Chạy một DIG node
dig-node là gì, tại sao bạn nên chạy một node, và cách cài đặt nó — kho apt cho Ubuntu/Debian hoặc trình cài đặt phổ dụng đa nền tảng.
dig-node là gì, tại sao bạn nên chạy một node, và cách cài đặt nó — kho apt cho Ubuntu/Debian hoặc trình cài đặt phổ dụng đa nền tảng.
Configure a dig-node: listen ports and listeners, the cache cap, and the upstream the node blind-fetches from — via config and DIGNODE_* environment variables.
Mở nội dung chia:// mà chính trình duyệt của bạn xác minh dựa trên blockchain — không host nào có thể thay đổi hay giả mạo nó, nội dung riêng tư vẫn riêng tư với host, và nó vĩnh viễn và có thể lưu trữ lại ở bất cứ đâu, nên không ai có thể gỡ nó xuống hay khóa bạn lại.
The cross-platform dig-node installer for Windows, macOS, and any Linux: one curl | sh (or a direct download), installs the service and the digstore CLI, and registers dig.local.
Install dig-node and the digstore CLI on Ubuntu/Debian from the apt.dig.net repository, and run dig-node as a managed systemd service.
The normative node↔node protocol: mTLS peer identity (peer_id = SHA-256(TLS SPKI DER)), the two RPC tiers (mTLS-authenticated PEER/CONTROL vs anonymous PUBLIC-READ so browsers can retrieve content), the ordered NAT-traversal ladder (direct → UPnP → NAT-PMP → PCP → relay-coordinated hole-punch (signalling only) → relayed/TURN transport), the relay's four roles (STUN, introducer, hole-punch signalling, relayed transport), STUN reflexive-address discovery, introducer + gossip peer discovery, PEX peer-exchange (node↔node stream + the RLY-008 relay introducer binding), the Kademlia DHT with provider records that locate which peers hold content (find_node/find_providers/add_provider/ping over a framed dig-nat mTLS stream; content-key = SHA-256(domain-tag ‖ store_id[‖root[‖retrieval_key]])), the relay RelayMessage wire (RLY-001..RLY-008), the peer RPC methods (dig.getPeers/dig.announce/dig.getNetworkInfo/dig.getAvailability/dig.listInventory/dig.fetchRange), and the relay-last-fallback invariant (prefer hole-punch signalling over full relaying).
The normative privacy-mode content-retrieval protocol: the per-request speed-vs-privacy toggle on the dig RPC surface, how a private read is onion-routed end-to-end (requester → guard/entry → middle → exit → providers → back) with a who-knows-what table, telescoping circuit construction over dig-nat mTLS (ntor X25519 + HKDF-SHA256 handshake, fixed-size 512-byte ChaCha20-Poly1305 layered cells, the RELAY command set), the onion-relay directory (dig-dht tag 0x04) and relay advertisement, guard nodes, the exit reusing the ordinary merkle-verified content read, and the honest threat model (partial-adversary unlinkability, stronger than Tor on exit integrity, weaker on anonymity-set size and Sybil cost).
Operate a running dig-node: the control.* admin RPCs (status, cache, peers) and the DIG Browser's My Node UI that drives them.
Make the DIG Browser or extension read from your local dig-node first (dig.local → localhost), falling back to rpc.dig.net — local-first reads that share one .dig cache.
How a DIG node stays reachable behind NAT through a relay, the relay.dig.net default, and how to run your own relay.