Auckland PoP seems to be online https://www.cloudflarestatus.com/

It's anycast routed so depends on your ISPs routing setup and the usual Internet factors. Presumably to get maximum traffic some sort of bilateral peering arrangement between your ISP and Cloudflare is needed. I'm also getting routed to Sydney right now but things are fast enough here not to be noticeable.

yitz:

 

Presumably to get maximum traffic some sort of bilateral peering arrangement between your ISP and Cloudflare is needed.

 

That's correct - Cloudflare only announce things like DNS and the portal IPs via route servers on peering exchanges. A bilateral peering is required to receive routes for the anycast proxy IPs. It's very, very simple to get that setup, though.

Cloudflare doesn't buy Transit in NZ, which means if your ISP's is one who doesn't peer in NZ (Spark and some of Vodafones network), then traffic will go to the Sydney pop.

If this is an important issue to you, then choose an ISP who has an open peering policy.

A pity when you consider how many people are recommending 1.1.1.1 DNS these days...

This popped up on my news feed today

Mozilla Firefox to begin slow rollout of DNS-over-HTTPS by default at the end of the month using Cloudflare

https://www.theregister.co.uk/2019/09/09/mozilla_firefox_dns/

I would imagine this would impact Spark customers whos DNS requests will go to Sydney. DNS latency has an effect on how "snappy" browsing and other applications feel.

Not sure if the number of FX users would be a worry for Spark...

I'm on 2degrees, I'm using the Auckland node according to the Chrome extension I have.

I'd force Firefox to my local PiHole to prevent advertising servers. Otherwise I think it's a good move for security. I prefer ISP DNS in case there are local caches.

Traceroute here seems to suggest they have transit for 1.1.1.1 if I remember correctly Spark's pings weren't too much higher.

Tracing route to one.one.one.one [1.1.1.1]
over a maximum of 30 hops:

  1     2 ms     1 ms     1 ms  192.168.1.250
  2     6 ms     3 ms     3 ms  lnssp-r2-radius.ch.compassnet.co.nz [203.152.96.105]
  3    18 ms    16 ms    16 ms  10.20.4.18
  4    21 ms    18 ms    17 ms  as4826.auckland.megaport.com [43.243.22.18]
  5    21 ms    17 ms    18 ms  bundle-12.cor01.akl05.akl.vocus.net.nz [114.31.202.50]
  6    21 ms    19 ms    18 ms  BE-100.bdr03.akl05.akl.VOCUS.net.nz [114.31.202.35]
  7    18 ms    18 ms    17 ms  as13335.cust.bdr01.akl05.akl.VOCUS.net.nz [175.45.93.218]
  8    18 ms    17 ms    17 ms  one.one.one.one [1.1.1.1]

Trace complete.

Ping times to their CDN can be higher:

Tracing route to www.geekzone.co.nz [104.24.3.14]
over a maximum of 30 hops:

  1     1 ms     1 ms     1 ms  192.168.1.250
  2     4 ms     3 ms     3 ms  lnssp-r2-radius.ch.compassnet.co.nz [203.152.96.105]
  3    18 ms    16 ms    17 ms  10.20.4.18
  4    17 ms    17 ms    17 ms  default-rdns.vocus.co.nz [101.98.10.78]
  5     *        *        *     Request timed out.
  6    41 ms    40 ms    41 ms  4610.syd.equinix.com [45.127.172.93]
  7    41 ms    40 ms    41 ms  13335.syd.equinix.com [45.127.172.154]
  8    40 ms    39 ms    39 ms  104.24.3.14

Trace complete.

freitasm: Unless your ISP doesn't want it, hence my question to the OP.

And if you are with Spark the answer is also No as sometimes it seems to be Tokyo or Osaka or somewhere else that most definitely isn't New Zealand :/

Brumfondl:

 

freitasm: Unless your ISP doesn't want it, hence my question to the OP.

 

And if you are with Spark the answer is also No as sometimes it seems to be Tokyo or Osaka or somewhere else that most definitely isn't New Zealand :/

 

The events of Christchurch and the ongoing lack of any meaningful action on significant proportion of vile content they protect on the internet means that Spark will most likely never peer with Cloudflare.

I know you geeks may not like it, but it is the reality that Spark have a moral compass when it comes to Christchurch and other ISPs don't.

Sounddude:

 

This popped up on my news feed today

 

Mozilla Firefox to begin slow rollout of DNS-over-HTTPS by default at the end of the month using Cloudflare

 

https://www.theregister.co.uk/2019/09/09/mozilla_firefox_dns/

 

 

 

I would imagine this would impact Spark customers whos DNS requests will go to Sydney. DNS latency has an effect on how "snappy" browsing and other applications feel.

