Skip to Content.
Sympa Menu

discuss - Re: [opennic-discuss] Router config for tier 3 dns

discuss AT lists.opennicproject.org

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] Router config for tier 3 dns


Chronological Thread 
  • From: Jonah Aragon <jonaharagon AT gmail.com>
  • To: discuss <discuss AT lists.opennicproject.org>
  • Subject: Re: [opennic-discuss] Router config for tier 3 dns
  • Date: Sat, 17 Dec 2016 18:34:49 -0600

Consider yourself lucky to have actual people listening to you at your ISP instead of the corporate Comcast zombies I get ;)

Definitely setup those IPTable rules, and everything should work great.

How did you setup your server, did you use the srvzone script or something else?

Jonah


On Dec 17, 2016 6:31 PM, "JC" <jc AT motorsports-x.com> wrote:
I have let my isp know what I'm doing (small rural company)   and they have let me know they would provide assistance in the event of  ddos attack.   Frankly they are just  happy to have someone pay for top tier service lol.   

I have reviewed the security section.  I have not yet modified the ip tables but   I will definitely be.  I'm running ubuntu 16.04

On Dec 17, 2016 6:08 PM, "Jonah Aragon" <jonaharagon AT gmail.com> wrote:
Sounds like you should be fine. The reason we don't include router config is because generally Tier 1/2 servers are run from cloud providers or hosting datacenters as opposed to at home.

If all you've done is forwarded 53 to your DNS server it should be good.

Keep in mind that Tier 2 servers are susceptible to usage in DNS recursive attacks (DDoS basically), which your ISP may not take kindly to, have you followed the Tier 2 security page? What OS is your server running and are you using BIND or some other program? If you have any other questions about configuring your server feel free to email me and I can help you out.

Jonah


On Dec 17, 2016 4:46 PM, "JC" <jc AT motorsports-x.com> wrote:

I have my server up and running.. My fiber will not be fully installed until thursday however.    :(    in the mean time,  i would like to go ahead and make sure everything is ready to start up as soon as I'm connected.     The instructions on the website stop  short of router config...least far as i can tell.  

 so far I have not found a good guide in google but got a genral idea.  I have my firewall set to allow in/out  udp and tcp port 53  request,  and have forwarded allof it  to the servers local address. .. Now i just want to make sure the other devices on my network are locked down and to make sure there isn't something else i have to do.  I def don't want someone probing my file server at night.  Lol   

On Dec 16, 2016 11:57 AM, "JC" <jc AT motorsports-x.com> wrote:
Hi Jonah, 

Thanks for your reply... Thank you for the information on the charter process, and the link. I will review this. 

In regards to your confusion about the usage of the TLD.   This is meant to be a public network.  The TLD  would help us simplify configurations, and to provide services that we think are important to our user base.  Just to be clear... Everything about our system... the hardware, the software,  the server back-ends, and the domains are ALL meant to be open, as much as possible. everything is meant to be public and peer reviewed.  I am not quite ready to talk about what exactly we are doing, but suffice to say.. I believe heavily in openness from a security, and advancing technology stand point...I still have to formulate a clear picture of registration/renewals processes.. but I have some ideas that I will release when our prototype units are completed, and configurations are working.   Yes we are trying to generate cash,  but that cash is essentially payment for the injection molding and hosted servers to make the network work.  

Also, I'm aware of the DNS issue that most computers are currently not pointing to a opennic server... this might be a bit of a tease, but one of the  pieces of the puzzle  we are working on, SHOULD end up  making that problem a non issue.   Again, not ready to go into to much detail, but I thought about this a lot in  regards to ways to mitigate DDNS attacks, and having the TLD makes it even more of a win win situation for everyone.  (give me some time! I promise I will get these prototypes out there  as soon as possible)


Thank you very much for replying.. I'm going to work on getting my tier 2 up and running, and then will move on to figuring out how to go tier 1.   Im having my connection changed over to Fiber this weekend, and I will be static  going forward.. Hopefully I can have tier 2 up and running in a couple of weeks MAX.  I look forward to being a contributing part of this community!


JC

On Fri, Dec 16, 2016 at 11:36 AM, Jonah Aragon <jonaharagon AT gmail.com> wrote:
Hi JC, hopefully the following provides some insight into how we work :)

On Fri, Dec 16, 2016 at 10:41 AM <jc AT motorsports-x.com> wrote:
as for my questions.  Just a couple of basic ones about your process..  Our
hardware that we are building will also be based on a network of communication
and pass through servers.  these servers are the number 2 most critical aspect
of our plans.  Having a TLD extension to match our network would be absolutely
wonderful, as we could then issues domain names to each user.  I cant tell you
how far this would go to helping us.  So I'm curious what your process looks
like?  I saw that its a community based decision making process,   so I really
would like to understand what you guys are looking for when someone comes to
you for a new extension.

The process is somewhat simple on a technical level. You need a Tier 1 DNS server setup as the authority for your TLD, a registration process, some email addresses setup, and a charter written. The charter should include exactly what you plan to do with your TLD, how registration/renewals/terminations work, abuse guidelines, etc. You can look at the one I wrote for .o here, as an example: https://www.moderntld.com/about/charter/

On Fri, Dec 16, 2016 at 10:41 AM <jc AT motorsports-x.com> wrote:
now that I know about your existence, I would like to set up
a DNS server.  I would like to become a contributing member NOW so that in a
years time, I will have hopefully earned a bit of support with our project. 

The best way to do this now is to be active in this mailing list and/or our IRC chat (#opennic on Freenode), and--especially if you want to be a TLD operator at some point--running 1+ Tier 2 servers would be incredibly helpful, both to support the infrastructure and prove your DNS experience (see: http://wiki.opennicproject.org/Tier2ServerConfig). 

Honestly though, I'm a bit confused about your intentions for your TLD, should it be added to the network. You say "Having a TLD extension to match our network" which sounds to me like you want to run a private, internal TLD for yourself; but OpenNIC is more geared towards running an open registration system as an alternative to ICANN. You'd need to allow registrations from community members for example, you couldn't have .YOURTLD and keep all domains for yourself.

Also, just making sure you know, so sorry if you already do: OpenNIC domains and TLDs won't be accessible from a vast majority of computers, only ones with OpenNIC setup. That's the main difference between us and ICANN ;)

Anyways, if you get a Tier 1 server setup, and write up a charter, all you'll need to do is post your charter to this mailing list, at which point the OpenNIC community members can discuss it, and maybe make some suggestions. After that you just need to call for a vote, and if approved you'll be a part of the network!

Hopefully all that helps,

Jonah



--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org






--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org





--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org





--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org





Archive powered by MHonArc 2.6.19.

Top of Page