Expand description
§DNSSEC-validated bootstrap provider
Resolves the domains in crate::tools::config::BOOTSTRAP_DOMAINS via a
hickory-resolver configured to require DNSSEC authentication. Successfully-resolved
addresses are returned as the seed peer list.
DNSSEC matters here because bootstrapping is the one moment a client hasn’t yet authenticated anyone on the network — a hijacked A record from an unauthenticated resolver could redirect every new node to an attacker-controlled sybil cluster. Requiring DNSSEC-validated lookups pushes that attack surface back to the root trust anchor.