Discuss mailing list

[Oleg Khovayko <khovayko AT gmail.com>]

Hi,

I am representing Emercoin, which has successful peering with OpenNIC 
for years.

However, recently I see, our servers seed1 and seed2, where OpenNIC 
requests info about zones .coin/.emc/.bazar/.lib, started used to 
control botnets.
There is many requests from different IPs for same domain name, fields 
A/TXT.
I analyzed field TXT in some EmerDNS recors, for example: 
dns:refereefitter.lib
And found there - there is some encrypted strings, seems like command to 
botnet.
This article contains more information:
https://www.fireeye.com/blog/threat-research/2018/04/cryptocurrencies-cyber-crime-blockchain-infrastructure-use.html

I would like continue peering, but do not want to serve a criminal botnets.

I see 2 ways, how to mitigate this issue:

1. Each Tier1 OpenNIC will setup local Emer node, and perform peering to 
the localhost. And we will just discontinue our peering services.
Pros: Quick resolving, best security
Cons: Needed ~1G HDD and 300MB RAM to running process.

2. We can add IP filters to our seed1/seed2, and ban all IPs, but 10 
Tier 1 OpenNIC servers.
Pros: Nothing needed to do on OpenNIC side
Cons: Dependence on network, bigger latencies.

So, I have questions:
1. If we will add DNS-filters, which includes Tier1 servers - is this 
enough to continue peering with option 2?
2. Is this possible to move to option 1, when OpenNIC keeps local resolver?

Thanks,
Oleg