| View previous topic :: View next topic |
| Author |
Message |
funkmankey
Guru
Joined: 06 Mar 2003
Posts: 304
Location: CH
|
 Posted: Wed Sep 17, 2003 7:31 pm Post subject: using OpenNIC (aka on the road to ending DNS monopolies...) |
 |
|
a small start to getting rid of the verisign monopoly is to start using opennic. you can use it as regular end user or you can use if it you are some sort of nameserver.
there are several fine articles already in the forums about running your own local caching nameserver. switching over to opennic after that is quite easy, you just have to generate a new /service/dnscache/root/servers/@.
you can even join opennic, get your own handle, and put up your own .geek or .oss site.
(NB: after switching to opennic, the verisign's stupid tricks don't magically go away -- remember, it's the process that's important: eroding the power from the monopoly.
there are also some patches out to djbdns (yay) as well as BIND (hiss) and of course other systems but I cannot recommend any of them as I've not tried a patch yet.)
_________________
I've got the brain, I'm insane, you can't stop the power |
|
| Back to top |
|
 |
funkmankey
Guru
Joined: 06 Mar 2003
Posts: 304
Location: CH
|
| Posted: Wed Sep 17, 2003 10:23 pm Post subject: |
|
|
gentoo community, I love you guys!
this bug lists a modified ebuild to djbdns-1.05-r8. the ebuild includes the aforementioned ignoreip2 patch. between djbdns and opendns, verisign can go pound sand.
| Code: | # awk '{print $2}' <<EOF >/service/dnscache/root/ignoreip
*.ac 194.205.62.122
*.cc 206.253.214.102
*.com 64.94.110.11
*.cx 219.88.106.80
*.museum 195.7.77.20
*.net 64.94.110.11
*.nu 64.55.105.9
and 212.181.91.6
*.ph 203.119.4.6
*.sh 194.205.62.62
*.tm 194.205.62.62
*.ws 216.35.187.246
EOF
# svc -t /service/dnscache
|
ah, nxdomain-ly goodness:
| Code: | %ping flooglebarglewaopbotoot.com
ping: unknown host flooglebarglewaopbotoot.com
|
_________________
I've got the brain, I'm insane, you can't stop the power |
|
| Back to top |
|
|
henke
Apprentice
Joined: 30 Sep 2002
Posts: 165
Location: Stockholm, Sweden
|
| Posted: Tue Sep 23, 2003 11:15 pm Post subject: Re: using OpenNIC (aka on the road to ending DNS monopolies. |
|
|
| funkmankey wrote: | | after switching to opennic, the verisign's stupid tricks don't magically go away |
Actually they do  The OpenNIC DNS servers I am hitting seem to be patched because I don't get the sitefinder crap anymore  |
|
| Back to top |
|
|
tecknojunky
Veteran
Joined: 19 Oct 2002
Posts: 1937
Location: Montréal
|
| Posted: Fri Oct 24, 2003 6:11 am Post subject: |
|
|
As a test, tried to modify one of my client's /etc/resolv.conf to point exclusively to tier2 opennic servers, but it does not work when trying to ping opennic.glue or .oss or .whatever is published on their web space.
Further, I still can access normal legacy dns names, so I'm thinking there is more to it than simply modifying the nameserver entries in resolv.conf.
_________________
(7 of 9) Installing star-trek/species-8.4.7.2::talax. |
|
| Back to top |
|
|
funkmankey
Guru
Joined: 06 Mar 2003
Posts: 304
Location: CH
|
| Posted: Fri Oct 24, 2003 2:11 pm Post subject: |
|
|
I know it's odd but opennic.glue actually does not resolve to an IP address; did you try to ping www.opennic.glue?
from a solaris machine that only uses standard nameservers:
| Code: | %dig @199.175.137.212 www.opennic.glue
; <<>> DiG 9.1.0 <<>> @199.175.137.212 www.opennic.glue
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44464
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.opennic.glue. IN A
;; ANSWER SECTION:
www.opennic.glue. 60611 IN A 131.161.247.68
;; Query time: 122 msec
;; SERVER: 199.175.137.212#53(199.175.137.212)
;; WHEN: Fri Oct 24 10:14:47 2003
;; MSG SIZE rcvd: 50 |
_________________
I've got the brain, I'm insane, you can't stop the power |
|
| Back to top |
|
|
tecknojunky
Veteran
Joined: 19 Oct 2002
Posts: 1937
Location: Montréal
|
| Posted: Fri Oct 24, 2003 2:40 pm Post subject: |
|
|
| funkmankey wrote: | | I know it's odd but opennic.glue actually does not resolve to an IP address; did you try to ping www.opennic.glue? |
Actually, I followed these instructions for a PC, not a name server.
So, it should be resolv with a ping. No?
_________________
(7 of 9) Installing star-trek/species-8.4.7.2::talax. |
|
| Back to top |
|
|
funkmankey
Guru
Joined: 06 Mar 2003
Posts: 304
Location: CH
|
| Posted: Fri Oct 24, 2003 2:57 pm Post subject: |
|
|
yes, the instructions for simple alteration of /etc/resolv.conf are the ones that you want.
I only meant to say that opennic.glue is undefined, but do try pinging www.opennic.glue (or www.indy or www.geek etc...)--
sorry for any confusion.
_________________
I've got the brain, I'm insane, you can't stop the power |
|
| Back to top |
|
|
tecknojunky
Veteran
Joined: 19 Oct 2002
Posts: 1937
Location: Montréal
|
| Posted: Sat Oct 25, 2003 7:22 am Post subject: |
|
|
Lucky you. It works.
Here's my result. | Quote: | fiston root # ping www.opennic.glue
ping: unknown host www.opennic.glue
fiston root # ping www.geek
ping: unknown host www.geek
fiston root # ping www.indy
ping: unknown host www.indy
fiston root # cat /etc/resolv.conf
nameserver 62.236.208.158
nameserver 213.185.37.13
nameserver 192.168.1.1
search inet
|
The last name server entry is the remote caching server running on the router and pointing to my ISP's legacy dns server. My dns server also resolv internal domain names (ie: *.inet). But I did try with all 3 set to opennic's tier3 ns.
But I'd rather make my tests on a client before doing anything with the dns server I use, which is dnsmasq, a 15k caching server that supports nat and will also serve the entries found in /etc/hosts and the names received thrue dhcpd leases. Simplicity responding to every needs I have. That means if I wish to run my own name server understanding opennic, I'll have to use a real server like dbjdns, I understand that.
I have ping those dns server since many in the list provided by opennic seem to be down.
I guess
_________________
(7 of 9) Installing star-trek/species-8.4.7.2::talax. |
|
| Back to top |
|
|
|
Networking & Security
