Retire DNS server, ns-aws.sslip.io

The torrent of traffic I'm receiving has caused my AWS bill to spike
from $9 to $148, all of the increase due to bandwidth charges.

I'm still maintaining ns-aws; the VM still continue to run, and continue
to serve web traffic, and maintain its hostname and IP addresses;
however, it will no longer be in the list of NS records for sslip.io.

There are much less expensive hosting providers. OVH is my current
favorite.

README.md

@@ -1,7 +1,7 @@
 # sslip.io
 
 | Test Type              | Status                                                                                                                                 |
-|---|---|
+|------------------------|----------------------------------------------------------------------------------------------------------------------------------------|
 | Production Nameservers | [![ci.nono.io](https://ci.nono.io/api/v1/pipelines/sslip.io/jobs/dns-servers/badge)](https://ci.nono.io/teams/main/pipelines/sslip.io) |
 | DNS Server Unit Tests  | [![ci.nono.io](https://ci.nono.io/api/v1/pipelines/sslip.io/jobs/unit/badge)](https://ci.nono.io/teams/main/pipelines/sslip.io)        |
 
@@ -24,6 +24,7 @@ sudo go run main.go
 ```
 
 In another window:
+
 ```bash
 dig @localhost 192.168.0.1.sslip.io +short
  # should return "192.168.0.1"
@@ -121,14 +122,14 @@ as ARM64 (AWS Graviton, Apple M1/M2).
 privileged ports (<1024) ("`listen udp :53: bind: permission denied`"). For
 example, to run the server on port 9553: `go run main.go -port 9553`. To query,
 `dig @localhost 127.0.0.1.sslip.io -p 9553`
-- `-nameservers` overrides the default NS records `ns-aws.sslip.io`,
+- `-nameservers` overrides the default NS records `ns-azure.sslip.io`,
-  `ns-azure.sslip.io`, `ns-gce.sslip.io`, and `ns-ovh.sslip.io`; flag, e.g. `go
+`ns-gce.sslip.io`, and `ns-ovh.sslip.io`; flag, e.g. `go run main.go
-run main.go -nameservers ns1.example.com,ns2.example.com`). If you're running
+-nameservers ns1.example.com,ns2.example.com`). If you're running your own
-  your own nameservers, you probably want to set this. Don't forget to set
+nameservers, you probably want to set this. Don't forget to set address records
-  address records for the new name servers with the `-addresses` flag (see
+for the new name servers with the `-addresses` flag (see below). Exception:
-  below). Exception: `_acme-challenge` records are handled differently to
+`_acme-challenge` records are handled differently to accommodate the
-  accommodate the procurement of Let's Encrypt wildcard certificates; you can
+procurement of Let's Encrypt wildcard certificates; you can read more about
-  read more about that procedure [here](docs/wildcard.md)
+that procedure [here](docs/wildcard.md)
 - `-addresses` overrides the default A/AAAA (IPv4/IPv6) address records. For
 example, here's how we set the IPv4 record & IPv6 record for our nameserver (in
 the `-nameservers` example above), ns1.example.com: `-addresses
@@ -146,7 +147,7 @@ ns1.example.com=10.8.8.8,ns1.example.com=fc::8888`. Note that you can set many
 - it binds to both UDP and TCP.
 - The SOA record is hard-coded except the _MNAME_ (primary master name server)
   record, which is set to the queried hostname (e.g. `dig big.apple.com
-  @ns-aws.nono.io` would return an SOA with an _MNAME_ record of
+  @ns-ovh.nono.io` would return an SOA with an _MNAME_ record of
   `big.apple.com.`
 - The MX records are hard-coded to the queried hostname with a preference of 0,
   except `sslip.io` itself, which has custom MX records to enable email

docs/DEVELOPER.md

@@ -48,7 +48,7 @@ dig +short 127.0.0.1.example.com @$DNS_SERVER_IP
 echo 127.0.0.1
 # NS ordering might be rotated
 dig +short ns example.com @$DNS_SERVER_IP
-printf "ns-aws.sslip.io.\nns-azure.sslip.io.\nns-gce.sslip.io.\nns-ovh.sslip.io.\n"
+printf "ns-azure.sslip.io.\nns-gce.sslip.io.\nns-ovh.sslip.io.\n"
 dig +short mx example.com @$DNS_SERVER_IP
 echo "0 example.com."
 dig +short mx sslip.io @$DNS_SERVER_IP

