Self-hosted GeoDNS is working out well.
Randomized location ping to 0.grapheneos.org (North America):
nodeping.com/reports/summar
Randomized location ping to grapheneos.org:
nodeping.com/reports/summar
It's largely from NA/EU locations which matches our userbase.
Conversation
Western Canada/US location would help a lot but we don't really want to use another provider for it and OVH has their US locations in a separate US entity. Pretty much counts as a separate provider since it'd be a separate account. Too bad they don't have a Vancouver DC...
1
7
This Tweet was deleted by the Tweet author. Learn more
It would be nice to have anycast but we'd want to be using it via something like buyvm.net/anycast-vps/ and that doesn't have enough locations + there aren't really other options. We want to have self-hosted services and it's important for it to be unmetered too.
1
Metered services are pretty much throwing away all resistance to DoS / DDoS because someone could easily bankrupt us or force us to take down the services based on cost. Part of why OVH is such a good provider for us: dedicated servers, traditional VPS, cloud VPS are unmetered.
1
This Tweet was deleted by the Tweet author. Learn more
buyvm.net is also unmetered and has nicer cheaper guaranteed CPU options compared to OVH Public Cloud instances. They're a smaller provider and generally sold out of most of their VPS products though. Not sure how well they handle DDoS compared to OVH either.
1
It'd be nice if OVH had an equivalent to buyvm.net/anycast-vps/ so we could do anycast for DNS with instances in Quebec/France/Singapore. At the moment, we just have one in Quebec, one in France and we just accept that the uncached DNS resolutions aren't going to be low latency.
1
That's the downside of self-hosting it compared to using the anycast Google Domains DNS or Cloudflare DNS. It has a lot of advantages though.
Nearly all managed DNS providers also don't let you do GeoDNS without paying for an expensive metered service if they have it at all.
1
The only unmetered managed DNS service we found with low latency anycast + GeoDNS + DNSSEC + DANE is rage4.com. It'd probably work quite well but we decided to just go with self-hosting. Their pricing based on # of records is annoying since we need a bunch of them.
Cloudflare's load balancing feature looks great and has the fancy features we can do ourselves via PowerDNS but with very low latency anycast making it reasonable to use low TTLs for DNS-based failover, etc. It's metered though, so we can't even consider using it. Too abusable.
1
Someone could make billions of DNS queries and cost us lots and lots of money over time. It's also not like we could figure out what was happening and do anything about it aside from moving away from the service. It's just not really something that can work for us.
This Tweet was deleted by the Tweet author. Learn more
There are benchmarks at dnsperf.com and you can see Rage4 does astonishingly well for a smaller provider. Google is also surprisingly bad.
OVH managed DNS sucks doesn't take advantage of their infrastructure very well. Separate division from what we use.