Add some BIP 353 DNSSEC proof test vectors and links #1912
+28
−1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
TheBlueMatt
force-pushed
the
2025-08-dnssec-proof-tests
branch
4 times, most recently
from
1c9f947 to
665eaf1
Compare
This was referenced Aug 7, 2025
TheBlueMatt
force-pushed
the
2025-08-dnssec-proof-tests
branch
from
665eaf1 to
e45f544
Compare
|
This PR simply fills the BIP with proofs that take up nearly as much space as the actual BIP text. Would it be possible to host these proofs on your website instead, on a dedicated page, and then link to them in the BIP? |
|
It seems a bit weird to me to elide test cases just because they're marginally big. But I'll let the BIP editors decide here. |
jonatack
reviewed
Aug 8, 2025
| This proof is missing the required NSEC3 record to prove the lack of an override to the wildcard CNAME entry. | ||
| <tt>36612e785f646f6d61696e5f636e616d655f77696c6440646e737365635f70726f6f665f74657374732e626974636f696e2e6e696e6a61016113785f646f6d61696e5f636e616d655f77696c640475736572105f626974636f696e2d7061796d656e7412646e737365635f70726f6f665f746573747307626974636f696e056e696e6a6100000500010000001e002c046d6174740475736572105f626974636f696e2d7061796d656e740b6d617474636f72616c6c6f03636f6d00016113785f646f6d61696e5f636e616d655f77696c640475736572105f626974636f696e2d7061796d656e7412646e737365635f70726f6f665f746573747307626974636f696e056e696e6a6100002e00010000001e006100050d060000001e68a4c58868923b70d0e207626974636f696e056e696e6a6100849202c2306be651b9a5901331d9bf363e74ba758c16e993c4f93fe4c1a08e7bc46baa64b22e9540435b4b6b83fc4800c58d27bd9b2fe82d02ed6d6f9059cfa5046d6174740475736572105f626974636f696e2d7061796d656e740b6d617474636f72616c6c6f03636f6d000010000100000e1001ecff626974636f696e3a626331717a7477793678656e337a647474377a3076726761706d6a74667a3861636a6b6670356670376c3f6c6e6f3d6c6e6f317a7235717975677167736b726b37306b716d7571377633646e7232666e6d68756b7073396e386875743438766b7170716e736b743273767371776a616b70376b36707968746b7578773779326b716d73786c777275687a7176307a736e686839713374397868783339737563367173723037656b6d3565736479756d307736366d6e783876647175777670376470356a70376a337635637036616a3077333239666e6b7171763630713936737a356e6b726335723935716666783030327135337471646beb3878396d32746d7438356a74706d63796376666e727078336c723435683267376e6133736563377867756374667a7a636d386a6a71746a3579613237746536306a303376707430767139746d326e3979786c32686e67666e6d79676573613235733475347a6c78657771707670393478743772757234726878756e776b74686b39766c79336c6d356868307071763461796d6371656a6c6773736e6c707a776c6767796b6b616a7037796a73356a76723261676b79797063646c6a323830637934366a70796e73657a72636a326b7761326c797238787664366c666b706834787278746b327863336c7071046d6174740475736572105f626974636f696e2d7061796d656e740b6d617474636f72616c6c6f03636f6d00002e000100000e10006300100d0500000e1068a57e5a6892