. A reachable email contact address must be published for inquiries 42related to the DNS seed operation. 43 44If these expectations cannot be satisfied the operator should 45discontinue providing services and contact the active Bitcoin 46Core development team as well as posting on 47[bitcoin-dev](https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev). 48 49Behavior outside of these expectations may be reasonable in some 50situations but should be discussed in public in advance. 51 52See also 53---------- 54- [bitcoin-seeder](https://github.com/sipa/bitcoin-seeder) is a reference implementation of a DNS seed. 55