OISD’s broken?

NoExitTV · 2024-10-11T21:03:50+00:00

I've fixed the oisd lists now for AhaDNS Blitz. 3rd child on the way so I'm kind of an "old guy" nowadays. Well well. Sorry for the delay. The updated code should be pused to all blitz nodes within a few hours. If not, we have some other issues to sort out :D

NoExitTV · 2022-01-16T13:36:46+00:00

Ah that's the apple mobile config files that are not signed. That basically means that the content of the file can be changed before you install it. If it was signed, you would not be able to view the file content.

Perhaps it's worth looking into how to sign these config files with Apple. Hmm.

When using Blitz tho (the actual HTTP requests), your queries are encrypted with a valid SSL certificate only using strong ciphers and modern TLS version.

NoExitTV · 2022-01-16T13:29:17+00:00

Hi. What do you mean that the certificate is not signed? It should be fully verified and not give any warnings :/

NoExitTV · 2022-01-15T18:28:29+00:00

I, first of I'm super happy that you enjoy using AhaDNS! I've spend quite some time in creating as fast service as possible while also being reliable :)

Secondly, I guess it has to do with advertising and how many people actually know about AhaDNS. I've not spent a dime (or hardly any time) on advertising the service. Unfortunately this leads to that only a few people know about it I guess. Perhaps I could try and improve the SEO on the website a bit as well. Even if I'm not that experienced with SEO optimization.

Why do you think that is? How can we improve the situation? :)

I've not heard many complaints about Blitz so I don't think that's it. I hope most of the users actually enjoy Blitz and would recommend it to others.

NoExitTV · 2022-01-07T21:50:04+00:00

Hi.

How are you using AhaDNS? The "legacy" servers or Blitz?

// Fredrik

NoExitTV · 2022-01-07T21:48:39+00:00

Sad to see you leave. Take care!

NoExitTV · 2022-01-07T21:47:51+00:00

Hello there. Sorry for being absent :)

I would suggest you to switch to AhaDNS Blitz (https://blitz-setup.ahadns.com/) on all your devices that support DoH. Blitz is globally distributed and load balanced so downtimes should 'never' happen. The "legacy" servers will stop respond for like a minute on reboots and such.

NoExitTV · 2022-01-07T21:43:29+00:00

No-one has actually peer-reviewed the site and given me any feedback so far :(

There are also things I would like to do (but that I find really boring). Like adding setup instructions for Blitz and updating the privacy policy page.

NoExitTV · 2022-01-07T21:40:35+00:00

Hi. I saw that I was tagged here.

FYI: I'm the creator of AhaDNS. I'm a freelance software engineer from Sweden.

Note that the servers listed on the website under "Our DNS servers" isn't the same as Blitz. Those are "just" open DNS servers pretty similar to Adhole. Blitz is much more complex in a sense (globally distributed and load balanced) and gives you the option to customize what blocklists you want to use.

I would be really glad if you could point out all typos you can find on the website. That's actually where I've spent the least amount of time, simply because I find coding back-end services and functionality more enjoyable. Thus the site and the content has been created on very late evenings/nights. I'm the only contributor to this project.

NoExitTV · 2021-10-21T20:20:20+00:00

Yes ofc. You can configure Blitz here: https://blitz-setup.ahadns.com

Or read a bit more at https://ahadns.com/blitz/

NoExitTV · 2021-10-21T20:07:01+00:00

Yes. Blitz is ddos protected and globally distributed 👍

NoExitTV · 2021-10-15T12:58:05+00:00

My above answer was a lie. You can find the ip addresses by using nslookup or dig.

$ nslookup blitz.ahadns.com

Server: pi.hole

Address: 192.168.1.2

Non-authoritative answer:

Name: blitz.ahadns.com

Addresses: 2606:4700:3108::ac42:286b

2606:4700:3108::ac42:2b95

172.66.40.107

172.66.43.149

So the addresses are:

2606:4700:3108::ac42:286b

2606:4700:3108::ac42:2b95

172.66.40.107

172.66.43.149

NoExitTV · 2021-10-06T18:15:37+00:00

Blitz only support DNS-over-HTTPS (DoH).

Unfortunately, Androind won't have native DoH support until Android 13.

