-
-
Notifications
You must be signed in to change notification settings - Fork 93
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RR HA / LB multiple upstreams, i.e., DNSCrypt ? #89
Comments
It really depends on your hosting infrastructure. Maybe your cloud provider already offers some load-balancing service. Otherwise, if you want a traditional load balancer and avoid the K8S complexity, Nginx can load-balance TCP and UDP traffic, is simple to setup and it will work just fine with DNS. If you want something container-aware yet not too complicated to configure, gobetween is pretty nice. |
I'm curious if there were a way to automatically spool-up dnscrypt
depending on the latest available known resolvers config file pinned by
region, and/or included and/or excluded by regex. Or launch N instances of
EDS with scripting?
Home is an opnsense appliance with internal virtualization setup. Sometimes
use dnsscrypt on projects. Nginx is useful for some things, but pdns_recursor
for a stationary use might be better.
The main gotchas for continuous home, office, and/or coffeeshop wifi use
are 1. captive portals and 2. resolution locality for large blob transfers
like updates.
For most external projects, I don't use K8S or containers due to weak
resource and security isolation. I tend to opt for VPS, colo, and leased
metal on orchestrated type-1 virtualization. Friends don't let friends use
open, unsigned containers from random people while driving.
…On Sun, Jun 26, 2022 at 8:06 AM Frank Denis ***@***.***> wrote:
It really depends on your hosting infrastructure.
Maybe your cloud provider already offers some load-balancing service.
Otherwise, if you want a traditional load balancer and avoid the K8S
complexity, Nginx can load-balance TCP and UDP traffic, is simple to setup
and it will work just fine with DNS.
If you want something container-aware yet not too complicated to
configure, gobetween <https://gobetween.io> is pretty nice.
—
Reply to this email directly, view it on GitHub
<#89 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AABWYMCCELW7MRDXYKEMBYDVRBIV3ANCNFSM5Z3WUCVA>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
Can you clarify what the question is? You can run multiple instances of EDS. Run it once, and then just copy the configuration and state files to other hosts. The keys will be automatically synchronized. |
1 host, N upstream DNScrypt resolvers
…On Mon, Jun 27, 2022 at 3:30 AM Frank Denis ***@***.***> wrote:
Can you clarify what the question is?
You can run multiple instances of EDS. Run it once, and then just copy the
configuration and state files to other hosts. The keys will be
automatically synchronized.
—
Reply to this email directly, view it on GitHub
<#89 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AABWYMFMH27CPAJKMMLJU2LVRFRBRANCNFSM5Z3WUCVA>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
Using
dnscrypt-proxy
is was a matter of running N instances and unifying them using something likednsmasq
.What topology is recommended to create a resilient resolver setup (w/ DNSSEC support)?
The text was updated successfully, but these errors were encountered: