Gopher and OpenNIC

Contents

Gopher and OpenNIC

Resolving `gopher` domains

In addition to the guides available at OpenNIC, below you can find other ways to resolve gopher domains, namely ones in which you don't need to delegate all your DNS queries to OpenNIC, but only those for the gopher domains.

Some of the reasons you might want to do this resolution "split" could be:

perhaps your "regular" DNS name-server (to which you forward requests to) also resolves some non-public domains, which otherwise will become un-resolvable if all your queries are sent to OpenNIC;
perhaps your "regular" DNS name-server (again to which you forward requests to) implements the split-horizon technique, which again won't work if you forward everything to OpenNIC name-servers;
or perhaps you don't trust OpenNIC enough to forward all your DNS traffic to;

Configuring `dnscache`

If you have dnscache running as your DNS (recursive) resolver, you can easily configure it to delegate only the gopher domains to OpenNIC, and leave the resolution for the rest of the domains "alone" (i.e. through the current "chain").

The steps needed to delegate only the gopher domains to OpenNIC are simple:

(obviously you need to have dnscache properly configured and running;)
find the servers folder inside the dnscache "root" folder; (see the dnscache documentation, to find out where this "root" folder is located;)
create a file named gopher, where you enter the IP addresses of all the OpenNIC Tier1 name-servers (see also the finding OpenNIC name-servers section on how to obtain the list); for example the current (as of 2014-10-18) IP addresses are:
- ```
185.19.105.30
173.160.58.202
198.136.57.121
178.63.145.230
23.98.70.54
207.192.71.13
178.63.116.152
188.226.215.149
188.226.146.136
199.231.210.120
```
create another file named opennic.glue, where you enter the same IP addresses as above; (OpenNIC uses the special domain opennic.glue for tying its NS records to IP addresses;)
(obviously restart dnscache;)

You could instead create a ns folder right besides the servers folder, where you put a file named ns/opennic which contains all the previously mentioned IP addresses, and the you just symlink it to the servers/gopher and servers/opennic.glue.

This is helpful because if you would like to resolve other domains hosted by OpenNIC (like geek or parody) you can just create a new symlink in there, and if some OpenNIC Tier1 name-server goes missing, or a new one appears, in one edit you update all the name-servers for all these TLD's.

Verifying the `dnscache` configuration

You can verify that the resolution is working by trying to resolve the SOA of gopher, or the A of register.gopher.

drill SOA gopher.

;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 3137
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 
;; QUESTION SECTION:
;; gopher.      IN      SOA

;; ANSWER SECTION:
gopher. 3600    IN      SOA     ns7.opennic.glue. hostmaster.dns.gopher. 2014101802 3600 3600 604800 86400

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 122 msec
;; SERVER: 127.164.185.218
;; WHEN: Sat Oct 18 18:02:48 2014
;; MSG SIZE  rcvd: 91

drill A register.gopher.

;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 7055
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 
;; QUESTION SECTION:
;; register.gopher.     IN      A

;; ANSWER SECTION:
register.gopher.        76226   IN      A       199.231.210.120

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 0 msec
;; SERVER: 127.164.185.218
;; WHEN: Sat Oct 18 18:02:58 2014
;; MSG SIZE  rcvd: 49

Configuring `unbound`

Use either one of the configuration options below. To verify any of these configurations, just follow the same procedure like in the case of dnscache.

Configuring `unbound` by using "stub-zones"

You can configure unbound to do the recursive resolution itself starting from the OpenNIC Tier1 name-servers (see also the finding OpenNIC name-servers section on how to obtain the list).

