Category: Operations

Information about changes or proposals that affect the way our project operates.

Changes to our routing stack!

Adrian Alexdre
Posted by Adrian Alexdre Posted on July 29, 2024
Posted in Core, Network

We have reached a point where our name servers are working well enough for daily use that we feel like we can cut down on some of the duplicate functionality in our routing stack. At present, each router in our stack is running its own instance of Unbound for client DNS and this leads to a bunch of duplication that is probably not needed and just adds to our hypervisor’s workload.

Starting around 1000EST today, we will be turning off each router’s Unbound instance and will be updating profiles to point their DNS at our two name servers. If you are an end user or project member and you notice that DNS functions stop working, you should update your connection profiles to point their DNS at the following addresses:

  • 204.12.237.197
  • 173.208.212.205
  • 2604:4300:f03:c1::2
  • 2604:4300:a:6e::5

For our WireGuard users, this most likely means replacing the line “DNS = 2604:4300:f03:XX::1, 10.0.XX.1” with the line “DNS = 2604:4300:f03:c1::2, 2604:4300:a:6e::5” to retain DNS functions after today. We know that our DNS changes have been a moving target for our project and our users, but this should wrap things up on that front.

Registrar migration completed!

Adrian Alexdre
Posted by Adrian Alexdre Posted on July 25, 2024
Posted in Core, Network, Operations

Around 0030EST last night, we received emails stating that the domain “marbledfennec.net” was transferred over to Porkbun after a much stressful waiting period in which our domain was not working correctly and was even offline to various parts of the web.

As of 1245EST, we have our name servers fixed including DNSSEC. Everything should be working properly now and we should be back online.

Updated DNS blocklist…

Adrian Alexdre
Posted by Adrian Alexdre Posted on July 20, 2024
Posted in Network, Operations

Around 1430EST today, our team started noticing that some of the DNS request that were coming in were for odd looking domains within the zones that the OpenNIC project controls. In an effort to not aid botnets, malware and other unwanted internet asbestos- We make use of iptables to block request from even reaching our DNS servers if our team’s research comes up as questionable or worrisome.

We will not post the domains that are blocked on our websites to avoid getting tagged with those questionable domains. But, if you are using our DNS servers, are a project member or a network tenant; you are welcome to reach out to our support desk to obtain a list of the currently blocked domains.

Something to note:
Our team does not block weird looking domains just because they seem odd. We only enact a block when we are able to verify that the domain in question is associated with malware or otherwise unsafe. Verification is done by checking the domains and associated IP addresses against multiple malware tracking labs and groups.