1. 14 May, 2022 2 commits
  2. 29 Apr, 2022 2 commits
    • Evangelos Foutras's avatar
      geomirror: bump TTL to 86400 for NS records · 6878066d
      Evangelos Foutras authored
      In an effort to stay consistent with the TTL used for the archlinux.org
      and pkgbuild.com NS records, as well as slightly improve lookup latency.
      6878066d
    • Evangelos Foutras's avatar
      geomirror: leverage LUA records for failover+GeoIP · b3ec0204
      Evangelos Foutras authored
      PowerDNS provides a neat way to implement GeoIP-based redirection and
      automatic failover. With GeoLite2-City database, it is able to select
      the closest mirror from a list of IPs we provide. Every 60 seconds it
      also checks if the mirror's HTTPS URL is working as expected; if that
      check fails, it stops giving it out (this acts as automatic failover).
      b3ec0204
  3. 15 Apr, 2022 1 commit
    • Kristian Klausen's avatar
      Avoid single point-of-failure for our GeoIP domain · aa359082
      Kristian Klausen authored
      We don't want mirror.pkgbuild.com's DNS server to be a
      single-point-of-failure, so this commit adds multiple authoritative DNS
      servers for the zone. The extra DNS servers are run on the geomirror
      servers.
      
      The _acme-challenge zone, used for obtaining certificates, is run solely
      on mirror.pkgbuild.com's DNS server, to avoid syncing DNS records
      between the servers (KISS).
      aa359082
  4. 13 Apr, 2022 1 commit
    • Kristian Klausen's avatar
      Add GeoIP domain for our sponsored mirros · 9f65f99c
      Kristian Klausen authored
      We had a GeoIP mirror in the past based on nginx and its GeoIP module,
      but it didn't perform very well, due to the high latency (asking a
      central server for the package and then redirected to the closest
      mirror).
      
      One of the reasons for offering this service, is so we can relieve
      mirror.pkgbuild.com which is burning a ton of traffic (50TB/month),
      likely due to it being the default mirror in our Docker image. Another
      reason is so we can offer a link to our arch-boxes images in libosinfo
      (used by gnome-boxes, virt-install and virt-manager), with good enough
      performance for most users.
      
      This time we take a different approach and use a DNS based solution,
      which means the latency penalty is only paid once (the first DNS
      request). The downside is that the mirrors must have a valid certificate
      for the same domain name, which makes using third-party mirrors a
      challenge. So for now, we are just using the sponsored mirorrs
      controlled by the DevOps team.
      
      Fix #101
      9f65f99c