f44226480b6d617474636f72616c6c6f03636f6d004515e7d3cdf4137c316d4d36972fab9273df457789a9fabb16c4689e1644ae9080c7505e06daebc136d3c43054d0c69d185ac5616afca8998edf828e63a68286206f3266653035326d646a61336638746c3563353667706668646661696661687007626974636f696e056e696e6a6100002e00010000001e006100320d030000003c68a5076a68927d52d0e207626974636f696e056e696e6a6100620532890060f3f82a90a05ab32afe628ef58a58fbed98df2fbb1d3d00064b05111503f67cbd0f485f6196f007ddb3e6ec087e31f94221bf2b388179d31373b207626974636f696e056e696e6a6100003000010002a54400440100030dff753a27b08c3e48a642b210d6fcc444ff9ed4faf9c1241103db4ed3c19a95c3afbb52c0c02eb392ee048cc9e28ac2d272b1053bdc052bc18d5de05d7710196c07626974636f696e056e696e6a6100003000010002a54400440101030df65551925ce6321888e685981823d617fbc10f329bffe4081bf18c2372632a5548010bf62e6556a92722629275e0bd001e3d7837d325a353f6a851c5b965259607626974636f696e056e696e6a6100002e00010002a544006100300d0200093a806898c73468863d1c716c07626974636f696e056e696e6a610002fd1bf18c2ebb5ece5e28ca76bf30650695636c55633bccae8179c2d1ee7b97e78d188e08ffc869a8f67847bf557516ac12465ebea1acc281d6d636fdab612007626974636f696e056e696e6a6100002b000100000bf50024768a0d02ce46a9aff9a06e789c1bdfe250b0ef6ba8d39a53b2a3427c551f5ad375e059b607626974636f696e056e696e6a6100002b000100000bf50024716c0d023f7ad5a303e9c1cd1474b8df2ae56f3f82da8637ca55db4d9a2bb85960ca698e07626974636f696e056e696e6a6100002e000100000bf50099002b080200000e1068a89268688cd4d892dc056e696e6a61004d88897d7d5f5d920ca436e81ee67b1bb22f1a96309693454ab9d0b06434794162cc42846a4b51a40475a5b44e940c04dd1ac2c902a190ca2251ae89184520b0f3f22c12c51403d0a6e1cd95792e8f6f5036cd2d50dbdfa5eba3b2ee70ff78d40dc2eba2cc899af26954a55e5b5d344d478cabd9423418495caee45c550b11440b6d617474636f72616c6c6f03636f6d00003000010003d52200440100030d8b1cf07c86f18c19c8c3146db093893648dcc1ab5fb79e99ccbab4aa06f98d52ac27b92e215d9da98d7535f3c2ce038fbb9d41b9c63d3845d444feffc1f71ed70b6d617474636f72616c6c6f03636f6d00003000010003d52200440101030dec7c1fa1752495c42d2224eace96ed74144e9cb811608dd91594974bdc723fdc5b38a37c3340f1deca68a7ec82248822954b2994de5ac99ff6e9db95fd42c94b0b6d617474636f72616c6c6f03636f6d00003000010003d52200440100030dfd9dbc34cb5053a2c4a6b3d0dc60fc65d8a992dc1e080f6deeddba7fe6b25217730de64c9a1ce986b3f81f556881fe0e7b5b20c8ae381c4fefdbc311aa7d22ee0b6d617474636f72616c6c6f03636f6d00002e00010003d522006300300d0200093a80689c35ca6889abb2e2f50b6d617474636f72616c6c6f03636f6d0016857529219dd561091a51c72a27e25d963094f8dcd93b11f0917d45466251acb1402bb6fa4529bd20b7db697df429c4ba830685fc290ee5a8a937c2d34530c00b6d617474636f72616c6c6f03636f6d00002b00010001518000249f000d02594d2813e04a1d2660ff3c0afc5579b9ec0fe72cc206dc6f248bbe6dd652e1950b6d617474636f72616c6c6f03636f6d00002b0001000151800024e2f50d02f0e161567d468087ff27b051abc94476178a7cb635da1aa705e05c77ca81de520b6d617474636f72616c6c6f03636f6d00002e0001000151800057002b0d0200015180689