Discuss mailing list

[Peter Green <peter AT greenpete.co.uk>]

Hi,

I was simply looking at a way for me to lighten the load on the small server 
that I have, should I open it to the public.

I wasn't thinking of requiring personal details, just a request to add an 
I.P. to a system. I figured, on the page that lists the open T2s alongside 
where it indicates logging or not, you show use is by registration and a 
contact.

I wouldn't know who they were anymore than I know who the people are that 
attack my server every day.

So no, it wouldn't be centralized and it'd only make it more difficult to use 
that particular server, which is kind of the point.

On the point of attacks/loads shutting a server down, yes it does! I have a 
read one or two e-mails on this list saying they'd had enough and were 
closing. Maybe someone else can remember who they were?

I certainly wasn't suggesting it be a general policy either, just something 
that could be done, if the operator wanted or even felt they needed to do.

I wondered myself if checking an I.P. before answering it would add to the 
load significantly and I figured that it would depend on how many were on the 
database, reading plain text files is very fast for a computer though, so I 
would think not. Maybe others would disagree? 

As for seeing OpenNIC as our nerdy side project, that made me laugh! For me 
it's about free speech and is "Open", however, it's also voluntary and I pay 
for my server and I have to keep it up and running. If OpenNIC ever starts 
paying me to run it, then I'll run it however they ask, until then I will 
consider all possibilities in order to keep the boat afloat whilst still 
being able to give to something I believe in.

Peter

Wanged from my Kaiser by a mischievous pixie!

Travis McCrea <me AT travismccrea.com> wrote:

>I still see two additional problems with this:
>1) Would this be centralized? Where would a person register? 
>2) Will this make it more difficult to use OpenNIC? If we are going to aim 
>for wide spread adoption, we need to make it very easy for people. One of my 
>jobs is to do Internet tech support for people, and I have a hard enough 
>time explaining to them what a "browser" is, let alone trying to get them to 
>figure out what their IP address is. 
>
>If this was actually done, I would rather it be a system that would play out 
>like this:
>
>You set OpenNIC as your DNS - T2 does DNS query and sees IP address isn't 
>matched in the system, so it redirects the user to the page that says "click 
>here to use OpenNIC" or something along those lines. Then they can go about 
>their way with no further problems. 
>
>The other question I would have is: In any system like this, you are going 
>to have to check the IP address against a database every time there is a 
>query made. That would be destined to slow the query time by a significant 
>amount, I would think.
>
>Furthermore, if this was carried out, I believe T2s should only do this 
>optionally. It should not be a requirement of a T2 to implement this system.
>
>The final question is: is there a /need/ for this? I know that our T2's get 
>hit sometimes with attacks… but I haven't heard of it being a major problem 
>that is brining services offline. 
>
>I think we need to start looking at OpenNIC as more than just our little 
>nerdy side project that we like working on, and realize that this is quickly 
>becoming a public service to people who are disenfranchised with ICANN and 
>are looking for a realistic alternative. It needs to be as easy to switch to 
>OpenNIC as possible, at least until we hit critical mass where we have 
>enough people using us that if we create a change everyone will just go with 
>it because it's just what they have to do because everyone uses OpenNIC 
>
>
>On 2012-04-03, at 5:32 PM, Maximi89 wrote:
>
>> if the majority use OpenNIC so some day we can say can you open this 
>> domain? 
>> 
>> that will be good, as far as i think we need redundancy so that way we can 
>> offer a website in both zonespaces, so it never will lost the users.
>> 
>> 2012/4/3 Brian Koontz <brian AT opennicproject.org>
>> Peter--
>> 
>> Actually, this has been discussed, and I know of at least one T2
>> server that is "subscription only."  My T2's require occasional hits
>> on OpenNIC domains before ICANN domains are resolved.
>> 
>> The vast majority of traffic handled by most T2's is for
>> ICANN-namespace domains.  It has never been the intent of OpenNIC to
>> compete with the likes of Google and OpenDNS as public nameservers
>> simply for the sake of being a public nameserver.  And we (the admins)
>> have had extensive discussions over how to rank T2's based upon
>> "trust."
>> 
>> With LDAP in place, I can see a central registry being set up that
>> would allow T2 operators to optionally allow access only to registered
>> IP addresses.  I don't know how feasible this would be, so I'll have
>> to let the LDAP experts chime in on this one.
>> 
>>  --Brian
>> 
>> On Tue, Apr 03, 2012 at 01:58:54PM +0100, Peter Green wrote:
>> > Hi all,
>> >
>> > I'm wondering about the pitfalls of open D.N.S. servers and D.N.S. 
>> > security generally.
>> > Would it make sense, and be possible to offer (free) accounts to people 
>> > that apply for this service?
>> >
>> > Maybe we need open D.N.S. servers, but is there a place for account 
>> > holder only servers?
>> >
>> > People on the move and with dynamic addresses wouldn't be so easy to 
>> > serve but the home desktop and routers on static I.P.s might like the 
>> > added security.
>> >
>> > If this was done, when people sign up for an account, they can subscribe 
>> > to a newsletter or mailing list keeping them up to date with any 
>> > maintenance or changes to the server.
>> >
>> > If account holder only recursion is done, and the server is more secure 
>> > it might make the service more desirable to use?
>> >
>> > I'm guessing there's a simple way to restrict I.P. addresses in the BIND 
>> > config file to allow account holders to access the D.N.S. server?
>> >
>> > Sorry if this has been covered before.
>> >
>> > Peter
>> >
>> > Wanged from my Kaiser by a mischievous pixie!
>> 
>> --
>> OpenNIC (the sequel) co-founder and wikimaster
>> IRC: Freenode.net channel #opennic
>> 
>> 
>> 
>> -- 
>> Maximiliano Augusto Castañón Araneda
>> Santiago, Chile
>> Linux user # 394821
>> 
>> Skype: maximi89
>> MSN: maximi89 AT gmail.com
>> XMPP/Jabber: maximi89 AT gmail.com
>