user:pangea

Welcome to our little space on the OpenNIC Wiki. We are operating a handful of globally distributed DNS resolvers which are compatible with the OpenNIC TLDs. The servers are configured to log anonymized data in a central location in Europe. This feedback is used for threat intelligence research. The public front of the project is newpangea.de.

Public Resolver

All of our public resolver support DNS over UDP/53, DoT, DoH and support regular OpenNIC and ICANN TLDs.

OpenNIC Domain ICANN Domain Country Code IPv4 IPv6 Status
ns2.cl.dns.opennic.glue dns1.cl.newpangea.de CL 64.176.6.48 2001:19f0:c800:2b26:5400:04ff:fe87:53ea Ok
ns1.fi.dns.opennic.glue dns1.fi.newpangea.de FI 65.21.1.106 2a01:4f9:c011:83d::1 Ok
ns6.in.dns.opennic.glue dns1.in.newpangea.de IN 139.84.165.176 2401:c080:3400:251f:5400:04ff:fe97:fa4e Ok
ns2.pl.dns.opennic.glue dns1.pl.newpangea.de PL 70.34.254.19 2a05:f480:2400:117d:5400:04ff:fe98:9f2d Ok
ns3.ru.dns.opennic.glue dns1.ru.newpangea.de RU 45.84.1.149 2a09:7c47:0:20::1 Ok
- dns1.uk.newpangea.de UK - - non-operational
ns2.va.us.dns.opennic.glue dns1.us.newpangea.de US 5.161.109.23 2a01:4ff:f0:24ff::1 Ok

Log Anonymization

Since IP addresses are considered PII under the GDPR (and some other legislation), the IP address is anonymized and what's left is the origin [ASN](https://www.net58.io/knowledge/bgp/bgp-primer/bgp-as/). We are not interested in any personally identifiable information, yet we see the DNS as part of the control plane and believe that it is an utterly important and valuable asset to understand the Internet's threat landscape.

Research

With anonymized input, we want to provide some threat intelligence with an exploratory outcome. The goals can be but are not limited to:

  • Botnet C2 infrastructure
  • DNS R/A DDoS attacks
  • DNS query flood attacks
  • DNS water torture attacks (Query floods to non-existing domain names)

Resources

  • /wiki/data/pages/user/pangea.txt
  • Last modified: 6 months ago
  • by pangea