View Issue Details

IDProjectCategoryView StatusLast Update
0001263Main CAcert Websitecertificate issuingpublic2015-01-20 20:36
Reporterg4jc Assigned Towytze  
PrioritynoneSeverityfeatureReproducibilityalways
Status closedResolutionfixed 
Fixed in Version2014 Q3 
Summary0001263: Feature Request: Support OpenNIC TLDs
DescriptionIt is currently not possible to register a domain with OpenNIC as the website requires an e-mail to be sent to the domain, as CACert doesn't recognize the alternate TLDs (such as .geek, .free, etc.) it is not possible to encrypt an OpenNIC domain with CACert. It would be beneficial if either CACert allowed sending of e-mail to these domains by using an OpenNIC resolver, and/or allowing an alternative authentication mechanism for domain approval.
Steps To Reproduce1) Register a domain with OpenNIC ( http://www.opennicproject.org/ ) >> http://reg.for.free
2) Get a Cert from CACert
3) Attempt to register your OpenNIC domain name
4) It will fail since it is not a recognizable domain.
TagsNo tags attached.
Reviewed by
Test Instructions

Activities

nbraud

2014-06-27 08:27

reporter   ~0004873

Last edited: 2014-06-27 08:28

View 2 revisions

After reading the relevant code, it seems that the only required change would be to forward queries for OpenNIC TLDs to OpenNIC resolvers.

Enclosed is the unbound configuration for this; the “insecure-domain” part disables DNSSEC checking (for those TLDs), as I couldn't find a working trust-anchor for OpenNIC.
Replace the servers by picking some from http://wiki.opennicproject.org/ClosestT2Servers

nbraud

2014-06-27 08:28

reporter  

unbound.conf (1,991 bytes)   
server:
	domain-insecure: "bbs."
	domain-insecure: "dyn."
	domain-insecure: "free."
	domain-insecure: "fur."
	domain-insecure: "geek."
	domain-insecure: "gopher."
	domain-insecure: "indy."
	domain-insecure: "ing."
	domain-insecure: "micro."
	domain-insecure: "neo."
	domain-insecure: "null."
	domain-insecure: "oss."
	domain-insecure: "oz."
	domain-insecure: "parody."


forward-zone:
	name: "bbs."
	forward-addr: 128.173.89.246
	forward-addr: 69.164.208.50
	forward-addr: 64.0.55.201

forward-zone:
	name: "dyn."
	forward-addr: 128.173.89.246
	forward-addr: 69.164.208.50
	forward-addr: 64.0.55.201

forward-zone:
	name: "free."
	forward-addr: 128.173.89.246
	forward-addr: 69.164.208.50
	forward-addr: 64.0.55.201

forward-zone:
	name: "fur."
	forward-addr: 128.173.89.246
	forward-addr: 69.164.208.50
	forward-addr: 64.0.55.201

forward-zone:
	name: "geek."
	forward-addr: 128.173.89.246
	forward-addr: 69.164.208.50
	forward-addr: 64.0.55.201

forward-zone:
	name: "gopher."
	forward-addr: 128.173.89.246
	forward-addr: 69.164.208.50
	forward-addr: 64.0.55.201

forward-zone:
	name: "indy."
	forward-addr: 128.173.89.246
	forward-addr: 69.164.208.50
	forward-addr: 64.0.55.201

forward-zone:
	name: "ing."
	forward-addr: 128.173.89.246
	forward-addr: 69.164.208.50
	forward-addr: 64.0.55.201

forward-zone:
	name: "micro."
	forward-addr: 128.173.89.246
	forward-addr: 69.164.208.50
	forward-addr: 64.0.55.201

forward-zone:
	name: "neo."
	forward-addr: 128.173.89.246
	forward-addr: 69.164.208.50
	forward-addr: 64.0.55.201

forward-zone:
	name: "null."
	forward-addr: 128.173.89.246
	forward-addr: 69.164.208.50
	forward-addr: 64.0.55.201

forward-zone:
	name: "oss."
	forward-addr: 128.173.89.246
	forward-addr: 69.164.208.50
	forward-addr: 64.0.55.201

forward-zone:
	name: "oz."
	forward-addr: 128.173.89.246
	forward-addr: 69.164.208.50
	forward-addr: 64.0.55.201

forward-zone:
	name: "parody."
	forward-addr: 128.173.89.246
	forward-addr: 69.164.208.50
	forward-addr: 64.0.55.201
unbound.conf (1,991 bytes)   

wytze

2014-09-15 13:28

developer   ~0005007

The configuration of the unbound resolver on the CAcert firewalls has been modified to support forwarding to OpenNIC resolvers for the following 14 OpenNIC TLDs:
.bbs, .dyn, .free, .fur, .geek, .gopher, .indy, .ing, .micro, .neo, .null, .oss, .oz, .parody
All CAcert critical and infrastructure servers are using these two resolvers.

Note that we are *not* closely monitoring OpenNIC, so when future updates to this list are needed, a new bug tracker item should be created referencing this one.

Issue History

Date Modified Username Field Change
2014-04-01 03:19 g4jc New Issue
2014-04-01 21:36 MartinGummi Priority normal => none
2014-06-27 08:27 nbraud Note Added: 0004873
2014-06-27 08:28 nbraud File Added: unbound.conf
2014-06-27 08:28 nbraud Note Edited: 0004873 View Revisions
2014-09-15 13:22 wytze Assigned To => wytze
2014-09-15 13:28 wytze Note Added: 0005007
2014-09-15 13:28 wytze Status new => solved?
2014-09-15 13:28 wytze Fixed in Version => 2014 Q3
2014-09-15 13:28 wytze Resolution open => fixed
2015-01-20 20:36 INOPIAE Status solved? => closed