And to get the ball rolling, here's a comment I just shared over on the dnschain github repository, regarding full public (versus on-cstorm) availability of our new resolvers. As I say in the comment, I'm echoing it here both to ensure folks can address the issues it raises (even if they aren't active in that particular github repository), and also to let folks know there's an active discussion over there in the event they'd like to jump in and participate directly.
Without further ado, here's the comment as posted:
We'd be happy to be added to the list - thanks for catching this!
There's been some back-and-forth wrt making our newly-birthed resolvers fully public, or only accessible to folks on-cstorm. I'd say this is an open question at the moment, in terms of team discussion, with the current assumption that we'd set up a separate infrastructure to handle fully public usage in order to ensure we don't end up getting hammered and impacting on-cstorm network performance.
Which is all to say - when we do get added to the list of public resolvers, could someone poke us so we know? That way we can accelerate the provisioning of a dedicated foundation to support the public side of this infrastructure (dnschain1.cryptostorm.net & dnschain2.cryptostorm.net).
And yes it's a bit weird that our resolvers are hostnames rather than IPs - we refer to them as such in order to give ourselves a bit of flexibility in shifting the physical components of the system around until it settled into a stable equilibrium. For example, we'd used a dev box for our first iteration of beta (public) dnschain'd resolver - with associated IPs - and since then we've repurposed that box as a dedicated Tor relay (mishi.cryptostorm.net) so those IPs are no longer available for use in a resolver context, in terms of security considerations. Thus we'll be re-mapping those dnschain1/dnschain2 hostnames... first to our in-house resolvers in Iceland and then (per rambling discussion above) to a dedicated box separate from our production Icelandic resource pool.
I'm going to echo this post over to a cryptostorm.org post as well, just to ensure that folks in our community who might not see this here on github can stay in the loop - that's purely for coordination purposes, and we'll consider this thread here as the relevant one with respect to the question of publicising our resolvers as publicly-available resources.