farrokhi's comments

farrokhi · on Nov 17, 2017

The response time depends on network peering from their anycast locations. I am seeing different response times based on test locations.

From US:

  # ./dnseval.py -f google-vs-quad9.txt -c 50 -C yahoo.com
  server      avg(ms)     min(ms)     max(ms)     stddev(ms)  lost(%)  ttl        flags
  ----------------------------------------------------------------------------------------------------
  8.8.8.8     31.857      31.278      33.416      0.434       %0       1332       QR -- -- RD RA -- --
  8.8.4.4     31.865      31.361      32.872      0.336       %0       1330       QR -- -- RD RA -- --
  9.9.9.9     93.703      92.797      95.362      0.586       %0       1391       QR -- -- RD RA -- --

From Iran:

  # ./dnseval.py -f google-vs-quad9.txt -c 50 -C yahoo.com
  server      avg(ms)     min(ms)     max(ms)     stddev(ms)  lost(%)  ttl        flags
  ----------------------------------------------------------------------------------------------------
  8.8.8.8     105.093     90.046      130.871     9.749       %0       3590       QR -- -- RD RA -- --
  8.8.4.4     99.458      84.472      133.375     11.308      %0       3585       QR -- -- RD RA -- --
  9.9.9.9     96.231      83.957      134.709     9.503       %0       3595       QR -- -- RD RA -- --

Tests are performed using dnsdiag tools: https://github.com/farrokhi/dnsdiag

farrokhi · on Jan 22, 2017

Perhaps they accidentally lifted the blocking rules. Or it will drop as soon as they upgrade their censorship software.

farrokhi · on April 12, 2016

I wish their client had first class support for other operating systems like FreeBSD. Current client is too debian/ubuntu specific.

_wmd · on April 12, 2016

Which part of https://www.eriklundblad.com/log/post/lets-encrypt-on-freebs... is hard?

jrapdx3 · on April 12, 2016

Actually, setting up LE on FBSD was even easier than that. We've had LE working on two of our FBSD servers for 4 months. Running the py27-letsencrypt client with --certonly and -d domainname -d ..., installed the certs in /usr/local/etc/letsencrypt/live/<domain>/...

Then pointing nginx to the "live" cert location and setting a cron job to renew every 4 weeks or so pretty much takes care of the whole process. I notice the FBSD LE client was just upgraded, not sure what new features it offers, but certainly should work at least as well as before.

farrokhi · on April 13, 2016

Yes, but that is not the official client.

farrokhi · on March 11, 2016

This is very interesting that "accidentally" all the parts have distinctive marks that can be linked to a B777 aircraft.

liotier · on March 11, 2016

In aeronautics, component lifecycle tracking is dead serious business - hence even some trivial parts are individually identified, much more than in any other industry.

dominotw · on March 11, 2016

You need to watch some air crash investigation episodes on youtube.

farrokhi · on April 13, 2011

wasn't this obvious from the beginning? And the same would happen to RockMelt as well.