docs/logs.md

@@ -1,6 +1,6 @@
 ### Tools for Exploring Log Files
 
-To generate log files on, say, ns-aws:
+To generate log files on, say, ns-ovh:
 
 ```zsh
 sudo journalctl -u sslip.io-dns -S yesterday > /tmp/sslip.io.log

docs/wildcard.md

@@ -4,7 +4,7 @@
 
 Let's say you have a domain that is hosted on Amazon Route53, lets call it
 `example.com`. You have a few DNS entries set up like `foo.example.com`, and then
-you have `xip.example.com` which is an NS record to `ns-aws.sslip.io`. So you
+you have `xip.example.com` which is an NS record to `ns-ovh.sslip.io`. So you
 are able to use both regular DNS records that are hardcoded, and then when you
 need to use sslip you simply use your xip subdomain.
 
@@ -14,7 +14,7 @@ Let's Encrypt DNS-01 challenge process.
 Let's Encrypt will query your name servers for the TXT record
 `_acme-challenge.xip.example.com`, then your DNS server will respond with the
 TXT record _that should have been created on Route53 as part of the challenge_,
-otherwise it'll return the delegated nameservers (ns-aws.sslip.io and so on).
+otherwise it'll return the delegated nameservers (ns-azure.sslip.io and so on).
 
 ### Using the sslip.io domain
 

integration_test.go

@@ -236,20 +236,20 @@ var _ = Describe("sslip.io-dns-server", func() {
 				digCmd = exec.Command("dig", strings.Split(digArgs, " ")...)
 				digSession, err = Start(digCmd, GinkgoWriter, GinkgoWriter)
 				Expect(err).ToNot(HaveOccurred())
-				Eventually(digSession).Should(Say(`52.0.56.137`))
 				Eventually(digSession).Should(Say(`52.187.42.158`))
 				Eventually(digSession).Should(Say(`104.155.144.4`))
+				Eventually(digSession).Should(Say(`51.75.53.19`))
 				Eventually(digSession, 1).Should(Exit(0))
-				Eventually(string(serverSession.Err.Contents())).Should(MatchRegexp(`TypeA ns.sslip.io. \? 52.0.56.137, 52.187.42.158, 104.155.144.4\n`))
+				Eventually(string(serverSession.Err.Contents())).Should(MatchRegexp(`TypeA ns.sslip.io. \? 52.187.42.158, 104.155.144.4, 51.75.53.19\n`))
 			})
 			It("returns all the AAAA records", func() {
 				digArgs = "@localhost aaaa ns.sslip.io +short -p " + strconv.Itoa(port)
 				digCmd = exec.Command("dig", strings.Split(digArgs, " ")...)
 				digSession, err = Start(digCmd, GinkgoWriter, GinkgoWriter)
 				Expect(err).ToNot(HaveOccurred())
-				Eventually(digSession).Should(Say(`2600:1f18:aaf:6900::a`))
+				Eventually(digSession).Should(Say(`2001:41d0:602:2313::1`))
 				Eventually(digSession, 1).Should(Exit(0))
-				Eventually(string(serverSession.Err.Contents())).Should(MatchRegexp(`TypeAAAA ns.sslip.io. \? 2600:1f18:aaf:6900::a, 2600:1900:4000:4d12::\n`))
+				Eventually(string(serverSession.Err.Contents())).Should(MatchRegexp(`TypeAAAA ns.sslip.io. \? 2600:1900:4000:4d12::, 2001:41d0:602:2313::1\n`))
 			})
 		})
 		When("there are multiple MX records returned (e.g. sslip.io)", func() {
@@ -270,11 +270,9 @@ var _ = Describe("sslip.io-dns-server", func() {
 				digCmd = exec.Command("dig", strings.Split(digArgs, " ")...)
 				digSession, err = Start(digCmd, GinkgoWriter, GinkgoWriter)
 				Expect(err).ToNot(HaveOccurred())
-				Eventually(digSession).Should(Say(`flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 7`))
+				Eventually(digSession).Should(Say(`flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 5`))
 				Eventually(digSession).Should(Say(`;; ANSWER SECTION:`))
 				Eventually(digSession).Should(Say(`;; ADDITIONAL SECTION:`))
-				Eventually(digSession).Should(Say(`ns-aws.sslip.io..*52.0.56.137\n`))
-				Eventually(digSession).Should(Say(`ns-aws.sslip.io..*2600:1f18:aaf:6900::a\n`))
 				Eventually(digSession).Should(Say(`ns-azure.sslip.io..*52.187.42.158\n`))
 				Eventually(digSession).Should(Say(`ns-gce.sslip.io..*104.155.144.4\n`))
 				Eventually(digSession).Should(Say(`ns-gce.sslip.io..*2600:1900:4000:4d12::\n`))
@@ -282,11 +280,10 @@ var _ = Describe("sslip.io-dns-server", func() {
 				Eventually(digSession).Should(Say(`ns-ovh.sslip.io..*2001:41d0:602:2313::1\n`))
 				Eventually(digSession, 1).Should(Exit(0))
 				// the server names may appear out-of-order
-				Eventually(string(digSession.Out.Contents())).Should(MatchRegexp(`NS\tns-aws.sslip.io.\n`))
 				Eventually(string(digSession.Out.Contents())).Should(MatchRegexp(`NS\tns-azure.sslip.io.\n`))
 				Eventually(string(digSession.Out.Contents())).Should(MatchRegexp(`NS\tns-gce.sslip.io.\n`))
 				Eventually(string(digSession.Out.Contents())).Should(MatchRegexp(`NS\tns-ovh.sslip.io.\n`))
-				Eventually(string(serverSession.Err.Contents())).Should(MatchRegexp(`TypeNS example.com. \? ns-aws.sslip.io., ns-azure.sslip.io., ns-gce.sslip.io., ns-ovh.sslip.io.\n`))
+				Eventually(string(serverSession.Err.Contents())).Should(MatchRegexp(`TypeNS example.com. \? ns-azure.sslip.io., ns-gce.sslip.io., ns-ovh.sslip.io.\n`))
 			})
 		})
 		When(`there are multiple TXT records returned (e.g. SPF for sslip.io)`, func() {
@@ -408,8 +405,8 @@ var _ = Describe("sslip.io-dns-server", func() {
 			// use regex to account for rotated nameserver order
 			Entry("an NS record with acme_challenge with a forbidden string is not delegated",
 				"@localhost _acme-challenge.raiffeisen.fe80--.sslip.io ns +short",
-				`\Ans-[a-z]+.sslip.io.\nns-[a-z]+.sslip.io.\nns-[a-z]+.sslip.io.\nns-[a-z]+.sslip.io.\n\z`,
+				`\Ans-[a-z]+.sslip.io.\nns-[a-z]+.sslip.io.\nns-[a-z]+.sslip.io.\n\z`,
-				`TypeNS _acme-challenge.raiffeisen.fe80--.sslip.io. \? ns-aws.sslip.io., ns-azure.sslip.io., ns-gce.sslip.io., ns-ovh.sslip.io.\n$`),
+				`TypeNS _acme-challenge.raiffeisen.fe80--.sslip.io. \? ns-azure.sslip.io., ns-gce.sslip.io., ns-ovh.sslip.io.\n$`),
 			Entry("an A record with a forbidden CIDR is redirected",
 				"@localhost nf.43.134.66.67.sslip.io +short",
 				`\A52.0.56.137\n\z`,

k8s/document_root_sslip.io/index.html

@@ -136,12 +136,6 @@ src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script> <![endif]-->
           </tr>
         </thead>
         <tbody>
-          <tr class="odd">
-            <td><code>ns-aws.sslip.io.</code></td>
-            <td>52.0.56.137<br>
-            2600:1f18:aaf:6900::a</td>
-            <td>USA</td>
-          </tr>
           <tr class="even">
             <td><code>ns-azure.sslip.io.</code></td>
             <td>52.187.42.158</td>
