Discuss mailing list

[Travis McCrea <me AT travismccrea.com>]

I still see two additional problems with this:

1) Would this be centralized? Where would a person register? 

2) Will this make it more difficult to use OpenNIC? If we are going to aim for wide spread adoption, we need to make it very easy for people. One of my jobs is to do Internet tech support for people, and I have a hard enough time explaining to them what a "browser" is, let alone trying to get them to figure out what their IP address is. 

If this was actually done, I would rather it be a system that would play out like this:

You set OpenNIC as your DNS - T2 does DNS query and sees IP address isn't matched in the system, so it redirects the user to the page that says "click here to use OpenNIC" or something along those lines. Then they can go about their way with no further problems. 

The other question I would have is: In any system like this, you are going to have to check the IP address against a database every time there is a query made. That would be destined to slow the query time by a significant amount, I would think.

Furthermore, if this was carried out, I believe T2s should only do this optionally. It should not be a requirement of a T2 to implement this system.

The final question is: is there a /need/ for this? I know that our T2's get hit sometimes with attacks… but I haven't heard of it being a major problem that is brining services offline. 

I think we need to start looking at OpenNIC as more than just our little nerdy side project that we like working on, and realize that this is quickly becoming a public service to people who are disenfranchised with ICANN and are looking for a realistic alternative. It needs to be as easy to switch to OpenNIC as possible, at least until we hit critical mass where we have enough people using us that if we create a change everyone will just go with it because it's just what they have to do because everyone uses OpenNIC 

On 2012-04-03, at 5:32 PM, Maximi89 wrote:

if the majority use OpenNIC so some day we can say can you open this domain?

that will be good, as far as i think we need redundancy so that way we can offer a website in both zonespaces, so it never will lost the users.

2012/4/3 Brian Koontz <brian AT opennicproject.org>

Peter--

Actually, this has been discussed, and I know of at least one T2
server that is "subscription only."  My T2's require occasional hits
on OpenNIC domains before ICANN domains are resolved.

The vast majority of traffic handled by most T2's is for
ICANN-namespace domains.  It has never been the intent of OpenNIC to
compete with the likes of Google and OpenDNS as public nameservers
simply for the sake of being a public nameserver.  And we (the admins)
have had extensive discussions over how to rank T2's based upon
"trust."

With LDAP in place, I can see a central registry being set up that
would allow T2 operators to optionally allow access only to registered
IP addresses.  I don't know how feasible this would be, so I'll have
to let the LDAP experts chime in on this one.

 --Brian

On Tue, Apr 03, 2012 at 01:58:54PM +0100, Peter Green wrote:
> Hi all,
>
> I'm wondering about the pitfalls of open D.N.S. servers and D.N.S. security generally.
> Would it make sense, and be possible to offer (free) accounts to people that apply for this service?
>
> Maybe we need open D.N.S. servers, but is there a place for account holder only servers?
>
> People on the move and with dynamic addresses wouldn't be so easy to serve but the home desktop and routers on static I.P.s might like the added security.
>
> If this was done, when people sign up for an account, they can subscribe to a newsletter or mailing list keeping them up to date with any maintenance or changes to the server.
>
> If account holder only recursion is done, and the server is more secure it might make the service more desirable to use?
>
> I'm guessing there's a simple way to restrict I.P. addresses in the BIND config file to allow account holders to access the D.N.S. server?
>
> Sorry if this has been covered before.
>
> Peter
>
> Wanged from my Kaiser by a mischievous pixie!

--
OpenNIC (the sequel) co-founder and wikimaster
IRC: Freenode.net channel #opennic

--
Maximiliano Augusto Castañón Araneda
Santiago, Chile
Linux user # 394821

Skype: maximi89
MSN: maximi89 AT gmail.com
XMPP/Jabber: maximi89 AT gmail.com

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail