Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Global traffic director / GeoDNS
New on LowEndTalk? Please Register and read our Community Rules.

Global traffic director / GeoDNS

I am thinking about doing a little project to kill my boredom.

Currently, I have a server in NL, and In the US. Does anyone have some good articles, about creating a GeoDNS, Global traffic director? Also, any articles explaining in detail how they work would be greatly appreciated.

Comments

  • NeoonNeoon Member
    edited June 5

    You can use geolite/maxmind whatever the fuck is called, to identify the request origin.
    However, they are fucking not precise, if you wanna nuke america, good enough, or europe, but you ain't gonna hit cities or states.

    So for your use case, I guess simple, go pickup bind9 with geodns.
    However, you can't fix geo targeting issues, except you rebuild the entire database.

    Someone even suggested https://github.com/gdnsd/gdnsd but I never could put my hands on it yet.

    Can't recommend https://github.com/abh/geodns has DoS issue.

    Thanked by 2skorupion alilet
  • tester4tester4 Member
    edited June 5

    AWS Route53, has latency based routing that works effectively, better than simple GeoDNS and will route users to the closest node to them. Costs something like $1/m.

  • Daniel15Daniel15 Member

    I've used the PowerDNS GeoIP feature for this, and it works well: https://doc.powerdns.com/authoritative/backends/geoip.html. For more advanced functionality, you can use their Lua support: https://doc.powerdns.com/authoritative/lua-records/ which can do things like weighted routing, or avoid routing to particular servers if they're down.

    Thanked by 1FrankZ
  • FrankZFrankZ Member
    edited June 5

    @Daniel15 said: I've used the PowerDNS GeoIP feature for this, and it works well: https://doc.powerdns.com/authoritative/backends/geoip.html. For more advanced functionality, you can use their Lua support: https://doc.powerdns.com/authoritative/lua-records/ which can do things like weighted routing, or avoid routing to particular servers if they're down.

    If I have web server A,B,C,D, E can I geo route domain #1 to web servers A,C,D and domain #2 to web servers A,B,C,D, E at the same time with this?

    EDIT: and how much RAM does it use with these features?

  • NeoonNeoon Member

    @tester4 said:
    AWS Route53, has latency based routing that works effectively, better than simple GeoDNS and will route users to the closest node to them. Costs something like $1/m.

    I was thinking about building my own latency based dns.
    Sadly, most of the Providers here don't like when you scan the entire internet.

    I guess if you want to go latency based, go with Route53.

  • tetechtetech Member

    @FrankZ said:

    @Daniel15 said: I've used the PowerDNS GeoIP feature for this, and it works well: https://doc.powerdns.com/authoritative/backends/geoip.html. For more advanced functionality, you can use their Lua support: https://doc.powerdns.com/authoritative/lua-records/ which can do things like weighted routing, or avoid routing to particular servers if they're down.

    If I have web server A,B,C,D, E can I geo route domain #1 to web servers A,C,D and domain #2 to web servers A,B,C,D, E at the same time with this?

    EDIT: and how much RAM does it use with these features?

    Yes, use the aforementioned LUA records. RAM minimal, runs OK in <256MB container.

    Thanked by 1FrankZ
  • tetechtetech Member

    @Neoon said:

    @tester4 said:
    AWS Route53, has latency based routing that works effectively, better than simple GeoDNS and will route users to the closest node to them. Costs something like $1/m.

    I was thinking about building my own latency based dns.
    Sadly, most of the Providers here don't like when you scan the entire internet.

    I guess if you want to go latency based, go with Route53.

    Can probably use BGP lookups rather than scanning?

  • NeoonNeoon Member

    @tetech said:

    @Neoon said:

    @tester4 said:
    AWS Route53, has latency based routing that works effectively, better than simple GeoDNS and will route users to the closest node to them. Costs something like $1/m.

    I was thinking about building my own latency based dns.
    Sadly, most of the Providers here don't like when you scan the entire internet.

    I guess if you want to go latency based, go with Route53.

