So I gotta have a minute of real talk where I'll explain the issues and why no automated solution will really solve the issue. Do not just read part of this, do not take someone else’s, often incorrect, TL;DR as what was actually said.
There's an extremely large amount of IPs trying to use the DNS for browsing on their PC (or w/e). Literally millions of requests a second. I cannot separate these out without it becoming a full time job just watching traffic and reacting. This will also cost an amount, monthly, that I'm not willing to pay for a free service. I have a way for it to work, but a fair amount of people aren't going to like it.
These are the issues I'm running into:
- It is not coming from a single IP block, so I cannot just block a certain network, ex
192.168.1.*
- Setting a quota, per IP, doesn't work because there are so many unique IPs.
- Rate limiting does not work because there are so many unique IPs.
- The traffic does not appear malicious or unusual (For regular internet usage).
- Whitelisting every domain that "needs" to be available is unfeasible because it would be a constant battle on what people want to use/visit.
- No you cannot go off of MAC addresses, they are not transmitted.
- No you cannot use Cloudflare or some other free proxy service, as it's not HTTP/HTTPS traffic that's the issue.
- Jumping IP addresses may work for a time but doesn't actually solve the issues, and it's likely the issue will pop up again. The IPs have also been the same for years and user needing to continuously look up the new IPs every other month is silly. This also opens the possibility for trolling if the IPs go back into the pool of available IPs. Someone else will be assigned the IP, meaning they could run a DNS to allow updates, host bricking payload, etc. There's no free way to keep the old IPs reserved and keep getting new ones, the costs would snowball fast.
I've spent the last month logging data and talking with professionals with tech support at different hosting companies trying to figure out a solution... There isn't one that isn't prohibitively expensive. "Unlimited" is not actually unlimited, FYI, talking to their tech support versus their sales support the picture becomes clear. To run it as is, I'd need to spend thousands monthly and to have someone dedicated to monitoring it 24/7/365.
The only solution I can figure out is whitelisting client IPs for recursive queries. This means IPs contained within a config file will be allowed to use the DNS the same way it's been used the last 5 year. Unfortunately, there's no open system to manage something like this and most of the easy ones we could come up with can easily be cheated/bypassed. I have a system setup that can't really be cheated... but it will cost users $1/month. GitHub sponsors allows me to export data and I have a script setup that after you submit me your IP it will keep the IP associated with your GitHub whitelisted on both servers. If this actually becomes popular enough, doubt.jpg, I'll throw together a little website frontend for it.
The DNS will work as usual with the exception the recursive queries, like it has been the last month. This means speed tests, update blocking, hijacking, and the exploit host located on the same server will function as usual without any user interaction. You can also access resources via raw IP addresses.
No, all my code past, present, and future, and will remain, open source to the best of my abilities. You can host exactly what I'm hosting yourself on your home PC. The only thing that will have a cost associated with it is a singular live service I host, and only a portion of it.
My work will also continue as usual, however; if I actually hit any funding goals it will greatly speed up being able to get back to work on PS stuff in any real capacity, versus the last two years where I've just done some stuff behind the scenes for a few people and general maintenance to keep things running.
I'll put an emphasis on keeping the live service host up to date (Like adding PS5 exploits) as it'd be a paid service.
You can see more info on my GitHub sponsors page here.
Hi! Can u paste a nload output? What are the specs or your vms?
I have some free vm in Oracle cloud and i can build one or two dns servers.
Glad to help you!