Privacytools.io: โŒ Software Removal | Opennic

Created on 1 Sep 2019  ยท  8Comments  ยท  Source: privacytools/privacytools.io

Description

I think OpenNIC is currently far behind the rest of the content of our encrypted DNS page and may even be a privacy and security issue due to the sites not having valid certificates. Please correct me, if I am wrong.

My comment on our forum:

\

We are recommending OpenNIC above ICANN managed DNS on our DNS page but personally I am not using it and I have unresolved questions before I am able to recommend it.

  1. Do they support encrypted DNS? If yes, could they make it easier to find.
  2. How do SSL certificates work with OpenNIC? I don't think LetsEncrypt doesn't support it, so I fear that all web browsing on OpenNIC would be insecure.

If you have a fear of someone taking your domain away from you, I would use Tor Onion service and attempt to teach all the users to use it.

https://github.com/opennic/opennic-web/issues/68

feedback wanted โŒ software removal ๐Ÿ’ฌ discussion ๐Ÿ”Ž research required ๐Ÿ—„๏ธ DNS
Source
picture Mikaela

All 8 comments

I recall some of them supported dnscrypt.

blacklight447-ptio picture blacklight447-ptio on 1 Sep 2019
  • OpenNic has done a lot of good like supporting NameCoin.
  • It is already easy to find which instances support DNS Crypt
    https://servers.opennic.org/

Pinging @JonahAragon as I believe he hosts an OpenNic instance.

Edit: Sorry, JonahAragon appears to be an OpenNic Github team member:
https://github.com/orgs/opennic/people

ggg27 picture ggg27 on 2 Sep 2019

@ggg27 Good point, how does Namecoin manage my concerns? Especially the second, is all traffic E2EE or is there plaintext http involved?

If they are as insecure as I imagine, I think they should be delisted or at least given warnings about possibly putting users at risk.

Do you know about their (OpenNIC & Namecoin) DoH support for Firefox users or DoT support for Android users?

Mikaela picture Mikaela on 2 Sep 2019

i think we should think about this: do we already have a set of must have requirements. maybe we should make a list, like we did with the VPN section.

blacklight447-ptio picture blacklight447-ptio on 5 Sep 2019
Mikaela picture Mikaela on 5 Sep 2019

OpenNIC is about on par with traditional public DNS providers, but they have not shown any initiative or desire to implement any sort of additional security functionality. Even DNSSEC is somewhat broken or at the very least not entirely implemented. I would be fine with removing it if we are going to shift to only recommending encrypted DNS solutions in the future.

jonaharagon picture jonaharagon on 5 Sep 2019
😕1 👍1

I think we will have to write a small requirements like we did in the vpn section.
I think making some form of dns encryption mandatory would be a good first step, so either DoH, DoT, or dnscrypt.

blacklight447-ptio picture blacklight447-ptio on 6 Sep 2019

I would be fine with removing it if we are going to shift to only recommending encrypted DNS solutions in the future.

1273

I think making some form of dns encryption mandatory would be a good first step, so either DoH, DoT, or dnscrypt.

We already require DoH or DoT for DNS with the exception of OpenNIC and Namecoin. I was agreed with on listing DNSCrypt-only servers being pointless due to DNS server sources such as these already being a thing that is natively supported by dnscrypt-proxy.

DNSCrypt is also not supported as widely as DoT and DoH which appear to be becoming the standards of encrypting DNS, we already list pros and cons of those two.

Mikaela picture Mikaela on 6 Sep 2019
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ghost picture ghost  ยท  3Comments
Mikaela picture Mikaela  ยท  3Comments
0verk1ll picture 0verk1ll  ยท  3Comments
Mikaela picture Mikaela  ยท  3Comments
AshTex picture AshTex  ยท  3Comments