a991368914e2b504103636f6d0070ac13ac37043e66f191553c554ee9307a91a4cf27bd724949e52032a2b464cadb776cd362918159344d9685b84650436449914f25fc62cc6dd6b761f5658283056e696e6a61000030000100000d2b00880100030803010001d28cb7e2bb163d5815838bedeca1006dde8551b379cb963c8a2cb42bc360127e3a5cf88ffc851a67414815b875f65d78c39b58d2fb29a1d4e76d50cb6b4a58a11fe2fb7c1b6db7bf7d72f5a1401e381c57fcc76f599cc73f05095d2bd14d9895e4fa1cff21bd760598a734b640102d11bc159c6b2ae73dbfd2741518142584d1056e696e6a61000030000100000d2b01080101030803010001c71e4c9dc49249a27b3ef42fcb8d56b4c3ac76715c7ad01c41d0d432590d15c3c62cee4b2d29ac35f2d72c9b32a70a0243cbd08aeebc9f6f1e0e63d9e1cdfe133c455a82435c0780b750012c942f7ed5b662eec8d9ae885a58993fa78d7561fedcd11d9e1c171acb02d0025837ba61a3c0a6756427414470c9ca0906b298168b5f4d9640e62e1b75dd06be664104ed32cfe447fa21f37401712c720a0dca4bb1bc20f3fa3103cad336bde20b16f73948e6b80dda0a528db536a958868c3870ecddcfb02dfb3cb4d22e2ad49a4b9f78c90ff6c7e10e301b3fb36fe859a94c30084660665741c14ff60d0535013fcf439840ecad82fc9278e4ace68ba95e708249056e696e6a61000030000100000d2b0088010003080301000197edb59d4f181e2761dd8d0465854339afc71fd89e47155981ddd175cdce79477552aeaf7b5a08fc4ac6025555f60582f2060e630edfb35b9c7cc30990fb9c3dc9f2fd036c962f67b94c9670d4ceaacd77973bca82ab7c9615f7e4320dda5b6d74dec673017c6fa448b5542a804e08ac873c509c1945ff734c320491e4b18e6d056e696e6a6100002e000100000d2b01190030080100000e1068a89268688cd4d8b402056e696e6a6100646e04cf5f76daa775ff98905ded3d2caad68d3198fc161340d558262c7ba7da28e7538a7f32d5a6485e4448037e8edf55759b7059fdc084f1017f790aa7c0d8f0e4af6c9af04e4afd16ce6052c30da59314c9c98075fd32bb77a81f34bea6190631b9d0a4351a764c14152ea217e6271647bf95b0df4c3d7cc00937bec01b65ad1b5209c976a4843e399f173f196a012c0876bc9afa3457d940d6ad7b9d50b3d496836d7342cf3aec75ac4785563e20574ddd2dab1cfb6b5da32508edf7186aa516b0451b221251652ee44353710cbe35928b79fff4293c5e8eff7ab371ce43595e2300305bda0108b911c3ef7d4d15c70d68686fddf28422d5fcbcdb967e84056e696e6a6100002b0001000151800024b4020802c8f816a7a575bdb2f997f682aab2653ba2cb5eddb69b036a30742a33befaf141056e696e6a6100002e0001000151800113002b08010001518068a404d06892d340b5690081d888ee9bd744185f24bfbaaae70172bb03b6c0a899dcd6801c44b2e3e6acd5fe2192f4f06e5690ace176cb08557f2d5ceef5e9d9eb72f4f639dcf34650eebdef5cb91cd546fbdbd8a529d7ef9bb2168160ae800790d7a7266b531174d8d9be06cad2f1d0f062d9431f7de4beceb02f30ddc97bba44535a703e2d3cc01d2341bb48eb7b25d938f0ed2a7d4c53818e7cb883dc14ffce5899504265869fd3133953c96f48b99ff2055acd53b9f69d2eb8a911bb1f05e2fb8d1d0cc391e1b9ae19fc32b00727a9d8551e1a09319ba94da44cc317bb66e8f372385560cdf8455f858d4afd602307d982d996f729a16c263efa9b8cebe7862b7f9a88ac9fbaf445a603636f6d00003000010000026600440100030df17b60fb56d522f8634153e785c0a978532ea76de39d34bb356d3d042e07f29f7b992176cc83acef7b78ea750425203b18f2b8228b3cdd2bc7eb13c3e3035a7e03636f6d00003000010000026600440101030db71f0465101ddbe2bf0c9455