Except that a DNS Challenge does not require inbound requests to your server.
You have AWS services sending requests inbound to you? Because from my own AWS EC2 server on US East Coast I cannot reach you.
3 Likes
Yes, sorry, I was fixated on HTTP-01/TLS-ALPN-01.
Not inbound AWS traffic, just outbound. I reckoned if there was a reason to block (political or otherwise), it would be bidirectional.
That confirms it. My previous IP was reachable from US West Coast (albeit with the terrible RTT of 200 ms).
2 Likes
Neither am I. However my last /64 prefix delegation fell within 2405:201:e000::/37
Which leads me to wonder - what changed?
Here's what bgp.he.net had to say:
The prefix 2405:201:e000::/37 is not visible to any of the major Internet backbones.
Total Visibility 29/806 Collector Sessions4% 29/806
I think it's likely my ISP is announcing this route to immediate regional peers but not further upstream. That could explain why (most of?) EU/Asia but not NA are able to reach my IP.
Edit: I ran some peers through ipinfo.io. I think this concludes it. AS nets in France, Amsterdam, India, Bangladesh, Singapore, US (only AS36236), Brazil, etc. see the route, but not others. Takeaway here would be investing in a better ISP or cloud provider for serious hosting.
2 Likes