In April, Mullvad provided sponsored DataPacket servers for GrapheneOS in Dallas and Frankfurt which each have 50Gbps peak bandwidth capacity. These now serve a large portion of the updates to GrapheneOS users and add a lot of capacity to our other services including our anycast authoritative DNS.

We also have sponsored servers from ReliableSite, Cherry Servers, Zare and Xenyth. There are a total of 8 sponsored servers where 7 are primarily update mirrors. The update mirror servers also serve our website and network services as a replacement for VPS instances for the locations we have them.

We host 2 anycast networks with our own ASN and IP space in order to self-host anycast DNS servers providing the authoritative DNS resolution for all of our services. Both IPv4 /24 blocks we use for anycast DNS were obtained for free via from ARIN via NRPM 4.10 along with the IPv6 space.

Our DNS servers use GeoDNS to direct connections to the lowest latency servers and implement automatic failover via health checks and 5 minute expiry for the DNS records. It provides a lot of redundancy for the many critical services used by GrapheneOS. We essentially run our own CDN for our users.

If one of our DNS servers goes down or fully loses connectivity, BGP routing across the internet will quickly adjust to send traffic to the other servers in the network. If a DNS resolver fails to get an answer from one of the anycast DNS networks, it will automatically fall back to the other one.

Our GeoDNS was recently massively improved via IPinfo.io sponsoring us with free access to their standard GeoIP database. They use over 1300 probes to scan the internet instead of relying on very inaccurate/incomplete WHOIS/geofeed data. We nearly always use the right server thanks to this database.

We need additional dedicated servers for updates and other services in APAC where bandwidth is more expensive (Singapore, Sydney and Tokyo). We also need another server in North America to go along with our 2nd server from Cherry Servers in Amsterdam used to provide our opt-in geocoding service.

We have enough bandwidth for updates in Europe and North America to handle quite a lot of further userbase growth. We do need additional servers for other things. Several other server providers contacted us with sponsorship offers but we mainly need several APAC servers now which is more costly.

A full list of our public-facing servers is available at https://grapheneos.org/articles/grapheneos-servers with links to repositories with the per-service configuration. The most interesting parts are BGP communities configuration for our anycast DNS networks and our email server hosted with Postfix/Dovecot/Rspamd.