FORUMS
Remove All Ads from XDA

keweonDNS - now with improved Certificate (iOS, Mac & Android)

1,705 posts
Thanks Meter: 4,296
 
Post Reply Email Thread
28th October 2017, 09:59 PM |#31  
MrT69's Avatar
OP Senior Member
Flag Königsbrunn
Thanks Meter: 4,296
 
Donate to Me
More
Germany is already in Progress.
The problem is that the German BSI make an weekly Inventory on all German IP Adresse to investigate if it's an Open Resolver. On the one hand a good thing because Open Resolver could break down the entire Internet and on the other hand this will cause a lot of troubles for me because I need harder security to prevent this.

It's already done but I need to do more and deeper tests. I guess Germany (and France) will be online on next Thursday or Friday.

At the moment I recommend UK and NL for use in Europe until Germany and France is Online.
The Following 2 Users Say Thank You to MrT69 For This Useful Post: [ View ] Gift MrT69 Ad-Free
29th October 2017, 05:41 AM |#32  
adewisman's Avatar
Senior Member
Flag Bandung
Thanks Meter: 646
 
More
Quote:
Originally Posted by MrT69

Germany is already in Progress.
The problem is that the German BSI make an weekly Inventory on all German IP Adresse to investigate if it's an Open Resolver. On the one hand a good thing because Open Resolver could break down the entire Internet and on the other hand this will cause a lot of troubles for me because I need harder security to prevent this.

It's already done but I need to do more and deeper tests. I guess Germany (and France) will be online on next Thursday or Friday.

At the moment I recommend UK and NL for use in Europe until Germany and France is Online.

thank you for contacting me, I seem can not send a message to your wa but I sent some details on your telegram account, and I couldn't pm you on xda too, thank you.

Edit : confirm playstore working with Netherlands server.

Code:
iptables -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to-destination 45.77.138.206 && \ iptables -t nat -A OUTPUT -p tcp --dport 53 -j DNAT --to-destination 45.77.138.206
Im using a magisk module to run the iptables command on reboot, if anyone interested to test it too kindly grab it here : https://drive.google.com/file/d/0B-p...w?usp=drivesdk
The Following User Says Thank You to adewisman For This Useful Post: [ View ] Gift adewisman Ad-Free
29th October 2017, 08:07 AM |#33  
Senior Member
Thanks Meter: 53
 
More
Quote:
Originally Posted by adewisman

thank you for contacting me, I seem can not send a message to your wa but I sent some details on your telegram account, and I couldn't pm you on xda too, thank you.

Edit : confirm playstore working with Netherlands server.

Code:
iptables -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to-destination 45.77.138.206 && \ iptables -t nat -A OUTPUT -p tcp --dport 53 -j DNAT --to-destination 45.77.138.206
Im using a magisk module to run the iptables command on reboot, if anyone interested to test it too kindly grab it here : https://drive.google.com/file/d/0B-p...w?usp=drivesdk

how do i check if it works or it has changed?
29th October 2017, 08:30 AM |#34  
adewisman's Avatar
Senior Member
Flag Bandung
Thanks Meter: 646
 
More
Quote:
Originally Posted by hafiz.hasan


how do i check if it works or it has changed?

Im testing it using https://dnsleaktest.com/ (attached) and https://thepcspy.com/blockadblock/ (adblocker test) , its working beautifully on my end, great works.
Attached Thumbnails
Click image for larger version

Name:	Screenshot_2017-10-29-12-35-00-409_com.android.browser.jpg
Views:	456
Size:	262.7 KB
ID:	4317188   Click image for larger version

Name:	Screenshot_2017-10-29-12-41-23-053_com.android.browser.png
Views:	436
Size:	151.3 KB
ID:	4317189  
The Following User Says Thank You to adewisman For This Useful Post: [ View ] Gift adewisman Ad-Free
29th October 2017, 08:38 AM |#35  
Senior Member
Thanks Meter: 53
 
More
Quote:
Originally Posted by adewisman

Im testing it using https://dnsleaktest.com/ (attached) and https://thepcspy.com/blockadblock/ (adblocker test) , its working beautifully on my end, great works.

ok..wil check now..
The Following 2 Users Say Thank You to hafiz.hasan For This Useful Post: [ View ] Gift hafiz.hasan Ad-Free
29th October 2017, 10:34 AM |#36  
MrT69's Avatar
OP Senior Member
Flag Königsbrunn
Thanks Meter: 4,296
 
Donate to Me
More
Hi folks!

Please don't compare my DNS Servers with any current standard Servers. For security reasons I locked them down within a damn hard way and if the servers will see any non Standart use every request will be dropped.

Why?
DNS itself is a very sensible Technologie and with a wrong and false configured server you can break down the entire Internet. (Amplifier, DDoS, Mitigation)
At the fist start here at XDA it was a need to change 3 times the Provider because right after the release idiot's running attacks against the server.
Frustrating thing.

