Discuss mailing list

[Julian DeMarchi <julian AT jdcomputers.com.au>]

heya--

OpenNIC project for the last 2 or so years has had major issues with
DDOS and abuse traffic. Some members have tried to solve this by
monitoring their logs and creating scripts to catch such abuse. However,
when the problem has started it is hard to curtail. You block, but the
traffic still comes and uses bandwidth.

I think the time has come for OpenNIC to no longer have open resolvers
and move to a subscription based service. My idea would be to have an
OpenNIC sponsored site which IPs could be registered to allow them to
talk to our pool of T2 servers. Registered IPs would then have a
subdomain created like, $ip.white.opennic.glue. white indicates whitelist.

We have had scripts before which block the first DNS attempt, then
checks if the IP is authorized then will add them to the allow list
dynamicly in bind. I think the theory here would be, the script would
check if the domain 127.0.0.1.white.opennic.glue exists, if it does, add
to the allow list.

Any registered IP will not be assoicated to any user at all, so no
information can be gathered from our user base.

Thoughts, ideas?

--julian