Open skull-squadron opened 2 years ago
jedisct1
commented
2 years ago It really depends on your hosting infrastructure.
Maybe your cloud provider already offers some load-balancing service.
Otherwise, if you want a traditional load balancer and avoid the K8S complexity, Nginx can load-balance TCP and UDP traffic, is simple to setup and it will work just fine with DNS.
If you want something container-aware yet not too complicated to configure, gobetween is pretty nice.
skull-squadron
commented
2 years ago I'm curious if there were a way to automatically spool-up dnscrypt depending on the latest available known resolvers config file pinned by region, and/or included and/or excluded by regex. Or launch N instances of EDS with scripting?
Home is an opnsense appliance with internal virtualization setup. Sometimes use dnsscrypt on projects. Nginx is useful for some things, but pdns_recursor for a stationary use might be better.
The main gotchas for continuous home, office, and/or coffeeshop wifi use are 1. captive portals and 2. resolution locality for large blob transfers like updates.
For most external projects, I don't use K8S or containers due to weak resource and security isolation. I tend to opt for VPS, colo, and leased metal on orchestrated type-1 virtualization. Friends don't let friends use open, unsigned containers from random people while driving.
On Sun, Jun 26, 2022 at 8:06 AM Frank Denis @.***> wrote:
It really depends on your hosting infrastructure.
Maybe your cloud provider already offers some load-balancing service.
Otherwise, if you want a traditional load balancer and avoid the K8S complexity, Nginx can load-balance TCP and UDP traffic, is simple to setup and it will work just fine with DNS.
If you want something container-aware yet not too complicated to configure, gobetween https://gobetween.io is pretty nice.
— Reply to this email directly, view it on GitHub https://github.com/DNSCrypt/encrypted-dns-server/issues/89#issuecomment-1166527087, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABWYMCCELW7MRDXYKEMBYDVRBIV3ANCNFSM5Z3WUCVA . You are receiving this because you authored the thread.Message ID: @.***>
jedisct1
commented
2 years ago Can you clarify what the question is?
You can run multiple instances of EDS. Run it once, and then just copy the configuration and state files to other hosts. The keys will be automatically synchronized.
skull-squadron
commented
2 years ago 1 host, N upstream DNScrypt resolvers
On Mon, Jun 27, 2022 at 3:30 AM Frank Denis @.***> wrote:
Can you clarify what the question is?
You can run multiple instances of EDS. Run it once, and then just copy the configuration and state files to other hosts. The keys will be automatically synchronized.
— Reply to this email directly, view it on GitHub https://github.com/DNSCrypt/encrypted-dns-server/issues/89#issuecomment-1167046550, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABWYMFMH27CPAJKMMLJU2LVRFRBRANCNFSM5Z3WUCVA . You are receiving this because you authored the thread.Message ID: @.***>
Using
dnscrypt-proxyis was a matter of running N instances and unifying them using something likednsmasq.What topology is recommended to create a resilient resolver setup (w/ DNSSEC support)?