Using anycast ip address instead of domain name
Greetings, many users including me have problems at the initiating stage of DoH:
- When local DNS blocking dns.nextdns.io;
- When local DNS is out of reach, e.g. combining with a VPN service.
This is especially a problem after the Ultra-Low-Latency feature. To solve this once for all, I recommend using a anycast ip with tls cert (like https://1.1.1.1) instead of the domain name dns.nextdns.io in any case or at least for the initiating stage of Ultra-Low-Latency.
If you decide to adopt this only for Ultra-Low-Latency, there's even no need to buy a tls cert for your ip. You can just use a self-signed cert and pin it into your apps :)
2 replies
-
Yuguo said:
You can just use a self-signed cert and pin it into your apps :)But what about people that use a macOS/iOS profile generated by NextDNS (instead of an App)?
Or the CLI client?
-
Rob Well a paid ssl cert for ip address is of course better
, and this doesn't affect the domain-name implement we're using now.
-
Content aside
- 3 yrs agoLast active
- 2Replies
- 291Views
-
2
Following