Who is behind pangea? [OpenNIC Wiki]

Note: Restructuring of infrastructure in progress

Welcome to our little space on the OpenNIC Wiki. We are operating a handful of globally distributed DNS resolvers which are compatible with the OpenNIC TLDs. The servers are configured to log anonymized data in a central location in Europe. This feedback is used for threat intelligence research. The public front of the project is newpangea.de.

Public Resolver

All of our public resolver support DNS over UDP/53, DoT, DoH and support regular OpenNIC and ICANN TLDs.

OpenNIC Domain	ICANN Domain	Country Code	IPv4	IPv6	Status
ns2.cl.dns.opennic.glue	dns1.cl.newpangea.de	CL	64.176.6.48	2001:19f0:c800:2b26:5400:04ff:fe87:53ea	Ok
ns1.fi.dns.opennic.glue	dns1.fi.newpangea.de	FI	65.21.1.106	2a01:4f9:c011:83d::1	Ok
ns6.in.dns.opennic.glue	dns1.in.newpangea.de	IN	139.84.165.176	2401:c080:3400:251f:5400:04ff:fe97:fa4e	Ok
ns2.pl.dns.opennic.glue	dns1.pl.newpangea.de	PL	70.34.254.19	2a05:f480:2400:117d:5400:04ff:fe98:9f2d	Ok
ns3.ru.dns.opennic.glue	dns1.ru.newpangea.de	RU	45.84.1.149	2a09:7c47:0:20::1	Offline
-	dns1.uk.newpangea.de	UK	-	-	non-operational
ns2.va.us.dns.opennic.glue	dns1.us.newpangea.de	US	5.161.109.23	2a01:4ff:f0:24ff::1	Ok

Log Anonymization

Since IP addresses are considered PII under the GDPR (and some other legislation), the IP address is anonymized and what's left is the origin [ASN](https://www.net58.io/knowledge/bgp/bgp-primer/bgp-as/) [Note: Link down]. We are not interested in any personally identifiable information, yet we see the DNS as part of the control plane and believe that it is an utterly important and valuable asset to understand the Internet's threat landscape.

Research

With anonymized input, we want to provide some threat intelligence with an exploratory outcome. The goals can be but are not limited to:

Botnet C2 infrastructure
DNS R/A DDoS attacks
DNS query flood attacks
DNS water torture attacks (Query floods to non-existing domain names)

Resources

Project Website: newpangea.de