    Can probably use BGP lookups rather than scanning?

    I need data, which I can only get by scanning the entire internet.
    BGP just helps by providing announced ranges.

  • Daniel15Daniel15 Member
    edited June 5

    @tetech said:

    @FrankZ said:

    @Daniel15 said: I've used the PowerDNS GeoIP feature for this, and it works well: https://doc.powerdns.com/authoritative/backends/geoip.html. For more advanced functionality, you can use their Lua support: https://doc.powerdns.com/authoritative/lua-records/ which can do things like weighted routing, or avoid routing to particular servers if they're down.

    If I have web server A,B,C,D, E can I geo route domain #1 to web servers A,C,D and domain #2 to web servers A,B,C,D, E at the same time with this?

    EDIT: and how much RAM does it use with these features?

    Yes, use the aforementioned LUA records. RAM minimal, runs OK in <256MB container.

    Yeah RAM usage is pretty small. Use SQLite or LMDB for the lowest resource usage. I'm using MySQL on my primary server and SQLite on the secondaries. You can use regular BIND zone files too.

    Thanked by 1FrankZ
  • lanefulanefu Member

    Not DNS but maybe interesting.

    I made this URL redirect tool that supports geoip and has a lookup table for custom paths

    https://github.com/armbian/dl-router

  • tetechtetech Member

    @Daniel15 said:

    @tetech said:

    @FrankZ said:

    @Daniel15 said: I've used the PowerDNS GeoIP feature for this, and it works well: https://doc.powerdns.com/authoritative/backends/geoip.html. For more advanced functionality, you can use their Lua support: https://doc.powerdns.com/authoritative/lua-records/ which can do things like weighted routing, or avoid routing to particular servers if they're down.

    If I have web server A,B,C,D, E can I geo route domain #1 to web servers A,C,D and domain #2 to web servers A,B,C,D, E at the same time with this?

    EDIT: and how much RAM does it use with these features?

    Yes, use the aforementioned LUA records. RAM minimal, runs OK in <256MB container.

    Yeah RAM usage is pretty small. Use SQLite or LMDB for the lowest resource usage. I'm using MySQL on my primary server and SQLite on the secondaries. You can use regular BIND zone files too.

    In that case I guess you are using AXFR. Do you have any problem with that combination where PDNS doesn't act on the NOTIFY messages, i.e. doesn't initiate an AXFR? I've found that combo to be unreliable (works "most" of the time) but everything else works, e.g. MySQL replication in the backend -> OK, PDNS -> BIND NOTIFY is OK, BIND -> PDNS NOTIFY is OK, etc.

  • Daniel15Daniel15 Member
    edited June 6

    @tetech said: In that case I guess you are using AXFR.

    Right. I previously ran MySQL on all servers and used MySQL replication, which was rock solid. MySQL hogs a lot of RAM though... I reduced memory usage on some of the servers quite a bit by switching from MySQL to SQLite: https://d.sb/2021/06/firefox_05-22.08.11.png (graph is combined PowerDNS + MySQL RAM usage).

    I'm still using MySQL on the primary server though, along with PowerDNS-Admin as a web UI.

    @tetech said: Do you have any problem with that combination where PDNS doesn't act on the NOTIFY messages, i.e. doesn't initiate an AXFR?

    I haven't had issues with it. I added some new records today and they were pushed to all secondaries within 20 seconds or so. You can run pdns_control notify "*" to re-notify for every domain if you ever experience issues.

  • JordJord Moderator, Provider

    GDNSD is prem. We use it for our pods.

    We split it up, EU and USA. So they will return IPs closest to you. Works really well. Not much RAM usage either.

    Uses the Maxmind DB but for us it works just fine.

    BillingServ - Easy, simple, and hassle-free online invoicing solution. Contact us today.
    BaseServ Certified to ISO/IEC 27001:2013

  • FrankZFrankZ Member
    edited June 6

    @Jord said:
    GDNSD is prem. We use it for our pods.

    We split it up, EU and USA. So they will return IPs closest to you. Works really well. Not much RAM usage either.

    Uses the Maxmind DB but for us it works just fine.

    I agree that gDNSd works really well after using it for the past few years since @Foul turned me on to it.
    I switched from Maxmind to the db-ip.com DB with latitude and longitude which works better for me. Was a bit disappointed with Maxmind after they removed the longitude and latitude from the free DB and wanted you to login to download.

    EDIT: I also geocast the dns servers themselves which surprisingly also seems to work after the 1st lookup.

    Thanked by 1Foul
  • skorupionskorupion Member

    Ok, so I will most likely use gDNSd + probably MySQL, as those servers are 1 GB RAM+
    Later on, I might try to pull this off via NAT VPSs bundle and see if I can pull it off with SQL lite

  • tetechtetech Member

    @Daniel15 said:

    @tetech said: Do you have any problem with that combination where PDNS doesn't act on the NOTIFY messages, i.e. doesn't initiate an AXFR?

    I haven't had issues with it. I added some new records today and they were pushed to all secondaries within 20 seconds or so. You can run pdns_control notify "*" to re-notify for every domain if you ever experience issues.

    Mine are similarly AXFR'ed promptly in general (which rules out any sort of firewall misconfig), but on a small percentage of times the NOTIFY reaches the slave, then the slave takes no action to initiate an AXFR.

    My tests so far suggest that pdns_notify <ip-address> domain.com works more reliably than pdns_control notify domain.com, but I'm not sure why there would be such a difference. I wondered if I was hitting a TCP connection limit but I increased that pretty high on both ends. On the master in this case I use BIND backend, so that is clearly one difference from you, but again the slave runs SQLite and the issue seems to be on the slave.

    My guess at the moment is there's something in the SOA check, maybe a cache timing thing.

  • lentrolentro Member, Provider

    This reminded me... I was managing a site with $125+/month AWS Route 53 charges :joy:

    Keep in mind AWS charges will also scale as you do. Good to get started with $300 credits but never become so dependent that you are vendor-locked

  • @lentro said: This reminded me... I was managing a site with $125+/month AWS Route 53 charges

    What do you suggest as an alternative to Route53 if you want to do GeoDNS?

  • tetechtetech Member

    @stevewatson301 said:

    @lentro said: This reminded me... I was managing a site with $125+/month AWS Route 53 charges

    What do you suggest as an alternative to Route53 if you want to do GeoDNS?

    It depends on number of domains, volume (queries), and price tolerance.

  • lentrolentro Member, Provider

    @stevewatson301 said: alternative

    I believe CloudFlare is one if you are willing to use them as a reverse proxy to your origin servers: https://developers.cloudflare.com/load-balancing/understand-basics/traffic-steering#dynamic-steering

    I don't remember the exact cost but you can activate CloudFlare load balancing w/origin servers for like $20/month or smth like that

  • Daniel15Daniel15 Member

    @stevewatson301 said:

    @lentro said: This reminded me... I was managing a site with $125+/month AWS Route 53 charges

    What do you suggest as an alternative to Route53 if you want to do GeoDNS?

    ClouDNS have a GeoDNS plan that starts at $9.95/month: https://www.cloudns.net/geodns/. I haven't tried their GeoDNS service, but in my experience they're fairly open in terms of custom plans - I used to have a custom paid plan with 50 zones because their small plan (25 zones) was too small and their medium plan (75 zones) was too expensive.

  • Daniel15Daniel15 Member

    @tetech said: Mine are similarly AXFR'ed promptly in general (which rules out any sort of firewall misconfig), but on a small percentage of times the NOTIFY reaches the slave, then the slave takes no action to initiate an AXFR.

    Are you sure the serial in the SOA has changed? Check the SOA record on your primary vs on your secondary. Editing the domain through the PowerDNS API will automatically bump the serial, but I'm not sure what happens when using BIND zone files - you might have to manually bump it in the zone file or run pdnsutil increase-serial to bump it.

