New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
I know how DNS works. Not really, better than rolling the dice with 100% your own nightmare to maintain. And 1/3 will be anycasted anyway. (Change it to 1 of 2 anycasted if you wish) That's why I said the other two can be locations of your choice that makes sense. LEBs are not reliable means for real world DNS
GeoDNS is pointless as the IP database is not accurate enough and public/ISP resolvers are doing the lookups
Oh, I see somebody has some catching up to do on that score Recommend the other, GeoDNS thread for that...
Granted that GeoDNS is imperfect and work in progress, so to speak. That's a far cry from useless, as you seem to think. On the contrary, assuming your business can take advantage of geo-targeting and you have a matching POP infrastructure in place, GeoDNS is a real game changer. Especially so when targeting clients from regions where internet infrastructure is less developed or throttled for one reason or another. Cases in point: Africa, China, India, Indonesia, Latin America - places that make up the majority of world population (read: majority customer base for some goods/services
One POP in, say, Dallas, pretty much covers all of North America. Ditto Frankfurt in Europe. You need at least 4 POP's each to get similar results in Africa or Asia.
GeoDNS, if implemented properly, can work pretty well for websites.
Here's some stats from a website that's serving many, many requests every month, with EU and US POPs, sample size ~1 million unique visitors:
US POP:
{"unknown": 340, "Africa": 1640, "Asia": 12574, "Europe": 11239, "North America": 680897, "Oceania": 17765, "South America": 206911}
EU POP:
{"unknown": 1053, "Africa": 15328, "Asia": 436541, "Europe": 550571, "North America": 2321, "Oceania": 5721, "South America": 2394}
I wouldn't be too concerned about Geo hit rates. In the end one can see it like caching. Hitting 80% of the time is an immense advantage. I just wouldn't care about the occasional miss.
I run my own authoritative NS with MaraDNS.
advantages: 100% control. You are your own boss. Forward to Google DNS and let it snoop you? Fck that! Forward to OpenDNS? Fck that too! Your box. Your DNS. Your rules.
disadvantages: Time. Time to make sure that everything is working as should and you have to also constantly make sure to keep it secure. (but that can be said of any server stuff anyway...,.)
And if you are ever going to setup VPN to your VPS then having your own DNS is pretty much mandatory. Otherwise you are risking for DNS leaks and revealing your true IP.
As a side note: Even having own DNS server is not enough with $#¤%!"#"# Windows VPN clients...
With windows VPN clients, to really make sure you block all the DNS leaks, you have to either a) have software firewall that block all DNS request that are not targeted to your DNS server (thanks to f*cking scvhost.exe....) or b) actual VPN router/gateway (buy or make your own from Raspberry Pi) that will force everything going throught your VPN pipe.
Linux VPN clients are fine. That operating system is sane and respects your private DNS server settings.
Wow, kudos to you for living up to your username.
Heh. Thanks :-)
But seriously. If anybody is using VPN right now (like me) then please do yourself a
favor and please check http://ipleak.net/
If the "DNS Address detection" is not the same as your "Your IP Address" then you are risking for DNS leak.
If "Your IP address - WebRTC detection" shows any IP then you are royally f*cked and need to fix it right now by following the advise from here:
http://torrentfreak.com/huge-security-flaw-leaks-vpn-users-real-ip-addresses-150130/
@UltraParanoid
http://ip-api.com/ has support for WebRTC, edns, and is a lot cleaner than ipleak.net imo
Uh oh...
The first time I'm hearing about edns and seems using Google and OpenDNS on my VPN servers dnsmasq might not work in my favor? My real country is written on that page.
Gotta find a way - on server side - to block it...
Damn.
Edit: Removed secondary dns servers I send to the clients. Problem solved. :P
Edit 2: Or not...
By the way mates, is there any online tool that can check if my authoritative DNS are set correctly?
intodns.com
http://www.webdnstools.com/dnstools/domain_check
dnsinspect.com/
dnscheck.pingdom.com/
Thank you mates. Everything looks ok.