The current system a very low budget system but it's working. It's working for local PCs, Mobile Devices and Tablets and for Soho/WiFi Router for to run keweon with one step on every device at home.

Please understand that all other additional things are not possible. This is only related to the reason that I'm running everything on low budget VPS.
As former employee from Level3 they made me an offer to store the entire Infrastructure within the Data Center. Only for the security and even for an Ex employee the would charge 4000 Euro per Month (!) only for this. No kidding - just only for Security. No Rack, Hardware or anything else.

Please understand that I need a heavy security on the servers because I want to keep them longer Online for all of us.

Thanks a lot and any recommendations, tips and help are always welcome.
The Following User Says Thank You to MrT69 For This Useful Post: [ View ] Gift MrT69 Ad-Free
29th October 2017, 07:28 PM |#37  
MrT69's Avatar
OP Senior Member
Flag Königsbrunn
Thanks Meter: 4,296
 
Donate to Me
More
Data Center outage Monday at 2 PM GMT +1


The HTTP/HTTPS Termination Server would be offline for round about 2 to 3 hours tomorrow morning. Currently the system is not redundant because this will cause to many costs.

All further updates, informations and technical Details and Staus of Server and Data center be available for the future on this website:

http://status.keweon.center

Impact:
Adblock and Security is still given. The website and the ads Termimation will not look very pretty.

Personal Note:
Need to think about an AMAZON Load Balancer. Has anyone experience about the price of this?
The Following User Says Thank You to MrT69 For This Useful Post: [ View ] Gift MrT69 Ad-Free
1st November 2017, 12:20 PM |#38  
MrT69's Avatar
OP Senior Member
Flag Königsbrunn
Thanks Meter: 4,296
 
Donate to Me
More
Ads Termination improvements (HTTP & HTTPS):

- installed Loadbalancer from scratch
- enhanced backend infrastructure
- extended backend infrastructure to 50 Servers
- adjust https response time
- Version upgrade of "Zero SSL Session Broker"
- Reduced memory usage
- Reduced initialization response
- enhanced "Zero SSL Session Responder"
- extended SSL Ciphers
- improved the Domain response
- dropped packet inspection
- enhanced firewall security
- reduced response time

The Server should now run more stable. It's still a VPS environment but I hope to keep the system now more stable with all the changes.

The websites should now look much more pretty and the load of the websites should also processed faster by using the keweon Root Certificate.

Thanks to all tester.
The Following User Says Thank You to MrT69 For This Useful Post: [ View ] Gift MrT69 Ad-Free
2nd November 2017, 07:49 AM |#39  
MrT69's Avatar
OP Senior Member
Flag Königsbrunn
Thanks Meter: 4,296
 
Donate to Me
More
System Upgrade:

To run keweonDNS on a virtual environment is not the best solution. I know this and please see this as an Proof of Concept.
I see that the VPS sometimes will not do what they should do. Therefore I will do a RAM upgrade and hope that this system will get more stable and faster. I also hope that the performance will increase.

During the coming weekend it is a need to reboot each Server two times. Until they are back again it will take round about 90 seconds for each reboot.

This will not have an impact if you stay i.e. on Facebook or on any other site.
If you are open a website at this moment you will get an timeout. Please wait a moment, take a smoke or order an cup of coffee and everything is fine again within less than 5 Minutes.

I hope the system will become stronger with this.

Thanks in advance
The Following 2 Users Say Thank You to MrT69 For This Useful Post: [ View ] Gift MrT69 Ad-Free
2nd November 2017, 09:54 PM |#40  
MrT69's Avatar
OP Senior Member
Flag Königsbrunn
Thanks Meter: 4,296
 
Donate to Me
More
System Update:

A lot of false positive removed. Thanks to all supporter.
YouTube, PlayStore and a lot of other Site and Apps working now.
Lost the focus on Update because the Server testing need a lot of time.

At 3 AM GMT +1 (6 hours from now) everything will work as expected.
Thanks again for being patient.
The Following 4 Users Say Thank You to MrT69 For This Useful Post: [ View ] Gift MrT69 Ad-Free
3rd November 2017, 01:23 PM |#41  
dalepothen's Avatar
Senior Member
Flag Doha
Thanks Meter: 49
 
More
Quote:
Originally Posted by MrT69

System Update:

A lot of false positive removed. Thanks to all supporter.
YouTube, PlayStore and a lot of other Site and Apps working now.
Lost the focus on Update because the Server testing need a lot of time.

At 3 AM GMT +1 (6 hours from now) everything will work as expected.
Thanks again for being patient.

Mate be active on telegram too
Post Reply Subscribe to Thread

Tags
adblocker, dns

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes