Rethink DNS costs $1500 per month; we need your help to fund it

Hi F-Droid community,

As of this month, Rethink DNS (the resolvers, sky and max) serves over 300m reqs / day (ref), and consumes over 30TB in bandwidth.

The costs are significant as traffic continues to ramp up, trending towards $1500 for this month. It was ~$800 the last month, and ~$500 the month before that.

We’ve applied for grants from organizations that support privacy and security initiatives, but without much success. This isn’t unexpected for a team like ours that’s based in India (for reasons I’ll keep to myself).

I have long held the belief (see) that consumer-focused FOSS projects cannot merely rely on sponsors (individuals or otherwise), and so, I’ve always been apprehensive of asking for donations. The mounting costs, however, leaves me with no other choice than making a plea seeking financial help.

Please go here, if you’re so inclined: Stripe Checkout (it is a Stripe payment link, and accepts Credit Cards only). Unfortunately, cryptocurrency cannot be used to pay invoices (legally at least), and so, those won’t help.

Thank you.

PS I promise we’ll figure out a way to reduce the costs and start charging for the service to whoever would pay. Today’s announcement does not mean the free Rethink DNS resolver, despite its current predicament, is going away. I’ll continue to fund it out of my own pocket for as long as I can, as me and my friends working on this project always have.

I’d like to point out that some of the cost reductions I am already working on has been made possible due to tremendous amount of support by our main infrastructure provider, Cloudflare (sky). The people I’m acquainted with who work there are fabulous. I am not sure if I can name names without their permission, but they know who they are. Thank you from the bottom of my heart.

OOC, did you apply at https://fossunited.org/ or GitHub - fossunited/indiafoss: Free and Open Source Software conference management by the FOSS United community.
Frappe and Zerodha are regular in oss donations, though I completely distrust 0dha. They are one big time. …
Just suggesting. There are Gov based options too, but I doubt they do anything in reality.

Using microservices/workers seems awful costly.
Have you considered running a few bare metal servers located in the regions where you have most users?
Run the DNS and geo load-balancing yourself.
Even if you keep the workers for less utilized regions, and have your servers act as primary offload?

True. Though, I must say TCO (total cost of ownership) works out in favour of Workers (sky), for a workload like DNS which has to be up and running pretty much all the time. This is a tall ask for a team of just 1 person

max runs on ~50 servers (not baremetal) fronted by anycast IPs but it requires constant maintenance and has a higher downtime compared to sky (which runs on Workers). We do 5m reqs per $1 today with Workers. The figure is ~10m for $1 for max.

The new Workers architecture we’re working on (and if its works) will bring down costs by 10x, ie ~50m per $1.

(PTSD from having worked on massive distributed systems at AWS, I’d rather not touch them with a ten foot pole, even if it is for a stateless, highly-distributable service such as DNS)

Another thing. Since you are in India, I would suggest (unless in a state which has high power outage), why not deploy at home? JIO fibre or JIO airfibre should be avoided as they track usage and are not e2ee, and moreover they block/censor a lot (aaaaa lotttt). TataSky is only IPV6 in static and is not good for heavy traffic.
Airtel and Vodafone are not stable enough. You can try local isp which provides static IP as well as fast resolution.

Thanks. This is not an option since our users are spread across the globe.

(As for FOSS United, we are in touch with them, but they usually fund project development not sustenance).

@ignoramous

have you considered adding an “early-abort” mechanism to serverless-dns for common lookups?
from what I understand the blocklists need to be downloaded each DNS request from the worker, but for extremely common/well-known/never blocked domains you may consider adding a fast-path that skips such download.

things like connectivity check domains would be low hanging fruit, and you probably have more insight into highly request domains.

edit:
you could also use the public suffix list to filter for actual valid tlds before continuing to process a lookup as to not waste resources on things like lan domains or onions.

This is something we could (and should eventually) do to speed lookups (cloudflare maintains top 1m domains, for example), but unlikely to materially change how much we pay.

We already do so and reply from either in-memory cache, or in-data center cache.

But we could also do super super early abort (using a different yet unreleased Cloudflare product, not Workers, to which we will get access to and hopefully sooner) at 50m reqs per $1 on Cloudflare (sky). That’s what we must work on next once Rethink DNS + Firewall v055b (app version) is out.

This fast path exists

1. The blocklists are split into 3 equal parts (so they could be downloaded in-parallel) and cached in-data center (ref).
2. The actual DNS resolution is simply forwarded to max if the blocklist is not found in caches (taking longer than 250ms to construct: ref).

Oh didn’t knew rethink was Indian. Feeling pretty proud. And to see this many replies from Indians here makes me feel nice.

I kinda followed Lumière Élevé so thought It was from Taiwan. But searching (her?), feels like she is all over the world.

Man, Internet is weird.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.