Motivation
Bitcoin’s DNS seeds play a critical role during initial node discovery: when a Bitcoin node is started for the first time, it relies on the DNS seeds to learn about existing Bitcoin nodes that make up the P2P network. Although other mechanisms exist (e.g., attempting to connect to a set of addresses hard-coded into the Bitcoin binary or specifying addresses manually), node discovery via DNS seeds is the default strategy to bootstrap a new node’s peer database. The DNS seeds are therefore a critical component of Bitcoin network, making monitoring them worthwhile.
Node discovery via DNS seeds
The DNS protocol is typically used to translate between domain names and IP addresses (e.g., from www.google.com to 192.0.0.88 and vice versa). In the context of node discovery via DNS seeds, the DNS protocol is repurposed: instead of sending request pertaining to a particular domain name or IP address, Bitcoin nodes send DNS ANY requests (i.e., blanked requests to obtain all available DNS records) to the DNS seeds. The DNS seeds, in turn, send DNS replies that contain some network addresses of Bitcoin nodes the DNS seeds know about. The process is illustrated in the figures below.
| DNS requests | DNS replies |
|---|---|
 |  |
| Node sending DNS request to Bitcoin DNS seeds | DNS seeds sending DNS replies containing addresses of Bitcoin nodes |
The left figure shows the Bitcoin P2P network (orange nodes), a new Bitcoin node (purple) with an empty peer database, and three DNS seeds. To learn about peers on the P2P network, the new node sends DNS requests to the DNS seeds. To avoid cluttering, the figure only shows three DNS seeds, although in reality there are currently nine DNS seeds hard-coded into the Bitcoin Core binary.
The right figure shows the DNS seeds sending DNS replies to the new node. Again, to avoid cluttering, the figure shows two nodes being advertised by each DNS seed, although in reality the messages sent by the DNS seeds contain about thirty to forty node addresses.
Once the new node has received an initial set of peers from the DNS seeds, it can connect to some of those peers to solicit additional node addresses. This is shown in the figures below.
| Node advertisement requests | Node advertisement replies |
|---|---|
 |  |
Node sending getaddr messages to solicit node advertisements from peers | Peers sending addr messages to advertise nodes |
The left figure shows the new Bitcoin node connecting to three of the peers it learned from the DNS seeds and sending them getaddr messages to request node advertisements from them. The right figure shows the three peers replying with addr messages, which comprise additional node addresses that the new node uses to extend its peer database.
Methodology
In line with the functioning laid out above, DNS seed data collection is initiated by sending DNS requests to each of the DNS seeds. The addresses received from each DNS seed in reply to those requests are recorded. In addition, all of the received addresses are evaluated and categorized as follows:
- Reachable or unreachable depending on whether a connection to them could be established
- Fresh or stale depending on whether they have been advertised by the same seed on the previous day
- Unique or duplicate depending on whether they have been advertised by more than one seed
- Pristine if they are reachable, fresh, and unique.