Replying to Avatar phil

8.8.8.8 and 8.8.4.4 are Google’s public DNS servers although some ISPs now hand those out rather than running there own DNS. People can run their own DNS server that will do recursive lookups against the root DNS servers, or if they are using a VPN then use their VPN providers servers.

Anycast relays would be great but to do this completely independently with out being tied to a specific hosting provider gets very costly as you need your own IP address space, routers, IP transit services supporting BGP etc. The issue is going to be how to make that viable to operate.
Avatar
⚡️🌱🌙 2y ago

Yes I know they are the Google servers. Google are subpoenaed for those logs so often it’s easier for them to just co-locate government assets.

I think it’s OK to use normal DNS service, except in certain countries during times of information clamp down. This is obviously when free information might be most valuable so it makes sense to have resilience against the kinds of oppression that we all have seen before.

For me the big challenge with the Anycast isn’t the technical aspects, it’s how to do it without single entity ownership?

Reply to this note

Please Login to reply.

Discussion

Avatar
phil 2y ago

I think we would need multiple sets of anycast relays, run by different organisations or groups based in different jurisdictions. Then if one gets shut down or is forced to remove content, the others can continue to operate.

Avatar
phil 2y ago

Also, I’m not sure if you’ve seen this already but I’ve been experimenting with a geographically diverse relay using geo DNS to redirect to the closest server with failover if a server fails. It provides some of the benefits of anycast but not all. I’m considering how this could be made less reliant on a single GeoDNS provider. Details of what I have set up are here:

https://www.austrich.net/austrich-relay/

Avatar
⚡️🌱🌙 2y ago

Haven’t seen that yet. Amazing.

Some reading for me.

Avatar
captjack 🏴‍☠️✨💜 2y ago

exactly - ISP n BGP can tear down by law enforcement in anywhere - that dependent tech solution wont work