Today, I am launching a reboot of the good ol' DNSCrypt Poland service. New software, new infrastructure, more transparency, no Namechain though. The old service under the moniker soltysiak will keep on running until April 1st 2021. All users are advised to switch!
DNSCrypt Poland was born in October 2013. At the time it was the first and only service in Europe. It started as a fun mini-project for me to encrypt my own traffic, but shortly after I created a quick Wordpress blog to provide service announcements, put up my face and contact details to build trust. I've seen traffic increasing, seeing more demand for RAM for unbound cache and hungry namecoind daemon. There were ups & down, moments when lack of finance got in the way and I asked for support. I got it and used it all up for hosting, domains and website, doing 100% of what I could myself.
I even published some financial statements but quickly after Q1 2017 I couldn't have spent that much time on maintaining the service. It was set up well and I didn't have to touch it for months. I've had an uptime of more than 600 days twice!
Later the service has gotten very quirky. The Debian distribution got far behind easily updateable, unbound daemon started acting up and crashing every now and then, causing weird outages when systemd was restarting it. Some outages were due to dnscrypt-proxy suddenly segfaulting. A bug I never managed to debug due to -ENOTIME.
End-game & reboot!
This meant an overhaul of the service was long overdue. I worked on this in the last couple of months and here it is!
- Same data-centre, new server, current OS (Ubuntu 20.04 LTS)
- 2 service tiers: one with no-filtering, vanilla DNS experience and one with pure malware and phishing blocklists
- Same but current unbound, but blocklists are not unbound zones
- encrypted-dns-server replaced dnscrypt-wrapper
- blocklists are documented on github and easy to check what they block, what's the source and how many domains are there. Update script is shared.
- same vnstati traffic charts, but also new prometheus/grafana charting, see Performance page.
- Ghost has replaced Wordpress
- Dogfooding of this is extensive: all my family's mobile devices are using it, as well as home network directs all traffic to pihole which excelusively uses dnscrypt.pl-guardian
I put much faith in this setup and I encourage everybody to test it out, make the switch, ditch the old one and contact me for whatever reason you like.
One more thing
I'm thinking of deploy more extensive blocklists, perhaps a paid service, not sure yet, I need to figure it out. Since mid-2017 I've had no external funding and I'm trying to run a smooth and efficient fleet here. I hope I can bring good quality and, as I always wanted, grow the service to host another server in Warsaw.