Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
muppetman 3 days ago

Sure is in NZ at least. RTT to NextDNS is ~30ms for me, RTT to my AdGuardHome is 1ms. I don't setup a VPN, I setup a public SSL certificate (this requires you to own a domain) on it, listening on port 853. Then doesn't matter if I'm at home or on Mobile/4G/Someone Else's Wifi. I don't need the hassle of an always-on VPN, I just have an always-on AdGuardHome.

The biggest hassle was making sure the world can't hit it (though it's not UDP 53 so it's not an amplification vector anyway) but only local NZ IPs, which I did with GeoFilterig on my router.

8fingerlouie 2 days ago | parent [-]

"RTT to NextDNS is ~30ms for me"

That's why i setup a local caching resolver. RTT to NextDNS in Denmark is ~10ms, and RTT to my local caching resolver is 1-2ms, so yes, it's quicker, but my caching resolver is essentially just what my router offers (Unifi), with NextDNS as upstream (DNS over TLS).

"I just have an always-on AdGuardHome"

I've self hosted for 20 years, i honestly can't be bothered anymore. The power consumption of self hosted hardware alone costs more than the equivalent, better, service in the cloud. NextDNS is $18/year, thats 51 kWh at €0.35/kWh. 5W for a year is 43.8 kWh, which is roughly what a Raspberry Pi 3/4 uses, so for just €2.5/year i can have enterprise hardware and massive redundancy with zero operational risk compared to running on a single RPi at home.

Yes, i'm aware you can run better hardware with more services, but that really only makes the problem worse, both in terms of power consumption, but also in terms of TCO with hardware costs, as well as cybersecurity.

For most people, running in the cloud is cheaper than self hosting. If you have less than 5-6TB of data, the cloud will also be cheaper. After that the math starts going in the favor of self hosting, but year for year the amount of data you can store in the cloud cheaper than at home keeps growing. Yes, the cloud prices increase, but so does the price of harddrives and other hardware.

"but only local NZ IPs, which I did with GeoFilterig on my router."

I know geofiltering is usually security by obscurity, but it does keep the worst bots away, and i used to use it as well (when i self hosted). It cut down dramatically on the various "drive by shootings" by random bots constantly pinging various ports.

muppetman 2 days ago | parent [-]

All good points. I already have a server that runs a whole bunch of other stuff (my router is a VM, my Unifi controller is a VM etc, all on the one box) so a tiny little AdGuardHome process and a port-forward in the router isn't using anymore power/effort.