Welcome to our little space on the OpenNIC Wiki. We are operating a handful of globally distributed DNS resolvers which are compatible with the OpenNIC TLDs. The servers are configured to log anonymized data in a central location in Europe. This feedback is used for threat intelligence research. The public front of the project is

Public Resolver

All of our public resolver support DNS over UDP/53, DoT, DoH and support regular OpenNIC and ICANN TLDs.

OpenNIC Domain ICANN Domain Country Code IPv4 IPv6 Status CL 2001:19f0:c800:2b26:5400:04ff:fe87:53ea Ok FI 2a01:4f9:c011:83d::1 Ok IN 2401:c080:3400:251f:5400:04ff:fe97:fa4e Ok PL 2a05:f480:2400:117d:5400:04ff:fe98:9f2d Ok RU 2a09:7c47:0:20::1 Ok
- UK - - non-operational US 2a01:4ff:f0:24ff::1 Ok

Log Anonymization

Since IP addresses are considered PII under the GDPR (and some other legislation), the IP address is anonymized and what's left is the origin [ASN]( We are not interested in any personally identifiable information, yet we see the DNS as part of the control plane and believe that it is an utterly important and valuable asset to understand the Internet's threat landscape.


With anonymized input, we want to provide some threat intelligence with an exploratory outcome. The goals can be but are not limited to:

  • Botnet C2 infrastructure
  • DNS R/A DDoS attacks
  • DNS query flood attacks
  • DNS water torture attacks (Query floods to non-existing domain names)


  • /wiki/data/pages/user/pangea.txt
  • Last modified: 6 months ago
  • by pangea