 

for akamai, this is a horrible move...

I had this same issue on Spark Fiber where DNS resolution is a bit slower due to having setup DNS-over-HTTPS using cloudflared on my Pi-Hole Server, and it would sometimes give me intermittant page timeouts or it would take 2-3 seconds for pages to respond. 

After some troubleshooting I realised that when using 1.1.1.1 there was an extra 150-200ms of latency on Spark because its going via Sydney through TelstraGlobal. Unfortunately Spark doesnt peer at APE NZIX which is where Cloudflare peers in Auckland

So on a Spark connection, it looked like this:

 9  i-90.sydp-core03.telstraglobal.net (202.84.222.81)  32.424 ms  34.378 ms  32.038 ms
10  202.84.138.45 (202.84.138.45)  150.008 ms  150.290 ms  148.379 ms
11  202.84.157.158 (202.84.157.158)  145.684 ms  145.710 ms  143.956 ms
12  unknown.telstraglobal.net (210.57.81.22)  162.217 ms  161.236 ms  162.049 ms
13  one.one.one.one (1.1.1.1)  147.862 ms  147.079 ms  147.250 ms

While on a VPN connection, because of their peering it looks like this 

21 ms    21 ms    21 ms  bundle-11.cor01.alb01.akl.vocus.net.nz [114.31.202.48]
21 ms    22 ms    20 ms  BE-101.bdr03.akl05.akl.VOCUS.net.nz [114.31.202.37]
20 ms    20 ms    20 ms  as13335.cust.bdr01.akl05.akl.VOCUS.net.nz [175.45.93.218]
20 ms    20 ms    20 ms  one.one.one.one [1.1.1.1]

Not very good for a Spark Customer trying to have a secure network.

So my fix for a DoH setup?

I tried using https://8.8.8.8/dns-query in my Pi-Hole DoH setup, but it wouldn't resolve anything.

With a quick search I found this page on Googles DNS docs: https://developers.google.com/speed/public-dns/docs/doh/ which indicates the upstream is https://dns.google/dns-query 

After updating this in my /etc/default/cloudflared config, my DNS resolution dropped to sub 35ms and pages load instantly. 

The interesting thing is, it seemed to have changed today.

1.1.1.1 is now routing via VOCUS instead of TelstraGlobal and its gone from ~200ms latency to sub ~35ms latency.

So I guess it should be working fine for those on Spark that were having problems, but im keeping my setup as  --upstream https://dns.google/dns-query --upstream https://1.1.1.1/dns-query for now to have that resiliency

traceroute to 1.1.1.1 (1.1.1.1), 30 hops max, 60 byte packets
 1  Gateway (192.168.1.254)  0.600 ms  0.587 ms  0.649 ms
 2  122-58-248-1-vdsl.sparkbb.co.nz (122.58.248.1)  4.501 ms  6.372 ms  6.424 ms
 3  * * *
 4  122.56.113.4 (122.56.113.4)  7.083 ms  7.125 ms  7.123 ms
 5  ae2-6.tkbr12.global-gateway.net.nz (122.56.127.17)  7.108 ms ae7-2.akbr7.global-gateway.net.nz (122.56.119.53)  6.555 ms  6.550 ms
 6  xe7-0-2.sebr3.global-gateway.net.nz (202.50.232.234)  29.039 ms xe5-0-0.sgbr3.global-gateway.net.nz (202.50.232.242)  30.304 ms xe0-0-9.sebr3.global-gateway.net.nz (202.50.232.82)  29.421 ms
 7  ae7-10.sebr4.global-gateway.net.nz (122.56.127.214)  30.172 ms  31.355 ms 122.56.119.86 (122.56.119.86)  29.085 ms
 8  as4826.sydney.megaport.com (103.26.68.248)  31.340 ms  31.117 ms  29.577 ms
 9  BE-110.cor02.syd04.nsw.VOCUS.net.au (175.45.72.30)  30.868 ms be-111.cor01.syd11.nsw.vocus.net.au (175.45.72.32)  30.204 ms  29.641 ms
10  BE-100.bdr02.syd03.nsw.VOCUS.net.au (114.31.192.39)  34.377 ms BE-101.bdr02.syd03.nsw.VOCUS.net.au (114.31.192.37)  32.817 ms  38.501 ms
11  as13335.bdr02.syd03.nsw.VOCUS.net.au (175.45.124.197)  29.541 ms  30.717 ms  29.709 ms
12  one.one.one.one (1.1.1.1)  28.120 ms  28.165 ms  28.180 ms

BarTender:

 

I know you geeks may not like it, but it is the reality that Spark have a moral compass when it comes to Christchurch and other ISPs don't.

 

really? you truly going to say that?

wow.