d12fa16c1cda44f4bf1ba2553418ad1f3aa9b06973f21b84eb532cf4035ee8d4832ca26d89306a7d32560c0cb0129d450ac1083503636f6d00002e000100000266005700300d0100015180689f3dfb688b764f4d0603636f6d00d87373f3d5d404f7cdc3aace633c96357bc606ced620792597e1308b1d6c5902668c4d3c1a37bab8486ba24485d57a9d98157fe706424b2043bfb40306d0148403636f6d00002b00010001518000244d060d028acbb0cd28f41250a80a491389424d341522d946b0da0c0291f2d3d771d7805a03636f6d00002e0001000151800113002b08010001518068a404d06892d340b5690024fbea2f86eb0e472114b9da41f1da69e4ef2d02ffcd6bdd987239f288795603d5f54308b238ef19f2747d6a1bc0e775782025561b0f14d1dd19be6bf36b495a3e2d538d5532c5c6e1056c06aa4e81de07f637313955a7761d313db0c6cd0b5c17b4ee22d530d6cdc0c4e195df85b354bbe32027537f1ca21f2815b2d0dbd154582124b3c4c27f1c3aea16f6bfe7e6f5c80aaccd61601bdd8f947ef5c30f004482617cf97629b8b89d8e7320719c979c6a9defdf79b743ecef08bdf2f90796da018fdc6be1e0629fe706044e0f8ad1b25927eca09074a502eb9136eefe5903ad3f97866ab014f1ec96e1f38e3aba66520a25ace386f4897e1ecfd774ce0a0f8a00003000010002a30001080101030803010001acffb409bcc939f831f7a1e5ec88f7a59255ec53040be432027390a4ce896d6f9086f3c5e177fbfe118163aaec7af1462c47945944c4e2c026be5e98bbcded25978272e1e3e079c5094d573f0e83c92f02b32d3513b1550b826929c80dd0f92cac966d17769fd5867b647c3f38029abdc48152eb8f207159ecc5d232c7c1537c79f4b7ac28ff11682f21681bf6d6aba555032bf6f9f036beb2aaa5b3778d6eebfba6bf9ea191be4ab0caea759e2f773a1f9029c73ecb8d5735b9321db085f1b8e2d8038fe2941992548cee0d67dd4547e11dd63af9c9fc1c5466fb684cf009d7197c2cf79e792ab501e6a8a1ca519af2cb9b5f6367e94c0d47502451357be1b500003000010002a30001080101030803010001af7a8deba49d995a792aefc80263e991efdbc86138a931deb2c65d5682eab5d3b03738e3dfdc89d96da64c86c0224d9ce02514d285da3068b19054e5e787b2969058e98e12566c8c808c40c0b769e1db1a24a1bd9b31e303184a31fc7bb56b85bbba8abc02cd5040a444a36d47695969849e16ad856bb58e8fac8855224400319bdab224d83fc0e66aab32ff74bfeaf0f91c454e6850a1295207bbd4cdde8f6ffb08faa9755c2e3284efa01f99393e18786cb132f1e66ebc6517318e1ce8a3b7337ebb54d035ab57d9706ecd9350d4afacd825e43c8668eece89819caf6817af62dc4fbd82f0e33f6647b2b6bda175f14607f59f4635451e6b27df282ef73d8700003000010002a30001080100030803010001b11b182a464c3adc6535aa59613bda7a61cac86945c20b773095941194f4b9f516e8bd924b1e50e3fe83918b51e54529d4e5a1e45303df8462241d5e05979979ae5bf9c6c598c08a496e17f3bd3732d5aebe62667b61db1bbe178f27ac99408165a230d6aee78348e6c67789541f845b2ada96667f8dd16ae44f9e260c4a138b3bb1015965ebe609434a06464bd7d29bac47c3017e83c0f89bca1a9e3bdd0813715f3484292df589bc632e27d37efc02837cb85d770d5bd53a36edc99a8294771aa93cf22406f5506c8cf850ed85c1a475dee5c2d3700b3f5631d903524b849995c20cb407ed411f70b428ae3d642716fe239335aa961a752e67fb6dca0bf72900003000010002a30001080100030803010001b6aec4b48567e2925a2d9c4fa4c96e6dddf86215a9bd8dd579c38ccb1199ed1be89946a7f72fc2633909a2792d0eed1b5afb2ee4c78d865a76d6cd9369d999c96af6be0a2274b8f2e9e0a0065bd20257570f08bc14c16f5616426881a83dbce6926e391c138a2ec317efa7349264de2e791c9b7d4a6048ee6eedf27bf1ece398ff0d229f18377cb1f6b98d1228ef217b8146c0c73851b89a6fc37c621ca187e16428a743ffea0072e185ef93e39525cee3ad01e0c94d2e511c8c313322c29ab91631e1856049a36898684c3056e5997473816fb547acb0be6e660bdfa89a5cb28b3669d8625f3f018c7b3b8a4860e774ee8261811ce7f96c461bc162c1a374f300002e00010002a3000113003008000002a30068a66180688ab2004f66007d114bf33e6d20e7588fdfde9a9e2a8ebd5593ce8bc06419e1d1a4afa8766abc1626504ea6243ca5fc9bce55a3f03c0e7eb488409690d84c3beb30f299da007ab69299d0e203c5b44b94328248768089a9b68982650e9ca2d37526307cbd9f06690e58c3c4a1703b1d1193ea0501417944b937b593294e339571eec42a3c700ce075d9c446e5d32bf979396c1c7935f69bd7df2826567fe582a3615d6095368be991b1e5dc39c0af3b0c39e0e353bbcb928e52e886193ac88da0cd8665ea992b642975aa5486f2e6514d0b5086c66ddd58fe8f7a27ecb128211e3ca1bdc4cad91f3cc9b63c526ebaea86075318e33bfc5a53c919e6f01262b24d178eb2cd04b1</tt> | ||
|
|
||
| Further valid test cases can be generated by using https://satsto.me and selecting the "Look up using satsto.me's native proof server" option. This will cause lookups to be a single request to a server which returns a full DNSSEC proof (without the HRN prefix), which can be exracted using your browser's console. |
There was a problem hiding this comment.
Suggested change
| Further valid test cases can be generated by using https://satsto.me and selecting the "Look up using satsto.me's native proof server" option. This will cause lookups to be a single request to a server which returns a full DNSSEC proof (without the HRN prefix), which can be exracted using your browser's console. | |
| Further valid test cases can be generated by using https://satsto.me and selecting the "Look up using satsto.me's native proof server" option. This will cause lookups to be a single request to a server that returns a full DNSSEC proof (without the HRN prefix), which can be exracted using your browser's console. |
| == Reference Implementations == | ||
| * A DNSSEC proof generation and validation implementation can be found at https://git.bitcoin.ninja/index.cgi?p=dnssec-prover;a=summary | ||
| * A lightning-specific name to payment instruction resolver can be found at https://git.bitcoin.ninja/index.cgi?p=lightning-resolver;a=summary | ||
| * Reference implementations for parsing the URI contents can be found in [[bip-0021.mediawiki|BIP 21]]. | ||
| * Reference implementations for parsing the URI contents can be found in [[bip-0321.mediawiki|BIP 321]]. |
|
|
||
| The following is an *invalid* DNSSEC proof when included in the `PSBT_OUT_DNSSEC_PROOF` record of a PSBT. | ||
|
|
||
| The following encodes the on-chain addres <tt>bc1qztwy6xen3zdtt7z0vrgapmjtfz8acjkfp5fp7l</tt> to <tt>invalid@dnssec_proof_tests.bitcoin.ninja</tt> but is '''invalid'''. |
There was a problem hiding this comment.
