Boundary nodes - custom domains / canisters with IP addresses?

Perhaps each boundary node can provide canisters with their own IPv4 or IPv6 address. (probably a paid service)
So one canister can have multiple IP addresses pointing toward different boundary nodes and then use all the goodness of something like Route 53.

So instead of boundary nodes providing subdomains like *.ic0.app
they will also allow custom domains (domain.com) to point to many boundary nodes simultaneously, all leading to one canister.
And this canister can also have routing for its subdomains (according to a protocol, boundary nodes can ask that canister where subdomain.domain.com resolves, which will point to another canister.
Maybe that’s how ic0.app works right now, but can we get it for all developers?

EDIT: Since IPv4 addresses are expensive and IPv6 aren’t supported. We can also add a DNS record that has the canister id inside. So boundary node can ask the DNS to which canister it should resolve, instead of doing that based on IP.

EDIT: Maybe that DNS record should be signed by the canister message.


Boundary nodes will validate and cache it. If someone steals the domain and changes the record, they will also need a signature from the canister with a date later than the cache.
Then we have two benefits:

  • Internet Identity can be set in a way that URL like https://jglts-daaaa-aaaai-qnpma-cai.ic0.app/ controls the users even if they are singing from a custom domain and can remove the link.
  • Only the canister can allow that domain to use the boundary nodes.

So that gives more control to the DAO which owns private keys and whoever holds the domain doesn’t have much. They can only point it to a web2 server without permission and they will also lose all Internet Identity users.

1 Like

I like this and think allowing custom domains natively, should be on high priority for the IC. Its been requested by users for a long time for many of the IC hosted applications (including ours).

1 Like

Hi infu,

I am a researcher on the boundary node team. Custom domains are on our roadmap and we will get to it rather sooner than later. For more information have a look at our roadmap update.

We already have a good idea of how to add support for custom domains and it matches many of the points you brought up.

At a high-level, you will have to direct traffic to the boundary nodes by using a CNAME in your DNS entry. You also need to specify to which canister the domain should be mapped. Then, a couple of things need to happen in the boundary node such that they can terminate TLS for the custom domain.

7 Likes