Everything is going up!

7 Comments

Happy to report that everything is going up :-)

  1. Usage is going up – we’re pushing now around 7 GB/day
  2. RAM went up with the recent upgrade
  3. Cache Hit Ratio went up from around 42% to 78%
  4. Sadly, running cost went up because of traffic used (1) and costlier VM option (2)

Roughly: Double the RAM means double the cost. Plus some (minor) extra on all traffic beyond 50GB / month.

For transparency – as usual – I’ve updated the costs on the “support us” page.

 

Happy resolving!

7 Responses to “Everything is going up!”

  1. Andrew

    Hello there,
    I found this network geographically best for me, but I got several problems with configuration. Could you help me please? I installed dnscrypt-proxy and dnsmasq on my archlinux raspberry-pi. Then I followed archlinux wiki and dnscrypt works. I mean after I put “dig debug.opendns.com txt” to terminal I got SERVER: 127.0.0.1#53(127.0.0.1) and “dnscrypt enabled (71447764594D3377)”

    # However I change /etc/conf.d/dnscrypt-proxy to:
    DNSCRYPT_LOCALIP=127.0.0.2
    DNSCRYPT_LOCALPORT=2056
    DNSCRYPT_USER=nobody
    DNSCRYPT_PROVIDER_NAME=2.dnscrypt-cert.soltysiak.com
    DNSCRYPT_PROVIDER_KEY=25C4:E188:2915:4697:8F9C:2BBD:B6A7:AFA4:01ED:A051:0508:5D53:03E7:1928:C066:8F21
    DNSCRYPT_RESOLVERIP=178.216.201.222
    DNSCRYPT_RESOLVERPORT=2053

    # and /etc/dnsmasq.conf to:
    no-resolv
    server=127.0.0.2#2056
    listen-address=127.0.0.1

    I can’t nothing like “dnscrypt enabled (71447764594D3377)”

    Do you have any idea what’s wrong or how to test it in other way through terminal? Thanks for any tips and helpful suggestions.
    And of course thanks for providing such a great service for all of us, without logs and even with dnssec!

  2. Maciej Soltysiak

    Hi Andrew!

    When using a dnscrypt service only the chosen dnscrypt server will know you had an encrypted connection so if you are using mine, OpenDNS will see a query that I run on your behalf.

    In other words the TXT record for debug.opendns.com can only report dnscrypt if your dnscrypt-proxy is talking to them.

    Although I do not yet have debug like this there are at least two ways to check you are using it. One is to run tcpdump on port 2053 and correlate queries with packet dumps.

    Second, sine I resolve Namecoin domains, if you get a response for dnscrypt.bit, it works.

    I hope this helps you. The config you sent seems fine. Let me know if you have doubts.

    I will have to setup some kind of debug for users to be able to check if dnscrypt is in operation.

    Thanks
    Maciej

  3. Andrew

    Hey Maciej,

    thank you very much for your detailed explanation. Finally I got it. : ) Unfortunately I refused to concede that the dig and TXT record works only for their servers yesterday.
    Here’s one of your tips that helped: # tcpdump -i eth0 dst host 178.216.201.222 and dst port 2053

    Thanks for your time and service you’re doing. Really like this idea! I was wondering if you might be able to give me some advices if I would consider to run another public server. Greetings from Czech Republic!

  4. Maciej Soltysiak

    Hurray! I’m happy to have provided a useful response with tcpdump there. I actually could do something that it detects on the home page if the service is being used. A detection mechanism similar to http://test.dnssec-or-not.org/

    I was also planning to do a howto and a screencast for setting up dnscrypt-wrapper and unbound, which is basically what it is, but extended with the Namecoin, dnschain stuff, which is not that essential for a core setup. I’ve published a bit about it: https://dnscrypt.pl/transparency/ but I realize it’s just an ascii schematic.

    Feel free to follow @dnscryptpl on twitter if you use it, I publish the more important news there too.

    Maciej

  5. Andrew

    Agree, web detection mechanism would be even more badass feature. And any screencast or more specific howto about setting up DNScrypt would be really appreciate. I’m looking forward to learn over and above about it.

    Andrew

  6. Maciej Soltysiak

    So, for now, I’ve just done this: https://using.dnscrypt.pl/
    If you’re using DNSCrypt PL it will tell you. It’s DNS-based.
    Does it work ok for you? On and off?

  7. Andrew

    Hello Maciej,

    wow, that was pretty quick to find the way of validation. Thank you for https://using.dnscrypt.pl/
    But to be honest I am afraid of that I can’t test it out anytime soon. Nevertheless I’ll do my best to make time for it. And I’ll let you know.

Leave a Reply