Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

❌ Software Removal | Opennic #1258

Closed
Mikaela opened this issue Sep 1, 2019 · 8 comments · Fixed by #1273

Comments

@Mikaela
Copy link
Member

commented Sep 1, 2019

Description

I think OpenNIC is currently far behind the rest of the content of our encrypted DNS page and may even be a privacy and security issue due to the sites not having valid certificates. Please correct me, if I am wrong.

My comment on our forum:


<irrelevant part snipped>

We are recommending OpenNIC above ICANN managed DNS on our DNS page but personally I am not using it and I have unresolved questions before I am able to recommend it.

  1. Do they support encrypted DNS? If yes, could they make it easier to find.
  2. How do SSL certificates work with OpenNIC? I don't think LetsEncrypt doesn't support it, so I fear that all web browsing on OpenNIC would be insecure.

If you have a fear of someone taking your domain away from you, I would use Tor Onion service and attempt to teach all the users to use it.

opennic/opennic-web#68

@blacklight447-ptio

This comment has been minimized.

Copy link
Member

commented Sep 1, 2019

I recall some of them supported dnscrypt.

@ggg27

This comment has been minimized.

Copy link
Contributor

commented Sep 2, 2019

  • OpenNic has done a lot of good like supporting NameCoin.
  • It is already easy to find which instances support DNS Crypt
    https://servers.opennic.org/

Pinging @JonahAragon as I believe he hosts an OpenNic instance.

Edit: Sorry, JonahAragon appears to be an OpenNic Github team member:
https://github.com/orgs/opennic/people

@Mikaela

This comment has been minimized.

Copy link
Member Author

commented Sep 2, 2019

@ggg27 Good point, how does Namecoin manage my concerns? Especially the second, is all traffic E2EE or is there plaintext http involved?

If they are as insecure as I imagine, I think they should be delisted or at least given warnings about possibly putting users at risk.

Do you know about their (OpenNIC & Namecoin) DoH support for Firefox users or DoT support for Android users?

@blacklight447-ptio

This comment has been minimized.

Copy link
Member

commented Sep 5, 2019

i think we should think about this: do we already have a set of must have requirements. maybe we should make a list, like we did with the VPN section.

@JonahAragon

This comment has been minimized.

Copy link
Member

commented Sep 5, 2019

OpenNIC is about on par with traditional public DNS providers, but they have not shown any initiative or desire to implement any sort of additional security functionality. Even DNSSEC is somewhat broken or at the very least not entirely implemented. I would be fine with removing it if we are going to shift to only recommending encrypted DNS solutions in the future.

@blacklight447-ptio

This comment has been minimized.

Copy link
Member

commented Sep 6, 2019

I think we will have to write a small requirements like we did in the vpn section.
I think making some form of dns encryption mandatory would be a good first step, so either DoH, DoT, or dnscrypt.

@Mikaela Mikaela referenced this issue Sep 6, 2019
3 of 3 tasks complete
@Mikaela

This comment has been minimized.

Copy link
Member Author

commented Sep 6, 2019

I would be fine with removing it if we are going to shift to only recommending encrypted DNS solutions in the future.

#1273

I think making some form of dns encryption mandatory would be a good first step, so either DoH, DoT, or dnscrypt.

We already require DoH or DoT for DNS with the exception of OpenNIC and Namecoin. I was agreed with on listing DNSCrypt-only servers being pointless due to DNS server sources such as these already being a thing that is natively supported by dnscrypt-proxy.

DNSCrypt is also not supported as widely as DoT and DoH which appear to be becoming the standards of encrypting DNS, we already list pros and cons of those two.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.