bridgy-fed icon indicating copy to clipboard operation
bridgy-fed copied to clipboard

Published 20 hours ago • verified publisher icon snarfed

Scale ATProto handle resolution

Open snarfed opened this issue 1 year ago • 11 comments

We need to serve ATProto handle resolution for all users bridged into ATProto (background: #381). They support both DNS and HTTPS methods, but our ATProto handles are multi-level, eg @[email protected] becomes user.mastodon.social.ap.brid.gy, and you can't make multi-level wildcard SSL certs, so HTTPS won't work, so DNS it is.

We're currently using Google Cloud DNS. It serves the entire brid.gy DNS zone, and we create _atproto records for handle resolution manually. The catch is that GCP DNS has a hard limit of 10k records per zone, which we'll likely outgrow. Grr.

We could make a zone per sub-subdomain, eg per fediverse instance, so mastodon.social.ap.brid.gy would become its own zone, but GCP DNS also has a hard limit of 10k zones total.

So, we eventually need to switch to a different programmatic DNS service or run our own DNS server. Whee.

snarfed avatar Dec 07 '23 02:12 snarfed

Provider lists: https://en.wikipedia.org/wiki/List_of_managed_DNS_providers https://www.g2.com/categories/managed-dns-providers https://serverauth.com/posts/comparing-dns-hosting-providers

snarfed avatar Dec 07 '23 02:12 snarfed

Upcoming option: https://dns.kitchen/ , all you can eat zones/records, $5/mo.

snarfed avatar Dec 26 '23 20:12 snarfed

@neatnik mentioned https://desec.io/ too.

snarfed avatar Feb 10 '24 22:02 snarfed

Also https://dns.he.net/, https://www.nova53.net/, https://ns-global.zone/ .

snarfed avatar Feb 11 '24 16:02 snarfed

Maybe obsoleted by #830 🤞

snarfed avatar Feb 12 '24 04:02 snarfed

...nope, turns out #830 probably won't work after all, so this issue definitely still applies.

snarfed avatar Apr 09 '24 15:04 snarfed

The 10k limit in Google Cloud DNS is a quota, rrsetsPerManagedZone, that I can request an increase for. May try that.

  • https://cloud.google.com/dns/quotas#quotas
  • https://console.cloud.google.com/iam-admin/quotas?service=dns.googleapis.com&metric=dns.googleapis.com%2Fquota%rrsets_per_managed_zone&project=brid-gy

snarfed avatar Apr 16 '24 01:04 snarfed

Tried requesting a quota bump. 🤞

snarfed avatar May 05 '24 03:05 snarfed

In unrelated very good news, @bnewbold built us a whole new microservice to solve this! https://github.com/bluesky-social/atproto/discussions/1697#discussioncomment-9308726 . Extremely generous of him. Thank you Bryan!!!

snarfed avatar May 05 '24 03:05 snarfed

More good news, I asked for a GCP DNS quota bump to 50k and got it. Woo!

snarfed avatar May 07 '24 22:05 snarfed

We're currently at 6500 DNS records, with the limit still at 50k. We'll (hopefully) still need to figure this out eventually, but it seems like we have plenty of time.

snarfed avatar Jul 26 '24 03:07 snarfed