https://wiki.opennic.org/ Mon, 13 Apr 2026 19:43:58 +0000 FeedCreator 1.8 https://wiki.opennic.org/_media/wiki/dokuwiki.svg https://wiki.opennic.org/ https://wiki.opennic.org/opennic/ansible-setup?rev=1542765385&do=diff Ansible Setup Ansible is an open source project for automating the deployment and management of systems with yaml scripts, much like Puppet. This is a guide how to use the Ansible Playbook written for OpenNIC, to setup and run a Tier 2 server within just a few minutes. This guide assumes you know that you know that Ansible just needs to be installed on your local machine or the machine you use to control your other servers, and that the other servers just need to have python installed. anonymous@undisclosed.example.com (Anonymous) Wed, 21 Nov 2018 01:56:25 +0000 https://wiki.opennic.org/opennic/creating_new_tlds?rev=1669551553&do=diff New OpenNIC TLDs How to get yourself a new TLD with OpenNIC. Prerequisites * You MUST have operated a Tier 2 DNS server continuously for at least 3 months, and said DNS server MUST be in operation while your TLD is being considered. * You should keep this anonymous@undisclosed.example.com (Anonymous) Sun, 27 Nov 2022 12:19:13 +0000 https://wiki.opennic.org/opennic/dnscrypt?rev=1501480553&do=diff DNSCrypt DNSCrypt is a protocol specifically designed to encrypt and authenticate DNS communication between a DNS client and a DNS resolver. It uses cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven't been tampered with. anonymous@undisclosed.example.com (Anonymous) Mon, 31 Jul 2017 05:55:53 +0000 https://wiki.opennic.org/opennic/dnssec?rev=1642870523&do=diff DNSSEC Validation DNSSEC is a mechanism that prevents DNS forgeries that could potentially redirect you or your Tier 2 users to malicious sites. Tier 2 Configuration FIXME We're looking for guides for other DNS software, contributions welcome! Tier 2 providers may enable DNSSEC validation by following the guide(s) below, corresponding to their anonymous@undisclosed.example.com (Anonymous) Sat, 22 Jan 2022 16:55:23 +0000 https://wiki.opennic.org/opennic/dont_anycast?rev=1542765336&do=diff Why you shouldn't pick Tier 2 anycast servers (-) Anycast server latency fluctuates a lot Sometimes, Tier 2 anycast servers are faster than normal Tier 2 servers, this is due to the way an anycast network works, however it could also be very slow at times due to the nature of BGP taking a shorter route path that is actually congested vs. a longer route path that is perfectly fine. anonymous@undisclosed.example.com (Anonymous) Wed, 21 Nov 2018 01:55:36 +0000 https://wiki.opennic.org/opennic/dot?rev=1669554357&do=diff OpenNIC Operated Top-Level Domains These are the Top-Level Domains (TLDs) which are currently being served by OpenNIC, are being constructed with the approval of OpenNIC or which have been proposed to OpenNIC. There are links to the appropriate Web and email contacts for those which are currently accepting domain name registrations. anonymous@undisclosed.example.com (Anonymous) Sun, 27 Nov 2022 13:05:57 +0000 https://wiki.opennic.org/opennic/faq?rev=1532599476&do=diff FAQ What is OpenNIC? OpenNIC is a user owned and controlled Network Information Center offering a democratic, non-national alternative to the traditional Top-Level Domain registries. Users of OpenNIC DNS servers, in addition to resolving host names in the Legacy anonymous@undisclosed.example.com (Anonymous) Thu, 26 Jul 2018 10:04:36 +0000 https://wiki.opennic.org/opennic/infra?rev=1501465886&do=diff OpenNIC Infrastructure Documentation * wiki.opennic.org infrastructure anonymous@undisclosed.example.com (Anonymous) Mon, 31 Jul 2017 01:51:26 +0000 https://wiki.opennic.org/opennic/mailinglist?rev=1513971500&do=diff OpenNIC Mailing Lists The official OpenNIC mailing lists are served by Sympa at @lists.opennicproject.org. See below for descriptions of available lists and instructions for subscribing. OpenNIC Related Lists Discuss This low-volume list is for folks discussing the organization and operation of the OpenNIC project. All are