Hacker News new | past | comments | ask | show | jobs | submit login

At the risk of splintering interest: Algo[1] and Streisand[2] are two popular open source projects that do nearly identical things. Both also have the advantage of supporting a wide variety of cloud providers by default. Algo installs the absolute minimum needed to get you online with a well-configured VPN; Streisand comes with a whole bunch of bells and whistles (including some that are easy to misconfigure).

FD: My employer maintains Algo.

[1]: https://github.com/trailofbits/algo

[2]: https://github.com/StreisandEffect/streisand




We can't talk about these without talking about nextdns.io which, in my opinion, is the most elegant way of solving this problem.

I wanted to run a pihole for years but never got around to building it into my dns infrastructure. Nextdns, on the other hand, was a quick afternoon setup ...


Maybe NextDNS is more elegant or easier to set up, but I felt that depending on its free plan was too risky (what if it eventually goes away?) and didn't really want to pay for a subscription when I already had a server at home to run PiHole on. I didn't really like needing to go over the Internet to configure it either - the PiHole admin panel is just another intranet site.


That it's easy to set up means there's no risk to it going away because you haven't invested in it.


It's good that NextDNS exists, but I can't help feeling that having your main site make the kind of third-party requests you'll likely want blocked by their service is kind of a marketing faux pas to say the least.


Just to drive his point home, it takes 5 minutes to get nextdns.io up and running. Want ad-blocking/domainblocking on your mobile phone? Install the app, enter the code and you're done. I used to have a pi-hole, but the rpi broke so now I only use nextdns.io for everything. But you're not in control since it's in running in the cloud, so there's that.


You can get better performance with a pi and Unbound locally in most cases.

50ms latency vs <1ms for unbound cached entries


This is a weak argument as pi-hole needs to go to a resolver or perform recursion itself which will give you the same latency or worse. The 1ms latency will only apply to already cached entries that are also cached by you OS anyways, whichever solution you are using.

If you configure NextDNS on a router, your router will perform the exact same caching pi-hole is doing, so it will make no difference performance-wise.


Can't speak for streisand, but algo is amazing.

I originally wanted to use that for "baremetal" type deployments, but ultimately was having trouble with the systemd-resolve service. Probably my own ignorance, but ultimately felt I could make a more secure alternative with docker :)




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: