roles/nginx: Use Linode DNS servers for OCSP resolvers

I didn't realize Linode had DNS resolvers, but they are much closer
than anything else (obviously).

Here is OpenDNS:

    # mtr --report 208.67.222.222
    Start: Sun Mar 22 15:31:50 2015
    HOST: mjanja                    Loss%   Snt   Last   Avg  Best  Wrst StDev
      1.|-- router1-lon.linode.com     0.0%    10    0.5   0.9   0.5   3.4   0.7
      2.|-- 212.111.33.233             0.0%    10    1.4   1.4   1.2   1.9   0.0
      3.|-- 217.20.44.194              0.0%    10    0.7   0.8   0.7   1.2   0.0
      4.|-- lonap.rtr1.lon.opendns.co  0.0%    10    1.2   1.1   0.9   1.4   0.0
      5.|-- resolver1.opendns.com      0.0%    10    1.0   0.9   0.8   1.0   0.0

And here is Linode's:

    # mtr --report 109.74.192.20
    Start: Sun Mar 22 15:32:30 2015
    HOST: mjanja                    Loss%   Snt   Last   Avg  Best  Wrst StDev
      1.|-- router2-lon.linode.com     0.0%    10    0.5   0.6   0.5   0.8   0.0
      2.|-- resolver1.london.linode.c  0.0%    10    0.4   0.4   0.3   0.8   0.0

Signed-off-by: Alan Orth <alan.orth@gmail.com>
This commit is contained in:
Alan Orth 2015-03-22 19:06:33 +03:00
parent ae8937eb96
commit bb55506464
Signed by: alanorth
GPG Key ID: 0FB860CC9C45B1B9

View File

@ -17,7 +17,7 @@
# OCSP stapling... # OCSP stapling...
ssl_stapling on; ssl_stapling on;
ssl_stapling_verify on; ssl_stapling_verify on;
resolver 208.67.222.222 208.67.220.220; resolver 109.74.192.20 109.74.193.20;
# nginx does not auto-rotate session ticket keys: only a HUP / restart will do so and # nginx does not auto-rotate session ticket keys: only a HUP / restart will do so and
# when a restart is performed the previous key is lost, which resets all previous # when a restart is performed the previous key is lost, which resets all previous