On Mon, 2021-03-08 at 06:40 -0700, Gabe Stanton via Dng wrote:
> On Mon, 2021-03-08 at 10:08 +0200, Dimitris via Dng wrote:
> > Στις 8/3/21 12:29 π.μ., ο/η Rick Moen έγραψε:
> > > Leaving aside my being disappointed about people willingly
> > > outsourcing
> > > their recursive DNS to the second-nosiest company on the
> > > planet[1]
> >
> > +1.1.1.1 ... don't forget cloudflare bullies..
> >
> >
> > but i do forward local queries to opennic (w/ dnscrypt) and a
> > couple
> > more trusted sources.. eg. libreops.cc offer a public resolver and
> > another DoT/DoH & i do also forward to tor-resolve occasionally...
> >
> > so, i would be interested to know, if there's a privacy issue with
> > opennnic?
> > leaving the overlord (=icann) aside, seems like a good idea to me..
>
> I wonder the same thing. I guess what appeals to me about opennic is
> that they address some of the problems with the way dns is handled
> elsewhere. Of course running your own dns server is optimal. But it
> doesn't do a better job to address privacy, and it doesn't make dns
> into a community issue like opennic is trying to do.
> As a dns server operator, with opennic you also get the opportunity
> to
> invite other anonymous (to you) people to share your dns server, thus
> pooling your dns queries, which can be good for privacy.
>
> If you're not running your own dns server when using opennic, you're
> relying on the truthfulness of the dns server operator when they
> checked or didn't check the flags indicating if they keep logs.
> That's
> obviously not a very trustworthy indication, but it's nice that
> they're
> addressing privacy right up front.
>
> I don't know of anyone trying to do what opennic is trying to do. Are
> there competing ideas in the realm of dns communities?
>
> In the absence of a "community of dns server operators and users", is
> the optimal option to have everyone run their own recursive server?
> But
> then the upstream servers still get the birds-eye view and will very
> likely abuse that information like the big companies do now.
>
> I don't mean just to defend opennic, if there are competing or better
> ideas out there, that would be good to know. I'm just throwing out my
> 2
> cents on the matter.


Oh, and one more thing since you mentioned icann, one thing to note is
that opennic also has their own tld system, independent of icann. As a
community of operators, they can do that. Of course no one can access
their tld's without pointing to an opennic server. Their main one is
.glue but they continue to add them. Anyway, having their own tld's is
another thing they're doing right in my opinion. If they don't end up
being the best solution to the problem, I feel like they're leading the
way.

Of course the independent tld system is potentially problematic, but
centralized icann is also a problem, so we should be looking for
solutions and innovative ideas.

Gabe