Add a way to update /etc/servers #56
Comments
|
The guys at dnscrypt (https://github.com/DNSCrypt/dnscrypt-resolvers/tree/master/v3) are running something based on public/private key for their lists. Probably they keep the list on github and the private key is embedded in the program. I'll look into it. |
They use minisign and reference a cache file / minisign key in their configuration file tying things together. Quite nice actually. |
|
The way we do it today: we start the proxy and test servers from the list at random in the geographical zone where the proxy is located (Asia-Pacific, Americas, Europe). We find two servers working, and pick the fastest one. If the first one responds in under 80 ms and it has a keepalive timer 110 seconds or higher, we don't bother with the second one. So far we have:
The numbers are still going up. We can survive if for any reason half the servers are down. At any time some of them are broken, usually expired SSL certificates - it takes them a few days to come back. I guess the model is the one from Tor network. They have thousands of exit nodes (most exit nodes are resolving dns locally). I don't know how they download the initial list. I assume the list is never stored on the client computer. They also have very good geolocation for the client - the packet is tor-geoipdb in Debian. So let's keep this open for now, hopefully the number of servers goes up and we just update the list from time to time. |
From: #55 (comment)
AA prevents writing to /etc/fdns:
fdns/etc/apparmor/usr.bin.fdns
Line 28 in dcc0c07
The text was updated successfully, but these errors were encountered: