Improving our Ad-Blocking VPN service: Now with anycast DNS.

We manage our own DNS servers that our ad, tracker, and other “BS” blocking VPN service uses. For the beta period, we were hosting DNS in a single location (Luxembourg), which held strong and served it’s purpose. But we decided to take things to a new level…

A single DNS server location to serve the requests for multiple VPN locations is not an ideal solution in a production environment, especially one that is being built for commercial use (IE: Us selling VPN services). While it served it’s purpose for the initial beta testing of the network and to allow us to develop and tune our blocklists, it does present a couple of downsides in that it’s a single point of failure for the entire VPN network and means performance isn’t the absolute best that it could be given that some VPN locations are geographically on the other side of the world from where the DNS was being served from.

So, we did what any bunch of geeks would do who love making things work better: We went from one DNS server, to three DNS servers that are each located in strategic geographical locations to ensure that your DNS lookups from our VPN network is done by the server closest to your VPN’s location. This offers a quite measurable decrease in overall query time while also hardening the network from attacks, as our service is able to sustain multiple outages at once (god forbid) and still keep humming along, serving you your favorite web content without all the ads, trackers and other bullshit associated with the modern era of websites and mobile apps. Aside from beefing up the overall specs of these servers to accommodate future growth and use, we can also add more in a relatively simple fashion to make scaling a much easier task.

But, if you’re like us, you’d rather see numbers and data, right? Below are some before/after results of a simple ping test done from several locations around the globe. One being done to our existing, soon to be decommissioned DNS server in Luxembourg, and the other being done to our new anycast DDoS protected DNS cluster. Check out the results below.

LocationOld DNS (Avg. RTT)New DNS (Avg. RTT)Difference
Amsterdam, North Holland, Netherlands39.16833.230-5.938
Dallas, Texas, United States157.440140.246-17.194
Frankfurt, Hesse, Germany51.30833.630-17.678
Hong Kong230.435200.940-29.505
London, England, United Kingdom54.58755.204+0.617
Madrid, Spain89.55773.626-16.297
Milan, Lombardia, Italy48.77437.104-11.67
Montreal, Quebec, Canada121.07511.503-109.572
Moscow, Moscow City, Russian Federation65.85573.915+8.06
Paris, Île-de-France, France38.06548.756+10.691
Stockholm, Stockholms Lan, Sweden55.55466.514+10.96
Tokyo, Kanto, Japan290.306269.833-20.473

It’s improvement almost everywhere globally, with only a slight increase in response time in Sweden, France, UK and Russia. Though, this gives us the data we need to see where we can improve the setup by possibly adding a new DNS server in an area that will better serve these locations.

Our VPN service is currently ‘out of stock’, but we plan to re-launch with the new, updated DNS service in the coming week.

Leave a Reply

Your email address will not be published. Required fields are marked *