To achieve this add the following lines to the unbound.conf configuration file:

stub-zone:
    name: "gopher"
    stub-addr: 185.19.105.30@53
    stub-addr: 173.160.58.202@53
    stub-addr: 198.136.57.121@53
    stub-addr: 178.63.145.230@53
    stub-addr: 23.98.70.54@53
    stub-addr: 207.192.71.13@53
    stub-addr: 178.63.116.152@53
    stub-addr: 188.226.215.149@53
    stub-addr: 188.226.146.136@53
    stub-addr: 199.231.210.120@53
    stub-prime: yes
    stub-first: yes

stub-zone:
    name: "opennic.glue"
    stub-addr: 185.19.105.30@53
    stub-addr: 173.160.58.202@53
    stub-addr: 198.136.57.121@53
    stub-addr: 178.63.145.230@53
    stub-addr: 23.98.70.54@53
    stub-addr: 207.192.71.13@53
    stub-addr: 178.63.116.152@53
    stub-addr: 188.226.215.149@53
    stub-addr: 188.226.146.136@53
    stub-addr: 199.231.210.120@53
    stub-prime: yes
    stub-first: yes

Configuring `unbound` by using "forward-zones"

You can configure unbound to forward the recursive resolution to the OpenNIC Tier2 name-servers.

To achieve this add the following lines to the unbound.conf configuration file:

forward-zone:
    name: "gopher"
    forward-addr: 179.43.143.69@53
    forward-addr: 62.141.38.230@53
    forward-addr: 31.31.78.39@53
    forward-first: yes

Registering `gopher` domains

Please note that the registration and management pages do not use HTTPS, thus all the data you submit (including passwords) are sent in clear-text, thus being susceptible to being captured by unwanted parties.

For this reason (and as a general best-practice rule), use a password dedicated only to this purpose.

To register a new gopher domain you'll have to follow the procedure listed on register.gopher.

Basically all you have to do is follow the instructions listed at register.gopher page. However below I present the full process (as it was on 2014-10-18), with some useful annotations.

In order to register a gopher domain, all you need to do is:

make sure that you can actually resolve gopher domains, by following the resolving gopher domains section above;
check that your domain usage matches the gopher domains usage charter available at http://register.gopher/charter;
open the Registartion page at http://register.gopher/register, and enter the required data;
- please note that the Username field "seems" to accepts only letters (and probably numbers), thus no dots (and probably other punctuation);
open the Login page at http://register.gopher/login, and enter your chosen user-name and password;
open the Domain search page at http://register.gopher/domain/search, and enter your chosen domain name;
press Find and, if the page says Domain name is available, press Add this domain to your portfolio;
next go to the Manage domains page at http://register.gopher/manage, and either start adding records to it (by using the Manage link on that page just under the DNS records bullet), or delegate the domain to an authoritative DNS server you control (like described in the delegating a gopher domain section below);

Managing `gopher` domains

Please note that the management pages do not use HTTPS, thus all the data you submit (including passwords) are sent in clear-text, thus being susceptible to being captured by unwanted parties.

To manage a gopher domain you'll have to access the Manage page at register.gopher.

It seems there are two ways to host a gopher domain:

by using the local name-server option (the default), which uses OpenNIC's name-servers to manage the records; (probably recommended;)
by using the remote name-server option, which allows you to delegate an entire <domain>.gopher domain to an authoritative DNS name-server that you control; (obviously an option only for those which have an authoritative DNS name-server under their control;)

Delegating a `gopher` domain

If you haven't already registered a gopher domain, you can do so by following the steps presented in the registering gopher domains section above.

The single prerequisite of delegating a gopher domain is to have access to an authoritative DNS name-server (like Bind, NSD or Knot, etc.)

In order to host yourself a gopher domain, all you need to do is:

open the Login page at http://register.gopher/login;
open the Manage my domains page at http://register.gopher/manage;
check if the page states This domain is currently using a Remote nameserver for its DNS (the keyword to look for is remote); if it doesn't state that, but instead it states [...] Local nameserver [...], open the Switch link beneath that text;
open the Manage page, just under the glue nameservers associated bullet point, and:
- enter the name of the NS glue record (see the following warning on how to name it);
- enter the IP address of the authoritative DNS name-server that will serve the domain in question;
you can add more than one NS glue record if you have multiple authoritative DNS name-servers for the chosen domain;
check the delegation like below;

When you add a name-server glue for your gopher domain, you should follow the suggested simple names like ns, ns1, dns, or dns1.

