You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
84 lines
2.5 KiB
84 lines
2.5 KiB
%
|
|
% DNS.tex
|
|
%
|
|
% Fork Sand IT Manual
|
|
%
|
|
% Copyright (C) 2018, Fork Sand, Inc.
|
|
% Copyright (C) 2017, Jeff Moe
|
|
%
|
|
% This document is licensed under the Creative Commons Attribution 4.0
|
|
% International Public License (CC BY-SA 4.0) by Fork Sand, Inc.
|
|
%
|
|
|
|
DNS, so many problems, so insecure.
|
|
|
|
Nameserver daemons:
|
|
|
|
\begin{itemize}
|
|
\item BIND
|
|
\item cstorm\_deepDNS --- WTF.
|
|
Website: \\ \url{https://github.com/cryptostorm/cstorm_deepDNS}
|
|
\item djbdns
|
|
\item prodns
|
|
\item EU/CZ one
|
|
\item Yadifa --- Many nodes deployed
|
|
\end{itemize}
|
|
|
|
Misc:
|
|
|
|
\begin{itemize}
|
|
\item Once records are stable, set TTL to huge time ?
|
|
\item OpenDNS.
|
|
\end{itemize}
|
|
|
|
\section{Registration}
|
|
Where to register? Need to be in the root servers...
|
|
|
|
\subsection{Njalla}
|
|
Njalla --- ``Privacy-aware domain registration service''.
|
|
Website: \\ \url{https://njal.la/}
|
|
|
|
They purchase and own the domain, to protect privacy.
|
|
|
|
|
|
``We're not actually a domain name registration service, we're a customer to these. We sit in between the domain name registration service and you, acting as a privacy shield.
|
|
When you purchase a domain name through Njalla, we own it for you. However, the agreement between us grants you full usage rights to the domain. Whenever you want to, you can transfer the ownership to yourself or some other party.''
|
|
|
|
|
|
\begin{itemize}
|
|
\item Based in Nevis.
|
|
\item By the Pirate Bay and Flattr crew.
|
|
\end{itemize}
|
|
|
|
Payment methods:
|
|
|
|
\begin{itemize}
|
|
\item Bitcoin
|
|
\item DASH
|
|
\item Litecoin
|
|
\item Monero
|
|
\item PayPal
|
|
\end{itemize}
|
|
|
|
\section{njal.la}
|
|
njal.la is a privacy domain registrar. They register the domain in their name,
|
|
which is a step further than most registrars. They are registered legal owner
|
|
of the domain. But the user can configure the domain however they want, using
|
|
njal.la's nameservers or not, as they like. If the user wants to take the
|
|
domain somewhere else and own it directly, they can.
|
|
They appear to take security up a notch too, using encrypted jabber instead
|
|
of email, as an option.
|
|
|
|
\begin{itemize}
|
|
\item Signup can be done via email or jabber (!).
|
|
\item Jabber signup sends message via jabber, using \emph{unathenticated} OTR.
|
|
This is the first service I've seen that does this, and it is great. Would be
|
|
better if it did authenticated OTR setup before sending the verification URL
|
|
though.
|
|
\item Fist login page at Njalla ask for a PGP key, if email is to be sent (!).
|
|
\item Support can be done via Jabber.
|
|
\item Tor onion (!) address: \url{http://njalladnspotetti.onion/}
|
|
\item Payment forms accepted: Bitcoin, PayPal, LiteCoin, Monero, Dash,
|
|
Bitcoin Cash.
|
|
\end{itemize}
|