All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Coinshost - weird DDoS protection / traffic shaping
Today I've noticed my VPS suddenly has no ICMP and 80% lossy outbound connectivity (30-60 second delays for TCP connections), iperf with an OVH server has showed I have ~1Kbit/s, but I was able to connect to the VPS via SSH.
Asked their support about the situation and they responded:
Which protocols/ports do you use for outbound connections? Since you are able to access your VPS via ssh, then network is working both ways.
As a part of DDoS protection, all our VPS have some protocol restrictions, such as:
-ICMP is blocked
-extrenal DNS servers are blocked. You have to use our DNS servers only: 46.28.201.21 & 46.28.201.22
-external NTP servers are blocked. Please, use our NTP servers 46.28.201.22 if you need NTP service.
Other than that, we do not block any ports.First, check your DNS config please. Then try to restart VPS, and see if the problem persists. If so, please post here:
1) cat /etc/resolf.conf
2) curl -I -k google.com (or any other outbound site)
3) mtr 8.8.8.8 (or any other outbound ip)Please also provide tcpdump output captured during your try to reach any outbound resource.
which turned out to be true.
I had google DNS in my /etc/resolv.conf and changed nameservers to theirs, after what got the network "stable".
I think this is quite unreliable protection mechanism, because once their NS go down due to hardware failure or DDoS attack, all customers will experience horrible network lags.
Moreover, we can't monitor servers health using ICMP protocol and depend on 1 NTP server, which may fail anytime.
Don't you guys think it's a little bit paranoid configuration? I think i will move away from them, this is very inconvenient.
Comments
use theirs as your primary and google as fallback?
Means I can't use Google DNS as fallback, but I wish to.
Never seen a host go as far as blocking external DNS server before.
Sounds like a joke of provider if they need to go to that level, it's probably not for ddos protection they are most likely logging DNS queries and censoring DNS lookups.
Personally if I was hosting there I would just cancel and move to a different host.
Could be simple ICMP and UDP block.
Don't most client resolvers fallback to TCP when UDP is not available?
Never heard of this host before and that 'protection' is absolute nonsense. Stop wasting your time.
@AMXRT
Just read through their (and incloudibly's) web site. If you have even just a rudimentary technical understanding of hosting and DDOS-protection you'll probably come to the most sensible conclusion which is to leave them. You'll get much better protection (which isn't hard anyway) elsewhere, e.g. OVH but I've seen other providers here too who seem to offer some real protection.
I don't need a DDoS protection, it seems that these measures exist only to protect their own
infrastructure, which is probably using shitty pre-2005 networking hardware not suitable for large bandwidth. Thanks for recommending OVH, I already know them, but I only go with hosters that accept cryptocurrencies.
They block DNS protocol on application layer.
Don't think so, not in my experience, but maybe some do.
You can use DNSCrypt with cloudflare or google or whoever you trust with your DNS. That is TCP and port 443 so they can't block it
Use one of their reseller then. Most of them accept crypto payments.