[DELISTED] Discussion: OpenNIC

This is an official discussion thread linked from the www.privacytools.io website. This thread can be used for troubleshooting, questions, discussions and if you look for alternatives.

https://www.privacytools.io/providers/dns/

1 Like

Is OpenNIC more acceptable? I"m new here

Sorry that I am replying late, I was kind of hoping someone else to answer.

We are recommending OpenNIC above ICANN managed DNS on our DNS page but personally I am not using it and I have unresolved questions before I am able to recommend it.

  1. Do they support encrypted DNS? If yes, could they make it easier to find.
  2. How do SSL certificates work with OpenNIC? I don’t think LetsEncrypt doesn’t support it, so I fear that all web browsing on OpenNIC would be insecure.

If you have a fear of someone taking your domain away from you, I would use Tor Onion service and attempt to teach all the users to use it.

1 Like

I forgot to give a status update here. Both OpenNIC and NameCoin have been delisted recently due to my previous concerns, for more details see:

While it apparently didn’t fully apply to NameCoin, it would either install a root certificate authority, which may not be a good idea, or if users used it through NameCoin capable resolvers, they would have to accept invalid SSL certificates or not use TLS at all leaving them vulnerable, while our other recommendations are encrypted.

I’ve been using OpenNIC for over a year, but I see you’ve delisted it. It seems that it hasn’t been widely adopted, and perhaps that lack of security is the reason why? Plus it seems that it would be hard for the average person to understand.

Yes,

  • valid SSL certificates cannot be gotten for it, so users would either not use https or accept invalid certificates.
  • it was our only DNS service that had no encryption or didn’t push for it (NameCoin’s root CA installing again seemed questionable) https://www.privacytools.io/providers/dns/
  • they haven’t commented on my question on DNS-over-HTTPS and DNS-over-TLS servers that we require from everyone else https://github.com/opennic/opennic-web/issues/68
    • I guess I should have asked with PTIO hat on, but I am not sure that would have changed anything especially considering how @jonah is involved with them already.