![]() If we would prefer to put the sync service into this codebase, I have ideas for that let's discuss the proposal here. If approved, I can also draft up and example sync service. #1649 is a draft PR of my plan of attack. It may actually be better to eventually put this into the core, but webhooks would be a good first step. The microservice could even be very clever and do bi-directional sync if it could diff the changes. Then, rather than baking the config sync service into AdGuardHome, we could write another small microservice that waits for webhooks and pulls config from the primary, then pushes it to all secondary nodes. Have a short timeout, and run the hook in a gofunc or something so it doesn't block if the hook is sluggish. Create some new configuration that allows users to specify a webhook destination as the tuple, and fire a webhook at the target(s) when these update.Hook into home.onConfigModified to fire a webhook asyncronously when the config is updated, and tell the hook which event caused it.This is the simplest and most robust solution I could come up with.Įnumerate a set of hookable events, for example:ĭnsConfig EventType = "dns_config" DnsRewrite EventType = "dns_rewrite" DnsSafeBrowsing EventType = "dns_safe_browsing" DnsAccess EventType = "dns_access" DnsParental EventType = "dns_parental" DnsSafeSearch EventType = "dns_safe_search" BlockedServices EventType = "blocked_services" Dhcp EventType = "dpcp" Stats EventType = "stats" Private EventType = "private" QueryLog EventType = "query_log" Filter EventType = "filter" FilterRule EventType = "filter_rule" I18N EventType = "i19n" Client EventType = "client" Tls EventType = "tls" (Note: Blocky referenced above does not have this feature, it just makes it easier to deploy 2 duplicate instances based on stateless config - whole different ballgame) My Proposal I also want to stress that I don't think this issue has been adequately labeled: based on dozens of attempts by users on reddit and pihole forums and hundreds of participants on those threads, a lot of people want this. I'm interested in contributing here because I think AdGuard's code quality is leagues ahead of PiHole. I'd like to explore a potential solution which I think would give AdGuard a edge against competitors: webhooks. This issue is about config synchronization, which is a blocker to running multiple instances of AdGuard for High Availability. ![]() It should be communicated that load balancing is completely out-of-scope for this project. It's not about load balancing - if you want load balancing, use HAProxy. FWIW this is the most upvoted, not implemented, feature over at Pi-Hole so there is demand and I suspect implementing it would win many a customer over.įirst, let's clearly establish the purpose of this feature. It'd be a great advantage if the web UIs allowed for synchronisation of config which would make managing multiple instances substantially easier and encourage more secure measures. Right now thats possible no doubt, but any whitelist, blacklist etc etc will need to be manually applied to two servers. Ideally rather than the other DNS server being a public one, it could be another Adguard instances so irrespective of what server is used, the traffic is protected. Either the router will have one DNS server configured which is expected to go down occasionally, or theres multiple and traffic 24/7 will be going to both. There's various reasons to want to want to run multiple instances, with the main one being people simply may need to reboot a system from time to time. Even if one was used more frequently than another, that leaves a percentage of requests going to a different DNS server and if thats not an Adguard server the security measures provided by this product are null and void for those requests. Generally if multiple DNS servers are configured, they will both be used. Routers don't strictly have a primary and secondary DNS in the sense that ones a backup only server, it's just poor terminology that gets used around the place and whether a router favours one DNS server over another is up to implementation and vendor. Think this should be reopened and made a feature request.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |