0

Using anycast ip address instead of domain name

Greetings, many users including me have problems at the initiating stage of DoH:

  1. When local DNS blocking dns.nextdns.io;
  2. When local DNS is out of reach, e.g. combining with a VPN service.

This is especially a problem after the Ultra-Low-Latency feature. To solve this once for all, I recommend using a anycast ip with tls cert (like https://1.1.1.1) instead of the domain name dns.nextdns.io in any case or at least for the initiating stage of Ultra-Low-Latency.

If you decide to adopt this only for Ultra-Low-Latency, there's even no need to buy a tls cert for your ip. You can just use a self-signed cert and pin it into your apps :)

2replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
    • Rob
    • iOS Developer
    • Rob
    • 9 mths ago
    • Reported - view
    Yuguo said:
    You can just use a self-signed cert and pin it into your apps :)

     But what about people that use a macOS/iOS profile generated by NextDNS (instead of an App)?

    Or the CLI client?

    Like
      • Yuguo
      • Yuguo
      • 9 mths ago
      • Reported - view

      Rob Well a paid ssl cert for ip address is of course better 😄 , and this doesn't affect the domain-name implement we're using now.

      Like
Like Follow
  • 9 mths agoLast active
  • 2Replies
  • 127Views
  • 2 Following