New server for desec.io

I want to add my server into desec.io .
What desec.io need?
In Iran network connectivity might be a problem for clients. I need to add a node into desec.
What do you need ?

Hi sweb,

Thank you for your question, and welcome to deSEC!

Before I can say anything helpful, can I ask you to describe your use case / motivation in a bit more detail? In particular, are you planning to have a deSEC frontend server in Iran that works for all deSEC domains, or are you only interested in using it for your own domains which you host at deSEC?

Stay secure,
Peter

1 Like

Simple: More availability for dsec.io all platform and domain, not just for my own domains. Consider is another type of helping to this awesome open platform.

As you can see about network problem in Iran, use case is when problem occur users from Iran have problem to connect outside of Iran is better to we have a dns slave node inside of Iran that serve last updates from master data until the network is back again.

Dear Muhammad,

as things are right now, we only run one instance of our core API, one instance of our “source of truth” DNS database, one DNS signing server, and have only one instance where secret keys are stored. Storing secret keys in Germany, a jurisdiction with with we are familiar and where we know our rights and how to assert them, is a key feature that deSEC offers. As we are unfamiliar with Irans laws and thus have no means of asserting data security in Iran, we do not want to run a signing server there (or anywhere outside Germany). This means that we can’t offer our API on a Iranian server.

On the other hand, having a deSEC frontend in Iran is certainly conceivable, however difficult by legal and organizational circumstances. Currently, we run frontend DNS servers in anycast networks provided by third party companies, which do not offer servers in Iran, and are unlikely to expand their operations to Iran. That being said, when security standards are met and funding is available, expanding our frontend network is something that we are happy to do. If you can help solving these difficulties – providing affordable and reliable anycast services in Iran – and are able to provide (at least some) funding for it, let’s start looking into this. Note, this does not provide API operations in Iran when global connections are lost, but would ensure that hosted website remain available during outages.

Best,
Nils

1 Like