@@ -238,7 +232,7 @@ dig @ns.sslip.io txt ip.sslip.io +short -6 # forces IPv6 lookup; sample reply "2
         </li>
       </ul>
       <p>A big advantage of using DNS queries instead of HTTP queries is bandwidth: querying
-      <code>ns-aws.sslip.io</code> requires a mere 592 bytes spread over 2 packets; Querying <a href=
+      <code>ns-azure.sslip.io</code> requires a mere 594 bytes spread over 2 packets; Querying <a href=
       "https://icanhazip.com/">https://icanhazip.com/</a> requires 8692 bytes spread out over 34 packets—over 14 times
       as much! Admittedly bandwidth usage is a bigger concern for the one hosting the service than the one using the
       service.</p>
@@ -256,7 +250,7 @@ dig @ns-gce.nono.io version.status.sslip.io txt +short
       <h4 id="metrics">Server Metrics</h4>You can retrieve metrics from a given server by querying the TXT records of
       <code>metrics.status.sslip.io</code>
       <pre>
-dig @ns-aws.sslip.io metrics.status.sslip.io txt +short
+dig @ns-azure.sslip.io metrics.status.sslip.io txt +short
   "Uptime: 165655"
   "Blocklist: 2023-10-04 07:37:50-07 3,6"
   "Queries: 14295231 (86.3/s)"

main.go

@@ -17,16 +17,16 @@ func main() {
 	var blocklistURL = flag.String("blocklistURL",
 		"https://raw.githubusercontent.com/cunnie/sslip.io/main/etc/blocklist.txt",
 		`URL containing a list of non-resolvable IPs/names/CIDRs, usually phishing or scamming sites. Example "file://etc/blocklist.txt"`)
-	var nameservers = flag.String("nameservers", "ns-aws.sslip.io.,ns-azure.sslip.io.,ns-gce.sslip.io.,ns-ovh.sslip.io.",
+	var nameservers = flag.String("nameservers", "ns-azure.sslip.io.,ns-gce.sslip.io.,ns-ovh.sslip.io.",
 		"comma-separated list of FQDNs of nameservers. If you're running your own sslip.io nameservers, set them here")
 	var addresses = flag.String("addresses",
 		"sslip.io=78.46.204.247,"+
 			"sslip.io=2a01:4f8:c17:b8f::2,"+
-			"ns.sslip.io=52.0.56.137,"+
 			"ns.sslip.io=52.187.42.158,"+
 			"ns.sslip.io=104.155.144.4,"+
-			"ns.sslip.io=2600:1f18:aaf:6900::a,"+
 			"ns.sslip.io=2600:1900:4000:4d12::,"+
+			"ns.sslip.io=51.75.53.19,"+
+			"ns.sslip.io=2001:41d0:602:2313::1,"+
 			"ns-aws.sslip.io=52.0.56.137,"+
 			"ns-aws.sslip.io=2600:1f18:aaf:6900::a,"+
 			"ns-azure.sslip.io=52.187.42.158,"+

xip/xip.go

@@ -656,7 +656,7 @@ func (x *Xip) NSResponse(name dnsmessage.Name, response Response, logMessage str
 	var logMessages []string
 	if response.Header.Authoritative {
 		// we're authoritative, so we reply with the answers
-		// but we rotate the nameservers every second so ns-aws doesn't bear the brunt (64%) of the traffic
+		// but we rotate the nameservers every second so one server doesn't bear the brunt of the traffic
 		epoch := time.Now().UTC().Unix()
 		index := int(epoch) % len(x.NameServers)
 		rotatedNameservers := append(x.NameServers[index:], x.NameServers[0:index]...)

xip/xip_test.go

@@ -79,15 +79,14 @@ var _ = Describe("Xip", func() {
 
 	Describe("NSResources()", func() {
 		When("we use the default nameservers", func() {
-			var x, _ = xip.NewXip("file:///", []string{"ns-aws.sslip.io.", "ns-azure.sslip.io.", "ns-gce.sslip.io.", "ns-ovh.sslip.io."}, []string{}, []string{})
