-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add a way to update /etc/servers #56
Comments
The guys at dnscrypt (https://github.com/DNSCrypt/dnscrypt-resolvers/tree/master/v3) are running something based on public/private key for their lists. Probably they keep the list on github and the private key is embedded in the program. I'll look into it. |
They use minisign and reference a cache file / minisign key in their configuration file tying things together. Quite nice actually. |
The way we do it today: we start the proxy and test servers from the list at random in the geographical zone where the proxy is located (Asia-Pacific, Americas, Europe). We find two servers working, and pick the fastest one. If the first one responds in under 80 ms and it has a keepalive timer 110 seconds or higher, we don't bother with the second one. So far we have:
The numbers are still going up. We can survive if for any reason half the servers are down. At any time some of them are broken, usually expired SSL certificates - it takes them a few days to come back. I guess the model is the one from Tor network. They have thousands of exit nodes (most exit nodes are resolving dns locally). I don't know how they download the initial list. I assume the list is never stored on the client computer. They also have very good geolocation for the client - the packet is tor-geoipdb in Debian. So let's keep this open for now, hopefully the number of servers goes up and we just update the list from time to time. |
From: #55 (comment)
AA prevents writing to /etc/fdns:
fdns/etc/apparmor/usr.bin.fdns
Line 28 in dcc0c07
The text was updated successfully, but these errors were encountered: