Cloudflare always go via sydney?

Forums › IT Pro and developers › Cloudflare always go via sydney?

1 | 2 | 3

3926 posts

Uber Geek
+1 received by user: 759

Trusted

#2319150 17-Sep-2019 13:05

BarTender:

Brumfondl:

freitasm: Unless your ISP doesn't want it, hence my question to the OP.

And if you are with Spark the answer is also No as sometimes it seems to be Tokyo or Osaka or somewhere else that most definitely isn't New Zealand :/

The events of Christchurch and the ongoing lack of any meaningful action on significant proportion of vile content they protect on the internet means that Spark will most likely never peer with Cloudflare.

I know you geeks may not like it, but it is the reality that Spark have a moral compass when it comes to Christchurch and other ISPs don't.

You mean supporting meaningless censorship so they can make a PR announcement and get free press for the "moral highground"?

Back to the topic, I guess the world has moved on from peering being such a big issue. If Spark wants to pay to get content from other countries and degrade their users' experience that is their choice.

Speedtest 2019-10-14

hio77

'That VDSL Cat'
13036 posts

Uber Geek
+1 received by user: 3896

ID Verified

Trusted

Lizard Networks

Subscriber

#2319152 17-Sep-2019 13:07

i still dont understand the move to "secure DNS"

what are you trying to secure yourself from by moving your queries further away?

Your simply opening yourself up to sources such as Akamai which use dns to point you to the right place, preforming badly.

if your concern is latency for a request, then keep it local....

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

Sounddude

I fix stuff!
1935 posts

Uber Geek
+1 received by user: 640

Trusted

2degrees

Lifetime subscriber

#2319155 17-Sep-2019 13:11

hio77:

i still dont understand the move to "secure DNS"

Stops censor ship. Takes the control away from the ISP and Govt regulation and into the control of large corporates who think they are doing the best thing for the Internet and free speech.

hio77

'That VDSL Cat'
13036 posts

Uber Geek
+1 received by user: 3896

ID Verified

Trusted

Lizard Networks

Subscriber

#2319160 17-Sep-2019 13:20

Sounddude:

hio77:

i still dont understand the move to "secure DNS"

Stops censor ship. Takes the control away from the ISP and Govt regulation and into the control of large corporates who think they are doing the best thing for the Internet and free speech.

i got that much.

I suppose my question was more, Do people that make this choice, Understand the downsides that go with it?

I highly suspect not. Part of that driven by the fact that ISP's in America are just plain bad...

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

BarTender

3629 posts

Uber Geek
+1 received by user: 2572

ID Verified

Trusted

Lifetime subscriber

#2319192 17-Sep-2019 14:17

Jarsky:

...

Not very good for a Spark Customer trying to have a secure network.

...

But if you want to have an optimised experience and use local Content Delivery Network hosts then you should use the ISP supplied DNS servers.

As I can see shortly complaints about why all things coming from Akamai are incredibly slow.

BarTender

3629 posts

Uber Geek
+1 received by user: 2572

ID Verified

Trusted

Lifetime subscriber

#2319195 17-Sep-2019 14:20

Sounddude:

BarTender:

I know you geeks may not like it, but it is the reality that Spark have a moral compass when it comes to Christchurch and other ISPs don't.

really? you truly going to say that?

wow.

Yeah I am, sorry Cloudflare have supported and continue to support the vast majority of the vile on the internet, have absolutely no interest in doing anything about it as they profit from it.

The fact you can't see they are a horrible company with zero ethics or moral compass isn't my fault.

Mighty Ape

Shop now at Mighty Ape (affiliate link).

Jarsky

142 posts

Master Geek
+1 received by user: 39

#2319198 17-Sep-2019 14:24

I prefer to do my own DNS sinkholing so I use open recursive resolvers. I'm a big advocate for an 'open' internet. I don't want my ISP/Govt telling me what sites I can and can't visit. They also sometimes get it wrong by blocking legitimate sites such as gyazo and bit.ly

For security against devices with DNS hijacking from Malware etc..and DNS reflection attacks...I block all external DNS except for ISP, Google & Cloudflare.

I then have DoH setup to avoid MitM attacks between me and the resolver.

Generally CDN's arent an issue with Google, Cloudflare & Quad9 using anycast so 99% of the time you're still getting local content anyway.

BarTender

3629 posts

Uber Geek
+1 received by user: 2572

ID Verified

Trusted

Lifetime subscriber

#2319210 17-Sep-2019 14:39

Jarsky:

I prefer to do my own DNS sinkholing so I use open recursive resolvers. I'm a big advocate for an 'open' internet. I don't want my ISP/Govt telling me what sites I can and can't visit. They also sometimes get it wrong by blocking legitimate sites such as gyazo and bit.ly

For security against devices with DNS hijacking from Malware etc..and DNS reflection attacks...I block all external DNS except for ISP, Google & Cloudflare.