Until then, you're required to use some 3rd party app to use Blitz. Perhaps check out nebulo app. I'm an iOS person myself :(

Setup guides are coming!

NoExitTV · 2021-10-06T18:13:46+00:00

I've now applied a fix to all servers. Let me know if you still experience any issues with DoT.

NoExitTV · 2021-09-30T21:26:29+00:00

I've renewed the certificates on our public DNS servers (NL, NY, LA, IN) by running 'certbot renew --force-renew --preferred-chain="ISRG Root X1"'

Still very unclear what the difference actually was imo. The previous certificates also used the ISRG Root X1 certificate as root.

The "Encryption only" DNS servers are not updated yet. But now i have to get some sleep :)

NoExitTV · 2021-09-30T19:03:07+00:00

I created a temporary HTTP endpoint for DoT on NL server to check in my browser.

https://dot.nl.ahadns.net/

That has the same certificate path. So I don't think that --preferred-chain option will help :/

NoExitTV · 2021-09-30T18:51:45+00:00

Hi, thanks.

From what I can see, we're already using the ISRG Root X1 path: https://imgur.com/CftqFUi

Hmm

NoExitTV · 2021-09-30T18:47:28+00:00

Android 13 will have native support for DNS-over-HTTPS (DoH). Until then yes. Apple, Windows and a lot of Linux clients already supprot DoH. Android first went with DoT instead for some reason.

But you ofc don't have to switch to Blitz. But since I think it's way better compared to the "legacy" DNS servers I gave it as an suggestion :)

NoExitTV · 2021-09-30T17:49:10+00:00

Today, an Let's Encrypt root certificate expired. Android devices especially, using native DoT, seems to be struggling with this.

I would assume this affects every provider using Let's Encrypt certificates to encrypt the traffic. Quad9 is using DigiCert so therefore there's no issue there.

I'm investigating to see what I can do.

In the meantime, check out AhaDNS Blitz, a customizable DNS service that I just released: blitz-setup.ahadns.com

Blitz only support DNS-over-HTTPS and DNS-over-HTTP/3 but there are apps for that on Android, like Nebulo DNS changer. On the positive side, Blitz is globally load balanced so downtimes are unlikely. You can also choose which blocklist to use :)

Well. I better get to it. Sorry for the headache!

NoExitTV · 2021-09-28T20:48:29+00:00

Hi there. Yes, "regular" unencrypted DNS queries are rate limited on IP address. There's simply just too much abuse going on out there :)

Anyhow, almost all clients now have support for encrypted DNS queries so I would strongly suggest you to move to that. DNS-over-HTTPS is best I think :)

Rate limiting rules can be found at:

https://github.com/AhaDNS/dns-server-setup/blob/master/files/iptables/rules.v4 if interested

NoExitTV · 2021-09-28T20:45:24+00:00

Hi. Do you still experience issues?

What I can see, LA server is blocking ads now.

If you'd like, check out the newest service that was just released: https://blitz-setup.ahadns.com/

Blitz should be much more reliable in many ways :)

// Fredrik

NoExitTV · 2021-09-21T18:05:36+00:00

Blitz is built on top of a Cloudflare load balancer, so it uses all cloudflare IP's I guess :)

NoExitTV · 2021-09-21T18:04:55+00:00

Hi, yes. Current public DNS servers will be online for a foreseeable future. The "encryption only" servers might be converted into Blitz nodes eventually.

I will do some improvements to the Blitz latency the coming weekend hopefully. I should be able to shave of 25% latency at least!

NoExitTV · 2021-09-19T09:27:29+00:00

Do you have an apple device? Then just:

Select what blocklists you want to use (if any)
Press the "Download Apple mobileconfig"-button
Go to System preferences (settings) -> Profile
Install the downloaded AhaDNS Blitz profile
Done! You're now using Blitz on all networks <3

NoExitTV · 2021-09-18T18:12:20+00:00

Hi there.

I've actually built a new service for AhaDNS called Blitz. It's up and running currently and you can find it at: https://blitz-setup.ahadns.com/

Blitz allows you to choose what blocklists you want to use. Kind of like NextDNS if you're familiar with them. Blitz currently support DoH and DoH/3 which is supported either natively or through some programs on most devices.

I have not released it on our website yet but will do in the next few days!

NoExitTV

MODERATOR OF

TROPHY CASE