Serverless DNS: Self-hosted DNS resolver at the edge

262 点作者 saltymimir将近 3 年前

12 条评论

buffrr将近 3 年前

> Cloudflare Workers and Deno Deploy are ephemeral, as in, the process that serves client request is not long-lived, and in fact, two back-to-back requests may be served by two different isolates (processes)I suspect this would impact latency. Any benchmarks done to compare Cloudflare workers, Deno and fly.io for this specific application (i don't think ping alone is fair)? I'm guessing fly.io is more suitable here. Also, DoH clients generally maintain a pool of connections to the DoH server i'm not completely sure how this is handled with something like Cloudflare workers.

评论 #32287377 未加载

评论 #32294552 未加载

explorigin将近 3 年前

Does this have a clear advantage over Pihole? I see the android app and that's nice but not enough of a killer feature (for me to want) to switch.Pihole still offers nice things that a cloud solution can't, like local network resolution and DHCP.

评论 #32286899 未加载

评论 #32286822 未加载

评论 #32287903 未加载

评论 #32289025 未加载

dabeeeenster将近 3 年前

There's no info here on how you secure these servers? Couldn't someone just start using your resolver and end up costing you money?

评论 #32291422 未加载

评论 #32291581 未加载

erulabs将近 3 年前

Awesome! Need more alternatives to pihole. Going to make an installer for this for our home hosting hardware now :)

评论 #32295004 未加载

goodpoint将近 3 年前

All these solutions do very little for privacy, and DNS resolution is a big privacy hole.I'll stick with the Tor Browser where I can, but we really need Tor-backed local resolvers.

评论 #32289242 未加载

1vuio0pswjnm7将近 3 年前

I have computers today with enough storage space to hold entire multi-GB public zone files. The storage capability keeps increasing. However I only use a small fraction of that data. In fact, I have computers that can hold the DNS data for every domain name I will ever use in a lifetime.Of that data, a relatively small fraction changes periodically. Most of it is static. Generally, I only do remote DNS data retrieval periodically, not immediately preceding each and every HTTP request when accessing a www site.Every user is different but by controlling what RFC 1035 calls the "Master File" of DNS data I can avoid remote DNS lookups altogether. This speeds up www use for me, greatly. YMMV.The point that get missed in these discussions, IMHO, is that DNS is not just an issue of speed.^1 (And users can improve speed without help from third parties.) DNS is also an issue of control. Controlling DNS allows me as a user to disable the www's dark patterns where the user selects a domain name to access and the "browser" connects to various domain names to which the user had no intention of connecting.^2 I can easily thwart unecessary, unwanted phoning home, telemetry, tracking and online advertising because they all rely on using DNS that is, to some degree if not wholly, outside the user's control.1. For example, Google can undoubtedly win the race for DNS speed however the www user will always lose the contest over _control_.2. Originally this auto-fetching feature may not have been intended to support "dark patterns". However its usage today is a key element of those practices. There are companies today whose vision for the www is shaped by a need for programmitic advertising and the privacy invasion that this requires. They puch for standards and protocols optimised to support "complex" web pages comprised of many components, potentially controlled by various third parties, the most important of which are related to _advertising_. A www user might have a different vision. For example, I am able to use the www quite effectively for informtation retrieval (not commerce) without using auto-fetching.^3 I treat www pages as "simple" ones with only one significant component and none controlled by third parties. This allows me to consume larger quantities of information more rapidly, with less distraction. "Simple" www pages are more valuable to me than complex ones. Though they might be less valuable to "tech" companies seeking to sell advertising services.3. Common Crawl, the source for much-hyped "AI" projects such as GPT-3, uses the www in a similar way. There are no components for "complex" websites such as Javascript files in the archives.

评论 #32290058 未加载

评论 #32293461 未加载

aseipp将近 3 年前

The biggest thing this is missing to make it turnkey is DDR, "Discovery of Designated Resolvers". I have deployed multiple iterations of my own custom DNS setup for my home network, and I keep coming back to these "Serverless" things for DNS, because they fit the usage profile very, very well, and don't need any extra work for your home network vs a WAN, and in some ways are actually can be more reliable, since availability is critical and these per-request service models abstract those concerns away a bit (I have more than once had to unfuck a lot of stuff after a CoreDNS outage on my network.) I've been waiting for this for a while now, because it means I can finally make a custom, secure DoH deployment available to all my friends and family: <a href="https://techcommunity.microsoft.com/t5/networking-blog/making-doh-discoverable-introducing-ddr/ba-p/2887289" rel="nofollow">https://techcommunity.microsoft.com/t5/networking-blog/makin...</a>The TL;DR is that these serverless offerings require you to use the actual HTTPS hostname they expect, so it can actually, you know. Work. They are often run on cloud servers so you have to have a proper 'Host:' field configured when doing HTTP requests to resolve the service correctly and begin doing secure queries. But then how do you do the initial bootstrap and find the HTTPS hostname to use?So if you want this turnkey, like, "I could configure my non-technical family PC to use it", you really need one extra piece: an ordinary DNS server on port 53 UDP. You actually configure your users to use this DNS server, but its only real job is to then point them to the real DoH server, with the hostname given, thus bootstrapping the connection. (Read the blog post about how this initial query is secured, I'll leave that to you.)This kind of throws a wrench in the serverless thing, because you need some DNS service sitting on port 53 somewhere. But this initial bootstrap is much less latency sensitive than normal DNS and it is needed infrequently, so you could probably do this fine with CoreDNS and a shit $1 VPN on the internet. As a bonus, if you have clients that do not support DDR, you could configure this resolver to transparently use your serverless DOH resolver as a backend (so there's no difference in resolved names, just the features available.)It looks like Deno is the only serverless offering I can see that offers UDP support, which means you could, for their platform only, avoid the intermediate VPS and have an entire DoH+DDR capable stack all at once. That's very appealing; maybe I should sign up...

评论 #32287185 未加载

评论 #32294132 未加载

ur-whale将近 3 年前

Node-based Javascript code that calls the shell on my Linux server?Nope, thank you.Living dangerously is one thing, being suicidal is another.<a href="https://github.com/serverless-dns/serverless-dns/blob/main/src/core/linux/swap.js" rel="nofollow">https://github.com/serverless-dns/serverless-dns/blob/main/s...</a>

评论 #32287612 未加载

评论 #32287588 未加载

评论 #32294530 未加载

QuiiBz将近 3 年前

I wonder what can this be used for?

评论 #32286617 未加载

评论 #32286949 未加载

评论 #32286649 未加载

评论 #32286557 未加载

评论 #32286548 未加载

hacker_newz将近 3 年前

Why on earth would you want serverless dns?

评论 #32287758 未加载

greyface-将近 3 年前

We're calling code running on Cloudflare, Deno, or Fly.io "self-hosted" now?

评论 #32289043 未加载

评论 #32289140 未加载

larsonnn将近 3 年前

Reason?