Agent sends a JSON payload of instant (current Unix time in milliseconds,
used to protect against replay attacks), holochain_public_key in Base36
encoding, and zerotier_address in hexadecimal to Registry POST /v1/update endpoint. Payload is signed by Holochain and ZeroTier keys.
Signatures are specified as HTTP headers in Base64 format.
Example request:
HTTP POST https://router-registry.holo.host/v1/update
X-Holochain-Signature: Rl0zgv+t2aBVHX2hrvx7OwZZnssA4n3WMp3i
X-ZeroTier-Signature: xgTafxZtsb4DzWij4mk40ONC2QlHQ1UfB+FMC
{
"instant": 1568784840568,
"holochain_public_key": "cf05t9ugbh4wukhcws2m0ra4vginah2wnx3cd9kuselrfxncj",
"zerotier_address": "59727631b0"
}
Endpoint is idempotent, so that Agent can run periodically, at the very least on each boot. This makes loss of Registry state much less of an issue, since Agents will naturally repopulate it (subject to how often it is set up to run).
Gateway dispatches unaltered TCP traffic by TLS SNI that is resolved using
system-wide DNS, which is normally set to Registry GET /v1/dns-query passed through dnscrypt-proxy.
Dispatch is only allowed for hostnames that end with .holohost.net.
DNS-over-HTTPS resolver and HTTP POST /v1/update
server implemented on top of Cloudflare Workers.
Endpoints:
-
POST /v1/updateadds Base36-encoded Holochain public key -> internal ZeroTier IPv4 address mapping to Workers KV.See Agent docs for request docs. Response doesn't have a body.
-
POST /v1/dns-queryis a DNS-over-HTTPS resolver.It accepts
Aqueries, looks internal IPv4 address by public key, and responds with ZeroTier IPv4 address. TTL is hardcoded to 10 seconds.Both request and response are in
application/dns-messageDNS wire format. For encoder/decoder, see dns-packet. Also see RFC 8484.