  • tetechtetech Member

    @Daniel15 said:

    @tetech said: Mine are similarly AXFR'ed promptly in general (which rules out any sort of firewall misconfig), but on a small percentage of times the NOTIFY reaches the slave, then the slave takes no action to initiate an AXFR.

    Are you sure the serial in the SOA has changed? Check the SOA record on your primary vs on your secondary. Editing the domain through the PowerDNS API will automatically bump the serial, but I'm not sure what happens when using BIND zone files - you might have to manually bump it in the zone file or run pdnsutil increase-serial to bump it.

    Yes, serial is fine. In fact, the way I notice a problem is that I have a naemon alert telling me when the SOA serial is out of sync between master and slave.

    My current theory is that the master may cache the SOA record (and thus the old serial). I've added a pdns_control purge before the NOTIFYs are sent and will leave it running like that for a week or so.

  • PUSHR_VictorPUSHR_Victor Member, Provider

    GDNSD is great. Pitfalls are that main config does not overlap processes properly and you may experience a second or two of downtime when updating maps. You will also need to handle the sync between your servers yourself (zone transfers). You will need a MaxMind account to get GeoIP updates, which you should also handle yourself. It is a great tool to build upon if you have the use case. Very performant, stable and reliable, but probably not the best if you want something that just works.

    Founder and CTO @ PUSHR

  • NeoonNeoon Member
    edited June 8

    I build something the last days, regarding a latency based dns setup like AWS 53.

    So I may present you the latency-geolocator-4550 Premium Edition.
    https://github.com/Ne00n/latency-geolocator-4550

    Does it work? It looks like it, the results look pretty promising.
    Except, that I had literally ping the entire internet, just the get the core data you need for the routing.

    Testdomain as always: destinycdn.science
    Currently its only a 2 POP POC (NY/NL)

    RIPE Atlas gave me good results, from my view, better than maxmind geolite.

    Thanked by 2FrankZ bdl
  • FrankZFrankZ Member

    Neoon - Thank you for sharing. It looks pretty good at first glance. I have just finished setting up the latency-geolocator-4550 Premium Edition and downloaded the ASN data. I'll run it tomorrow when I can watch it.

    Does it only work for two locations, or can I add more?

  • NeoonNeoon Member
    edited June 9

    @FrankZ said:
    Neoon - Thank you for sharing. It looks pretty good at first glance. I have just finished setting up the latency-geolocator-4550 Premium Edition and downloaded the ASN data. I'll run it tomorrow when I can watch it.

    Does it only work for two locations, or can I add more?

    You need more, you need a masscan dump, to know which IP's are pingable.
    Means, you would need to ping the entire interwebs, took about 21 hours here at 50kpps.

    Can't upload that we talk about 60GB of raw data.
    However, I may provide the pingable.json file which is only about 1gig.

    You can add as many POP's as you want, it takes about 2-3 hours to generate the final latency data, so the mapping for gsdns can be created.

    Known issue still is, some subnets are not pingable, most of them are, so I did not address this yet, if it dosen't resolve, then likely you hit a non exsting datapoint.

    Thanked by 1FrankZ
  • NeoonNeoon Member

    So, just got a Server in Kazakhstan, network is growing.
    Network now has 10 POP's soon 11 if Kazakhstan goes online.

    At this early stage, some routing issues.
    Google is behaving savage.

    But the thread memory is cut by 75%.
    Loading a 300MB json file into a python3 dict is a idiotic idea.

    It uses up to 4 times as much memory, so did offload it now to a sqlite3 in memory databases which uses 75% less, still to much.

    gdnsd is working well, except it dosen't reload the config file.
    If you add a new POP it crashes, sad.

  • salakissalakis Member

    I am quite happy with G-Core, their DNS service is in beta and currently free for 10M queries per month. GeoDNS works pretty well for me.

  • NeoonNeoon Member

    After a few changes and code optimizations plus a few pops moah.


    Looks better then before.

Sign In or Register to comment.