+			var x, _ = xip.NewXip("file:///", []string{"ns-azure.sslip.io.", "ns-gce.sslip.io.", "ns-ovh.sslip.io."}, []string{}, []string{})
 			It("returns the name servers", func() {
 				randomDomain := testhelper.Random8ByteString() + ".com."
 				ns := x.NSResources(randomDomain)
-				Expect(len(ns)).To(Equal(4))
+				Expect(len(ns)).To(Equal(3))
-				Expect(ns[0].NS.String()).To(Equal("ns-aws.sslip.io."))
+				Expect(ns[0].NS.String()).To(Equal("ns-azure.sslip.io."))
-				Expect(ns[1].NS.String()).To(Equal("ns-azure.sslip.io."))
+				Expect(ns[1].NS.String()).To(Equal("ns-gce.sslip.io."))
-				Expect(ns[2].NS.String()).To(Equal("ns-gce.sslip.io."))
+				Expect(ns[2].NS.String()).To(Equal("ns-ovh.sslip.io."))
-				Expect(ns[3].NS.String()).To(Equal("ns-ovh.sslip.io."))
 			})
 			When(`the domain name contains "_acme-challenge."`, func() {
 				When("the domain name has an embedded IP", func() {
@@ -106,20 +105,20 @@ var _ = Describe("Xip", func() {
 					It("returns the default trinity of nameservers", func() {
 						randomDomain := "_acme-challenge." + testhelper.Random8ByteString() + ".com."
 						ns := x.NSResources(randomDomain)
-						Expect(len(ns)).To(Equal(4))
+						Expect(len(ns)).To(Equal(3))
 					})
 				})
 			})
 			When("we delegate domains to other nameservers", func() {
 				When(`we don't use the "=" in the arguments`, func() {
 					It("returns an informative log message", func() {
-						var _, logs = xip.NewXip("file://etc/blocklist-test.txt", []string{"ns-aws.sslip.io.", "ns-azure.sslip.io.", "ns-gce.sslip.io.", "ns-ovh.sslip.io."}, []string{}, []string{"noEquals"})
+						var _, logs = xip.NewXip("file://etc/blocklist-test.txt", []string{"ns-azure.sslip.io.", "ns-gce.sslip.io.", "ns-ovh.sslip.io."}, []string{}, []string{"noEquals"})
 						Expect(strings.Join(logs, "")).To(MatchRegexp(`"-delegates: arguments should be in the format "delegatedDomain=nameserver", not "noEquals"`))
 					})
 				})
 				When(`there's no "." at the end of the delegated domain or nameserver`, func() {
 					It(`helpfully adds the "."`, func() {
-						var x, logs = xip.NewXip("file://etc/blocklist-test.txt", []string{"ns-aws.sslip.io.", "ns-azure.sslip.io.", "ns-gce.sslip.io.", "ns-ovh.sslip.io."}, []string{}, []string{"a=b"})
+						var x, logs = xip.NewXip("file://etc/blocklist-test.txt", []string{"ns-azure.sslip.io.", "ns-gce.sslip.io.", "ns-ovh.sslip.io."}, []string{}, []string{"a=b"})
 						Expect(strings.Join(logs, "")).To(MatchRegexp(`Adding delegated NS record "a\.=b\."`))
 						ns := x.NSResources("a.")
 						Expect(len(ns)).To(Equal(1))
@@ -229,8 +228,8 @@ var _ = Describe("Xip", func() {
 			Entry("www", "www.sslip.io"),
 			Entry("a lone number", "538.sslip.io"),
 			Entry("too big", "256.254.253.252"),
-			Entry("NS but no dot", "ns-aws.sslip.io"),
+			Entry("NS but no dot", "ns-azure.sslip.io"),
-			Entry("NS + cruft at beginning", "p-ns-aws.sslip.io"),
+			Entry("NS + cruft at beginning", "p-ns-azure.sslip.io"),
 			Entry("test-net address with dots-and-dashes mixed", "www-192.0-2.3.example-me.com"),
 		)
 		When("There is more than one A record", func() {