I then have DoH setup to avoid MitM attacks between me and the resolver.

Generally CDN's arent an issue with Google, Cloudflare & Quad9 using anycast so 99% of the time you're still getting local content anyway.

But Akamai WILL be an issue as they base their local CDN host off the source IP of the DNS server that sends them the request to resolve the content. So it is extremely likely you will be directed to an offshore Akamai node.

Most major streaming service outside YouTube or Netflix will tend to use Akamai such as but not limited to TVNZOD, 3OD/All Mediaworks, Sky, Neon, Lightbox, Spark Sports, Microsoft, Apple and the list goes on and on. So when you have issues with streaming or downloads off Akamai it please don't ring up your ISP and complain.

Jarsky

142 posts

Master Geek
+1 received by user: 39

#2319260 17-Sep-2019 15:38

BarTender:

But Akamai WILL be an issue as they base their local CDN host off the source IP of the DNS server that sends them the request to resolve the content. So it is extremely likely you will be directed to an offshore Akamai node.

Most major streaming service outside YouTube or Netflix will tend to use Akamai such as but not limited to TVNZOD, 3OD/All Mediaworks, Sky, Neon, Lightbox, Spark Sports, Microsoft, Apple and the list goes on and on. So when you have issues with streaming or downloads off Akamai it please don't ring up your ISP and complain.

Not an issue with Anycast and BGP, my content for all those services still comes from primarily Auckland, Sydney, Melbourne.

freitasm

BDFL - Memuneh
80652 posts

Uber Geek
+1 received by user: 41038

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2319281 17-Sep-2019 16:08

Or could be even faster and come from your within your ISP or closer.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

Sounddude

I fix stuff!
1935 posts

Uber Geek
+1 received by user: 640

Trusted

2degrees

Lifetime subscriber

#2319284 17-Sep-2019 16:12

BarTender:

Yeah I am, sorry Cloudflare have supported and continue to support the vast majority of the vile on the internet, have absolutely no interest in doing anything about it as they profit from it.

The fact you can't see they are a horrible company with zero ethics or moral compass isn't my fault.

I don't disagree with what you say about cloudflare.

I disagree that Spark that having a moral compass is anything to do with not peering with them.

Lego

Shop now for Lego sets and other gifts (affiliate link).

Talkiet

4819 posts

Uber Geek
+1 received by user: 3934

Trusted

#2319285 17-Sep-2019 16:13

Sounddude:

hio77:

i still dont understand the move to "secure DNS"

Stops censor ship. Takes the control away from the ISP and Govt regulation and into the control of large corporates who think they are doing the best thing for the Internet and free speech.

I'm presuming this is just a subtle joke really. I'm not sure I trust large corporates any more than I trust ISPs or Govt regulations.

The difference is of course that governments literally have legitimate authority in this area and large corporates don't... If you (or anyone) trust large corporate entities to act consistently in the best interests of "The Internet" and "Free speech" then I have a bridge to sell :-)

Cheers - N

Please note all comments are from my own brain and don't necessarily represent the position or opinions of my employer, previous employers, colleagues, friends or pets.

BarTender

3629 posts

Uber Geek
+1 received by user: 2572

ID Verified

Trusted

Lifetime subscriber

#2319373 17-Sep-2019 19:00

Jarsky: Not an issue with Anycast and BGP, my content for all those services still comes from primarily Auckland, Sydney, Melbourne.

I don't think you understand or want to understand how Akamai delivers service. As they don't use Anycast for CDN resolution so I am not sure why you keep on bringing it up.
I think it's been nicely summed up by @Talkiet saying really if you trust US corporations like Cloudflare or Google with their extremely questionable behavior around privacy and security more than the NZ Government or your local ISP then I think you've been drinking the Kool aid a bit too much.

BarTender

3629 posts

Uber Geek
+1 received by user: 2572

ID Verified

Trusted

Lifetime subscriber

#2319375 17-Sep-2019 19:02

Sounddude: I don't disagree with what you say about cloudflare.

I disagree that Spark that having a moral compass is anything to do with not peering with them.

Cloudflares response to Christchurch is why there is no chance of it ever happening in the future.

Jarsky

142 posts

Master Geek
+1 received by user: 39

#2319493 17-Sep-2019 21:12

BarTender:
Jarsky: Not an issue with Anycast and BGP, my content for all those services still comes from primarily Auckland, Sydney, Melbourne.

I don't think you understand or want to understand how Akamai delivers service. As they don't use Anycast for CDN resolution so I am not sure why you keep on bringing it up.
I think it's been nicely summed up by @Talkiet saying really if you trust US corporations like Cloudflare or Google with their extremely questionable behavior around privacy and security more than the NZ Government or your local ISP then I think you've been drinking the Kool aid a bit too much.

I never said that how's Akamai works mate.
I was referring to Google/CF DNS.

1 | 2 | 3