❌ Software Removal | Opennic #1258

New Issue

jonah · 2019-09-01T21:13:32Z

Mikaela commented

2019-09-01 21:13:32 +00:00

(Migrated from github.com)

Description

I think OpenNIC is currently far behind the rest of the content of our encrypted DNS page and may even be a privacy and security issue due to the sites not having valid certificates. Please correct me, if I am wrong.

My comment on our forum:

<irrelevant part snipped>

We are recommending OpenNIC above ICANN managed DNS on our DNS page but personally I am not using it and I have unresolved questions before I am able to recommend it.

Do they support encrypted DNS? If yes, could they make it easier to find.

How do SSL certificates work with OpenNIC? I don't think LetsEncrypt doesn't support it, so I fear that all web browsing on OpenNIC would be insecure.

If you have a fear of someone taking your domain away from you, I would use Tor Onion service and attempt to teach all the users to use it.

https://github.com/opennic/opennic-web/issues/68

## Description I think OpenNIC is currently far behind the rest of the content of our encrypted DNS page and may even be a privacy and security issue due to the sites not having valid certificates. Please correct me, if I am wrong. My [comment on our forum](https://forum.privacytools.io/t/discussion-opennic/338/3?u=mikaela): * * * * * > \<irrelevant part snipped\> > > We are recommending OpenNIC above ICANN managed DNS on [our DNS page](https://www.privacytools.io/providers/dns/) but personally I am not using it and I have unresolved questions before I am able to recommend it. > > 1. Do they support encrypted DNS? If yes, could they make it easier to find. > 2. How do SSL certificates work with OpenNIC? I don't think LetsEncrypt doesn't support it, so I fear that all web browsing on OpenNIC would be insecure. > > If you have a fear of someone taking your domain away from you, I would use Tor Onion service and attempt to teach all the users to use it. > > https://github.com/opennic/opennic-web/issues/68

blacklight447 commented

2019-09-01 21:19:01 +00:00

(Migrated from github.com)

I recall some of them supported dnscrypt.

ggg27 commented

2019-09-02 05:05:22 +00:00

(Migrated from github.com)

OpenNic has done a lot of good like supporting NameCoin.
It is already easy to find which instances support DNS Crypt
https://servers.opennic.org/

Pinging @JonahAragon as I believe he hosts an OpenNic instance.

Edit: Sorry, JonahAragon appears to be an OpenNic Github team member:
https://github.com/orgs/opennic/people

- OpenNic has done a lot of good like supporting NameCoin. - It is already easy to find which instances support DNS Crypt https://servers.opennic.org/ ______________ Pinging @JonahAragon as I believe he hosts an OpenNic instance. **Edit**: Sorry, JonahAragon appears to be an OpenNic Github team member: https://github.com/orgs/opennic/people

Mikaela commented

2019-09-02 07:28:23 +00:00

(Migrated from github.com)

@ggg27 Good point, how does Namecoin manage my concerns? Especially the second, is all traffic E2EE or is there plaintext http involved?

If they are as insecure as I imagine, I think they should be delisted or at least given warnings about possibly putting users at risk.

Do you know about their (OpenNIC & Namecoin) DoH support for Firefox users or DoT support for Android users?

@ggg27 Good point, how does Namecoin manage my concerns? Especially the second, is all traffic E2EE or is there plaintext http involved? If they are as insecure as I imagine, I think they should be delisted or at least given warnings about possibly putting users at risk. Do you know about their (OpenNIC & Namecoin) DoH support for Firefox users or DoT support for Android users?

blacklight447 commented

2019-09-05 14:32:35 +00:00

(Migrated from github.com)

i think we should think about this: do we already have a set of must have requirements. maybe we should make a list, like we did with the VPN section.

Mikaela commented

2019-09-05 15:26:33 +00:00

(Migrated from github.com)

* https://github.com/privacytoolsIO/privacytools.io/blob/master/.github/ISSUE_TEMPLATE/7_DNS_provider.md * https://github.com/privacytoolsIO/privacytools.io/blob/master/.github/CONTRIBUTING.md#dns

jonah commented

2019-09-05 17:25:30 +00:00

OpenNIC is about on par with traditional public DNS providers, but they have not shown any initiative or desire to implement any sort of additional security functionality. Even DNSSEC is somewhat broken or at the very least not entirely implemented. I would be fine with removing it if we are going to shift to only recommending encrypted DNS solutions in the future.

👍 1 😕 1

blacklight447 commented

2019-09-06 10:50:30 +00:00

(Migrated from github.com)

I think we will have to write a small requirements like we did in the vpn section.
I think making some form of dns encryption mandatory would be a good first step, so either DoH, DoT, or dnscrypt.

I think we will have to write a small requirements like we did in the vpn section. I think making some form of dns encryption mandatory would be a good first step, so either DoH, DoT, or dnscrypt.

Mikaela commented

2019-09-06 17:28:02 +00:00

(Migrated from github.com)

I would be fine with removing it if we are going to shift to only recommending encrypted DNS solutions in the future.

#1273

I think making some form of dns encryption mandatory would be a good first step, so either DoH, DoT, or dnscrypt.

We already require DoH or DoT for DNS with the exception of OpenNIC and Namecoin. I was agreed with on listing DNSCrypt-only servers being pointless due to DNS server sources such as these already being a thing that is natively supported by dnscrypt-proxy.

DNSCrypt is also not supported as widely as DoT and DoH which appear to be becoming the standards of encrypting DNS, we already list pros and cons of those two.

> I would be fine with removing it if we are going to shift to only recommending encrypted DNS solutions in the future. #1273 > I think making some form of dns encryption mandatory would be a good first step, so either DoH, DoT, or dnscrypt. We already require DoH or DoT for DNS with the exception of OpenNIC and Namecoin. I was agreed with on listing DNSCrypt-only servers being pointless due to [DNS server sources](https://github.com/jedisct1/dnscrypt-proxy/wiki/DNS-server-sources) such as [these](https://github.com/DNSCrypt/dnscrypt-resolvers/tree/master/v2) already being a thing that is natively supported by dnscrypt-proxy. DNSCrypt is also not supported as widely as DoT and DoH which appear to be becoming the standards of encrypting DNS, we already list pros and cons of those two.

👍 1

This repo is archived. You cannot comment on issues.