Suggested change
| The following encodes the on-chain addres <tt>bc1qztwy6xen3zdtt7z0vrgapmjtfz8acjkfp5fp7l</tt> to <tt>invalid@dnssec_proof_tests.bitcoin.ninja</tt> but is '''invalid'''. | |
| The following encodes the on-chain address <tt>bc1qztwy6xen3zdtt7z0vrgapmjtfz8acjkfp5fp7l</tt> to <tt>invalid@dnssec_proof_tests.bitcoin.ninja</tt> but is '''invalid'''. |
|
|
||
| The following are valid DNSSEC proofs to be included in the `PSBT_OUT_DNSSEC_PROOF` record in a PSBT. | ||
|
|
||
| This encodes address <tt>bc1qztwy6xen3zdtt7z0vrgapmjtfz8acjkfp5fp7l</tt> to <tt>simple@dnssec_proof_tests.bitcoin.ninja</tt> valid on August 7, 2025. Note that the second TXT record (which does not start with, case insensitive, "bitcoin:") is ignored. |
There was a problem hiding this comment.
Suggested change
| This encodes address <tt>bc1qztwy6xen3zdtt7z0vrgapmjtfz8acjkfp5fp7l</tt> to <tt>simple@dnssec_proof_tests.bitcoin.ninja</tt> valid on August 7, 2025. Note that the second TXT record (which does not start with, case insensitive, "bitcoin:") is ignored. | |
| This encodes address <tt>bc1qztwy6xen3zdtt7z0vrgapmjtfz8acjkfp5fp7l</tt> to <tt>simple@dnssec_proof_tests.bitcoin.ninja</tt> valid on August 7, 2025. Note that the second TXT record (which does not start with, case insensitively, "bitcoin:") is ignored. |
| @@ -157,10 +157,37 @@ ny84djksqpqk9ky6juc7fpezecxvg7sjx05dckyypnv9tmvfp6tkpehmtaqmvuupetxuzqf4t0azddjd | |||
| * Note that `lno` indicates a value containing a lightning BOLT12 offer. | |||
| * Note that the complete URI is broken into two strings with maximum 255 characters each | |||
|
|
|||
| === Example proofs === | |||
|
|
|||
| The following are valid DNSSEC proofs to be included in the `PSBT_OUT_DNSSEC_PROOF` record in a PSBT. | |||
There was a problem hiding this comment.
Aside, mediwiki doesn't handle back-ticks the way markdown does. There are already back-ticks in the current doc though, so this could be done document-wide later, if it matters.
Suggested change
| The following are valid DNSSEC proofs to be included in the `PSBT_OUT_DNSSEC_PROOF` record in a PSBT. | |
| The following are valid DNSSEC proofs to be included in the <code>PSBT_OUT_DNSSEC_PROOF</code> record in a PSBT. |
| Further valid test cases can be generated by using https://satsto.me and selecting the "Look up using satsto.me's native proof server" option. This will cause lookups to be a single request to a server which returns a full DNSSEC proof (without the HRN prefix), which can be exracted using your browser's console. | ||
|
|
||
| Generated proofs can be tested against the below `dnssec-prover` implementation at https://satsto.me/prooftest.html | ||
|
|
||
| == Reference Implementations == |
There was a problem hiding this comment.
Could add a line break between the Reference Implementations title and the body after, like the other sections, but it only makes a difference when viewing the source, not the rendered page.
alvroble
added a commit
to alvroble/embit
that referenced
this pull request
Aug 8, 2025
*Allow multiple TXT records in DNSSEC proof per BIP353 specification *Only one TXT record can start with "bitcoin:" (case insensitive) *Add validation from bitcoin/bips#1912
I don't think that is an appropriate way for BIPs to refer to test vectors. All of the details necessary to implement a BIP should be attached to the BIP in this repo and should not require implementers to go to some third party resource that may not exist in the future. Test vectors can be included in separate files contained in the repo, many BIPs do that as well. |
That would be significantly better. |
murchandamus
reviewed
Aug 8, 2025
|
It seems to me that BIP 353 should perhaps also be advanced to Proposed or Active after I have been reading about multiple implementations of BIP 353. Would you like to incorporate that into this same PR? |
13 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.