# ECP-0017: opt-in DHT + mDNS discovery (DNS off by default)

## Status
Draft

## Context
The current iroh endpoint setup uses default DNS-based discovery implicitly. We want discovery to be explicit and privacy-preserving by default, while still supporting decentralized discovery when users opt in. DHT discovery provides global, decentralized rendezvous; mDNS handles local networks without external infrastructure.

## Decision
Switch endpoint construction to `Endpoint::empty_builder` with no discovery providers by default. Add opt-in discovery modes for DHT and mDNS. DNS discovery is disabled unless explicitly added in a future ECP.

## Details
- Add a discovery config that can be set via `EVERY_CHANNEL_IROH_DISCOVERY` (comma-separated: `dht`, `mdns`, `dns`).
- Use iroh address lookup providers: `DhtAddressLookup` for `dht`, `MdnsAddressLookup` for `mdns`, and `PkarrPublisher` + `DnsAddressLookup` for `dns` (when explicitly enabled).
- Keep existing mDNS peer discovery (address-lookup) for LAN gossip bootstrapping.
- If discovery is disabled, peer addresses must include relay/address info (e.g., share bundle JSON).

## Consequences
- DNS-based discovery is no longer automatic; opt-in discovery is required for ID-only dialing.
- Privacy improves by default (no implicit DNS publishing).
- Operators can enable decentralized DHT discovery when they want global reach.

## Follow-ups
- Consider an explicit `dns` discovery mode if needed.
- Add UI toggles for discovery modes (for non-CLI users).