However if instead you want to use a more complex name, like say dns1.services.example.gopher, you must use a fully qualified name, like dns1.services.example.gopher, or else the NS record isn't properly created.

Unfortunately after doing this you'll see in the management page a wrong name, something like dns1.services.example.gopher.example.gopher, which seems to be a bug in the page code, but the NS record is properly created.

Verifying the `gopher` domain delegation

There seems to be some considerable delay between when you add the name-server glue, and until you actually can see it published via DNS. The wizard suggests something like 10 to 30 minutes, however in my case it seems it took much longer than that (perhaps an hour or so).

Moreover if one of the following commands fails, or doesn't respond with what you would expect, execute it a few more times, because each time it will (probably) choose a different server. But don't over-due it, as each server will cache that answer, and you'll (probably) have to wait the entire timeout period (which is probably about a few hours).

To check the proper delegation do the following (replace drill by dig and volution.gopher. with your own domain):

(either find out from OpenNIC Tier1 what is the IP address of the NS holding the gopher TLD, currently (as of 2014-10-18) it is ns7.opennic.glue, or properly configure your resolver to delegate opennic.glue to the OpenNIC Tier1 name-servers;)

checking if the SOA record is properly published by your authoritative DNS name-server:

drill -t SOA volution.gopher. @194.102.63.38

;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 58991
;; flags: qr aa rd ; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 
;; QUESTION SECTION:
;; volution.gopher.     IN      SOA

;; ANSWER SECTION:
volution.gopher.        360     IN      SOA     dns1.services.volution.gopher. ciprian.volution.ro. 2014090501 360 360 604800 360

;; AUTHORITY SECTION:
volution.gopher.        360     IN      NS      dns1.services.volution.gopher.

;; ADDITIONAL SECTION:
dns1.services.volution.gopher.  360     IN      A       194.102.63.38

;; Query time: 51 msec
;; SERVER: 194.102.63.38
;; WHEN: Sun Oct 19 10:56:47 2014
;; MSG SIZE  rcvd: 132

checking if the SOA record is properly published by the OpenNIC name-server holding gopher TLD:

drill -t SOA volution.gopher. @tier1.opennic.glue.

;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 3985
;; flags: qr rd ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 
;; QUESTION SECTION:
;; volution.gopher.     IN      SOA

;; ANSWER SECTION:

;; AUTHORITY SECTION:
volution.gopher.        86400   IN      NS      dns1.services.volution.gopher.

;; ADDITIONAL SECTION:
dns1.services.volution.gopher.  86400   IN      A       194.102.63.38

;; Query time: 235 msec
;; SERVER: 207.192.71.13
;; WHEN: Sun Oct 19 10:57:41 2014
;; MSG SIZE  rcvd: 77

checking if the A record of your domain is resolvable starting from one of the OpenNIC Tier2 name-servers:

drill -t A volution.gopher. @tier2.opennic.glue.

;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 26574
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 
;; QUESTION SECTION:
;; volution.gopher.     IN      A

;; ANSWER SECTION:
volution.gopher.        360     IN      A       194.102.63.38

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 565 msec
;; SERVER: 46.151.208.154
;; WHEN: Sun Oct 19 10:58:21 2014
;; MSG SIZE  rcvd: 49

OpenNIC miscellanea

Finding the OpenNIC Tier1 name-servers

either access the wiki page at http://wiki.opennicproject.org/Tier1;
either make a DNS query for tier1.opennic.glue, like:
- ```
drill -t A tier1.opennic.glue. @dns.geek.id.au.
```

Finding the OpenNIC Tier2 name-servers

either access the wiki page at http://wiki.opennicproject.org/Tier2;
either make a DNS query for tier2.opennic.glue, like:
- ```
drill -t A tier2.opennic.glue. @dns.geek.id.au.
```

CiprianDorinCraciun/Notes/Public/Gopher/OpenNic