welcome to subscribe. Subscribe using the anonymous@undisclosed.example.com (Anonymous) Fri, 22 Dec 2017 19:38:20 +0000 https://wiki.opennic.org/opennic/mailinglistpolicies?rev=1513971393&do=diff Mailing List Policies Message Prefixes For the sake of clarity, formal Mailing List threads MUST begin with the following prefixes, depending on the content of the message: * “[DISCUSSION]”, or “[PROPOSAL]” — For formal discussions or proposals of official policies or changes that will eventually lead to a vote. anonymous@undisclosed.example.com (Anonymous) Fri, 22 Dec 2017 19:36:33 +0000 https://wiki.opennic.org/opennic/namespaces?rev=1498702316&do=diff anonymous@undisclosed.example.com (Anonymous) Thu, 29 Jun 2017 02:11:56 +0000 https://wiki.opennic.org/opennic/operatorpolicies?rev=1513971720&do=diff Tier 1 and 2 Server Operator Policies As of November 15, 2017, server operators must adhere to the following policies. Tier 1 Operators Tier 1 Operators (the DNS Administrators for each TLD) are expected to maintain some key components of the infrastructure. Failure to meet the following minimum requirements may result in the appointment of a temporary maintainer for your anonymous@undisclosed.example.com (Anonymous) Fri, 22 Dec 2017 19:42:00 +0000 https://wiki.opennic.org/opennic/report_compromised_servers?rev=1499553055&do=diff How to report a compromised OpenNIC service It happens to the best of us: SSH root authentication is not disabled and an insecure password is set; BIND9 or PowerDNS hasn't been updated in time to prevent the latest exploits; ninja hackers have otherwise exploited any of the services running on the same server; etc anonymous@undisclosed.example.com (Anonymous) Sat, 08 Jul 2017 22:30:55 +0000 https://wiki.opennic.org/opennic/serviceaccounts?rev=1559671120&do=diff OpenNIC service accounts This wiki article contains service and PR accounts, groups and teams. GitHub (OpenNIC) * <https://github.com/opennic> * Note: This is currently the primary code repository for OpenNIC * Owners: * Fusl, fusl * luggs-co * Shdwdrgn * stephan48 * timgws * woggo85 * Members: anonymous@undisclosed.example.com (Anonymous) Tue, 04 Jun 2019 17:58:40 +0000 https://wiki.opennic.org/opennic/srvzone?rev=1687088872&do=diff Automatic OpenNIC Zone Generation The information below is based on a Debian/Ubuntu server with BIND9 installed. You may need to make adjustments for different distributions or if you are using a chroot setup. The directions below do not require that you already have access to OpenNIC domains for configuration. All steps will be performed from the command line. anonymous@undisclosed.example.com (Anonymous) Sun, 18 Jun 2023 11:47:52 +0000 https://wiki.opennic.org/opennic/start?rev=1674413858&do=diff OpenNIC Infrastructure OpenNIC infrastructure related wiki pages → Root Servers and TLD Servers → Tier 1 Servers → Tier 2 Servers → Namespaces / Zones anonymous@undisclosed.example.com (Anonymous) Sun, 22 Jan 2023 18:57:38 +0000 https://wiki.opennic.org/opennic/t2digitalocean?rev=1494035162&do=diff DigitalOcean Droplet Metadata Setup This is an incredibly simple way to create Tier 2 servers on DigitalOcean automatically, en masse, in one minute, no SSH immediately required. Short Version If you know what you're doing, use this User Data when creating an Ubuntu 16.04 Droplet: anonymous@undisclosed.example.com (Anonymous) Sat, 06 May 2017 01:46:02 +0000 https://wiki.opennic.org/opennic/t2hints?rev=1606419099&do=diff Local BIND Caching Server The easiest setup is to use a local caching server. The following will configure a private nameserver for your personal use. :!: If you wish to run a public Tier 2 server, follow the Slaved Zones instructions, not these. If you are trying to anonymize your browsing history, please be aware that installing your own nameserver or using OpenNIC services will not hide your queries. OpenNIC operators are only in control of OpenNIC domains. Any queries you make to anonymous@undisclosed.example.com (Anonymous) Thu, 26 Nov 2020 19:31:39 +0000 https://wiki.opennic.org/opennic/t2slaved?rev=1669554145&do=diff Slaved Zones with BIND9 Also refer to BIND9 Zone Configuration for ready to use zone file examples of Tier 1 and Tier 2 Servers. Consider using the srvzone script. For those wishing to set up a more robust local nameserver, or if you plan on running a public Tier 1 or Tier 2 server for OpenNIC, configuring BIND with slave zones is the preferred method. Please read anonymous@undisclosed.example.com (Anonymous) Sun, 27 Nov 2022 13:02:25 +0000 https://wiki.opennic.org/opennic/t2win12?rev=1499277934&do=diff * Open the server manager * Choose add roles and features * Choose role-based or feature-based installations * Choose the server you are interested in. * Choose DNS server * Accept all of the other defaults and install * When it is finished, go to the Start menu and choose anonymous@undisclosed.example.com (Anonymous) Wed, 05 Jul 2017 18:05:34 +0000 https://wiki.opennic.org/opennic/tier1?rev=1512317034&do=diff All About Tier 1 Servers Tier 1 server information and FAQs. What is a "Tier 1" Server? Tier 1 servers, are the core DNS servers hosting authoritative zones, for all OpenNIC TLDs and the root (.) zone. For all zones in OpenNIC's aggregate root, these hosts, in accordance with the OpenNIC anonymous@undisclosed.example.com (Anonymous) Sun, 03 Dec 2017 16:03:54 +0000 https://wiki.opennic.org/opennic/tier1setup?rev=1616258432&do=diff Setting up a Tier 1 Server Tier 1 servers are the core DNS servers hosting authoritative zones for all OpenNIC TLDs and the OpenNIC root (.) zone. FIXME This legacy wiki article has been copied from <http://web.archive.org/web/20161228061854/wiki.opennicproject.org/RunningT1>. It is outdated and should not be blindly used for copy-pasting. Use this information as a starting point to further researching current methods. anonymous@undisclosed.example.com (Anonymous) Sat, 20 Mar 2021 16:40:32 +0000 https://wiki.opennic.org/opennic/tier2?rev=1511393410&do=diff All About Tier 2 Servers Tier 2 server information and FAQs. What is a "Tier 2" Server? Tier 2 servers are “DNS Resolvers” or, servers that actually do the heavy-lifting when querying OpenNIC's DNS infrastructure. These are the servers that clients use in their configuration anonymous@undisclosed.example.com (Anonymous) Wed, 22 Nov 2017 23:30:10 +0000 https://wiki.opennic.org/opennic/tier2security?rev=1499211787&do=diff Tier 2 Security Measures Protecting Against Attacks Tier 2 operators may frequently find themselves being used as a point of attack. The information below has been developed to mitigate these attacks. For multi-line rules, please remember that order is important! Check your rules after insertion to confirm they are in the correct order, or you will have undesirable results. anonymous@undisclosed.example.com (Anonymous) Tue, 04 Jul 2017 23:43:07 +0000 https://wiki.opennic.org/opennic/tier2setup?rev=1586595771&do=diff Setting up a Tier 2 Server Tier 2 servers (DNS resolvers) can be used for public or private DNS lookups, on the OpenNIC and ICANN namespaces. Recommended Minimum Server Specifications * Linux * 1 CPU Core * 512 MB RAM * 4 GB SSD Considerations anonymous@undisclosed.example.com (Anonymous) Sat, 11 Apr 2020 09:02:51 +0000 https://wiki.opennic.org/opennic/tld-servers?rev=1674415482&do=diff OpenNIC TLD/Root Servers For an up-to-date list of all servers and their status, check out the servers status site. Root Servers Do not query this server directly. Use the Tier 2 servers instead. Root servers are not used for recursively resolving domain names. anonymous@undisclosed.example.com (Anonymous) Sun, 22 Jan 2023 19:24:42 +0000 https://wiki.opennic.org/opennic/tls?rev=1736528996&do=diff TLS Certificates Current deployment There is an experimental acme server in place at <https://playground.acme.libre> to automatically obtain TLS certificates for servers under all OpenNIC top level domains (Restricted by Name Constraints). The trust anchor for these certificates can be downloaded anonymous@undisclosed.example.com (Anonymous) Fri, 10 Jan 2025 17:09:56 +0000