this post was submitted on 09 Aug 2024
40 points (100.0% liked)

Selfhosted

39435 readers
2 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
40
submitted 4 months ago* (last edited 4 months ago) by [email protected] to c/[email protected]
 

Hi guys for those of you that use pi-hole (or similar solutions like adguard home, etc) and wireguard how far away can you be from your wireguard/pi-hole server before latency becomes a major issue?

Also on a side note how many milliseconds of latency would you guys consider to be to slow?

Edit I meant dns latency sorry for not mentioning

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 4 months ago (2 children)

I have Wireguard and I forward DNS and my internal traffic from my phone over the VPN to my pi-hole at home. All other traffic goes directly over the Internet, not the VPN. So that means only DNS encounters higher latency.

However, because a lot of companies do DNS based geo load balancing that means even if I'm on the east coast all my traffic gets sent to the West Coast because my DNS server is located there. That right there has the biggest impact on latency.

It's tolerable on the same continent, but once I start getting into other continents then it gets a bit slow.

[–] [email protected] 2 points 4 months ago (1 children)

Interesting I always assumed they used ip not dns for geo locating cdns.

[–] [email protected] 2 points 4 months ago

There's two main ways of doing geo-based load balancing:

  1. IP Any-casting - In this case, an IP address is "homed" in multiple spots and through the magic of IP routing, it arrives at the nearest location. This is exactly how 1.1.1.1 and 8.8.8.8 work. It works fine for stateless packets like DNS, however it has some risks for stateful traffic like HTTP.
  2. DNS based load balancing. A server receives a request for "google.com", looks at the IP of the DNS server and/or the EDNS Client IP in the DNS query packet and returns an IP that's near. The problem is that when you're doing Wireguard, it goes phone -> pi-hole (source IP is some internal IP) -> the next hop (e.g. 1.1.1.1 or 8.8.8.8), which sees the packet is coming from your home/pi-hole's public IP. Thus it gets confused and thinks you're in a different location than you really are. Neither of these hops really knows your true location of your phone/mobile device.

Of course, this doesn't matter for companies that only have one data center.

[–] [email protected] 2 points 4 months ago (1 children)

Would it be better to route that directly? I'm not really understanding the complexity I guess.

[–] [email protected] 2 points 4 months ago* (last edited 4 months ago) (1 children)

Sorry, what do you mean route it directly? Maybe I didn't clarify well enough.

My DNS is routed over the VPN but Internet traffic is routed directly. The problem is the load balancing is done based on where the DNS server is so say Google even though the traffic egresses directly to the internet bypassing the VPN it still goes to a Google DC near my home. Not all websites do this so its not always an issue.

[–] [email protected] 2 points 4 months ago

Sorry about that, I missed the part about this being for your phone.