Thanks to everyone that has signed up to our public beta testing. I look forward to receiving everyone’s feedback!
The NAT VPS testing will not be taking on anymore testers for now. For everyone that has joined the beta you will have your VPS’ for a minimum of 3 months.
We still have beta testing slots for our shared hosting platform if anyone is interested.
@Mr_Tom said:
Where abouts in the UK are these location?
How much IPv6 will they come with?
They are located in rapidswitch DC5 Maidenhead
They come with a single IPv6 address although I can supply huge numbers of additional address space FOC when requested.
If you'd lie to test one drop me a DM.
@yoursunny said:
How do you authenticate that the requesting user actually own the domain?
Many existing NAT providers would allow any user to claim any domain, if it hasn't been claimed by another user.
This enables a malicious user to claim a domain they do not own.
It would cause damage if the true owner also signs up for your service and receives a container on the same public IPv4.
A potential solution is to require a unique DNS record that contains a system-generated token, to ensure the user owns the domain.
This system has been adopted, among others, Google Search Console, to verify domain ownership.
At the moment we only check if an A record exists and is pointing and propagated to the proxy server when a user is setting up SSL. Domains can only be added to the proxy once and we perform unique checks to validate this.
There is also a daily cron which removes any domains from the proxy that do not have a valid A record in place.
It is possible for us to enforce a txt record to be created before allowing the domain to be added to the proxy and it is something that we're investigating although we don't want to over complicate things for our clients initially.
If this becomes and issue or we deem it to be needed we actually have the code in place and we can enable the feature.
I thought about this more.
The TXT record isn't necessary.
Instead, the proxy service can check for AAAA record to determine which container owns the hostname, and then send the traffic into this container.
Push further, it isn't necessary to run any API call altogether.
Instead,
Whenever the proxy service receives a request for a hostname it hasn't seen before, it retrieves the AAAA record of this hostname.
Based on the AAAA record, it determines which container owns the hostname, and sends traffic to that container's private IPv4 address.
The mapping is cached in memory, and rechecked a few seconds before DNS TTL expiration. This avoids the DNS resolution latency incurred for the next request.
If a hostname mapping hasn't been requested in last 24 hours, don't recheck it anymore and let its cache entry expire. This limits overhead.
Each container is allowed a certain number of cached hostname mappings (e.g. 256). If this limit is exceeded, the cached entries are evicted per LRU algorithm. This prevents the attack where too many hostnames are pointed to a container, overwhelming the cache capacity in proxy service.
This would bring a truly streamlined experience because the user doesn't need to type any commands or fiddle with any control panels.
Put in the A + AAAA records, and it just works.
Wish you all the best for your upcoming endeavor! Just a piece of advice: don't use billing automation solutions with unreliable pricing strategies such as WHMCS in this market segment where profit margins are razor thin, if any
Comments
I am also interested
Interested, thanks!
DMd
Thanks to everyone that has signed up to our public beta testing. I look forward to receiving everyone’s feedback!
The NAT VPS testing will not be taking on anymore testers for now. For everyone that has joined the beta you will have your VPS’ for a minimum of 3 months.
We still have beta testing slots for our shared hosting platform if anyone is interested.
I have experience in using NAT VPS. I hope I can help you
Where abouts in the UK are these location?
How much IPv6 will they come with?
They are located in rapidswitch DC5 Maidenhead
They come with a single IPv6 address although I can supply huge numbers of additional address space FOC when requested.
If you'd lie to test one drop me a DM.
Based off feedback on the Proxy Service I have added an additional tool for automatically adding lets encrypt certificates. This is in our knowledge base: https://clients.natvps.uk/index.php?rp=/knowledgebase/1/NATVPS-Reverse-Proxy-Server
I thought about this more.
The TXT record isn't necessary.
Instead, the proxy service can check for AAAA record to determine which container owns the hostname, and then send the traffic into this container.
Push further, it isn't necessary to run any API call altogether.
Instead,
This would bring a truly streamlined experience because the user doesn't need to type any commands or fiddle with any control panels.
Put in the A + AAAA records, and it just works.
If IPv9-enabled, @yoursunny will offer the OP some pushups
-deleted-
late. unfortunately. -_-
Interested if still available
| Psikolog Jogja | Biro Psikologi Jogja |
I would like to try this out.
Wish you all the best for your upcoming endeavor! Just a piece of advice: don't use billing automation solutions with unreliable pricing strategies such as WHMCS in this market segment where profit margins are razor thin, if any
Recommend: MyRoot.PW|BuyVM|Inception Hosting|Prometeus
Just curious, but do you provide each client an address from a separate /64?
Nice. iomart offered me this as a location instead of York when I was looking recently.