View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001263 | Main CAcert Website | certificate issuing | public | 2014-04-01 03:19 | 2015-01-20 20:36 |
| Reporter | g4jc | Assigned To | wytze | ||
| Priority | none | Severity | feature | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Fixed in Version | 2014 Q3 | ||||
| Summary | 0001263: Feature Request: Support OpenNIC TLDs | ||||
| Description | It is currently not possible to register a domain with OpenNIC as the website requires an e-mail to be sent to the domain, as CACert doesn't recognize the alternate TLDs (such as .geek, .free, etc.) it is not possible to encrypt an OpenNIC domain with CACert. It would be beneficial if either CACert allowed sending of e-mail to these domains by using an OpenNIC resolver, and/or allowing an alternative authentication mechanism for domain approval. | ||||
| Steps To Reproduce | 1) Register a domain with OpenNIC ( http://www.opennicproject.org/ ) >> http://reg.for.free 2) Get a Cert from CACert 3) Attempt to register your OpenNIC domain name 4) It will fail since it is not a recognizable domain. | ||||
| Tags | No tags attached. | ||||
| Reviewed by | |||||
| Test Instructions | |||||
|
|
After reading the relevant code, it seems that the only required change would be to forward queries for OpenNIC TLDs to OpenNIC resolvers. Enclosed is the unbound configuration for this; the “insecure-domain” part disables DNSSEC checking (for those TLDs), as I couldn't find a working trust-anchor for OpenNIC. Replace the servers by picking some from http://wiki.opennicproject.org/ClosestT2Servers |
|
|
unbound.conf (1,991 bytes)
server: domain-insecure: "bbs." domain-insecure: "dyn." domain-insecure: "free." domain-insecure: "fur." domain-insecure: "geek." domain-insecure: "gopher." domain-insecure: "indy." domain-insecure: "ing." domain-insecure: "micro." domain-insecure: "neo." domain-insecure: "null." domain-insecure: "oss." domain-insecure: "oz." domain-insecure: "parody." forward-zone: name: "bbs." forward-addr: 128.173.89.246 forward-addr: 69.164.208.50 forward-addr: 64.0.55.201 forward-zone: name: "dyn." forward-addr: 128.173.89.246 forward-addr: 69.164.208.50 forward-addr: 64.0.55.201 forward-zone: name: "free." forward-addr: 128.173.89.246 forward-addr: 69.164.208.50 forward-addr: 64.0.55.201 forward-zone: name: "fur." forward-addr: 128.173.89.246 forward-addr: 69.164.208.50 forward-addr: 64.0.55.201 forward-zone: name: "geek." forward-addr: 128.173.89.246 forward-addr: 69.164.208.50 forward-addr: 64.0.55.201 forward-zone: name: "gopher." forward-addr: 128.173.89.246 forward-addr: 69.164.208.50 forward-addr: 64.0.55.201 forward-zone: name: "indy." forward-addr: 128.173.89.246 forward-addr: 69.164.208.50 forward-addr: 64.0.55.201 forward-zone: name: "ing." forward-addr: 128.173.89.246 forward-addr: 69.164.208.50 forward-addr: 64.0.55.201 forward-zone: name: "micro." forward-addr: 128.173.89.246 forward-addr: 69.164.208.50 forward-addr: 64.0.55.201 forward-zone: name: "neo." forward-addr: 128.173.89.246 forward-addr: 69.164.208.50 forward-addr: 64.0.55.201 forward-zone: name: "null." forward-addr: 128.173.89.246 forward-addr: 69.164.208.50 forward-addr: 64.0.55.201 forward-zone: name: "oss." forward-addr: 128.173.89.246 forward-addr: 69.164.208.50 forward-addr: 64.0.55.201 forward-zone: name: "oz." forward-addr: 128.173.89.246 forward-addr: 69.164.208.50 forward-addr: 64.0.55.201 forward-zone: name: "parody." forward-addr: 128.173.89.246 forward-addr: 69.164.208.50 forward-addr: 64.0.55.201 |
|
|
The configuration of the unbound resolver on the CAcert firewalls has been modified to support forwarding to OpenNIC resolvers for the following 14 OpenNIC TLDs: .bbs, .dyn, .free, .fur, .geek, .gopher, .indy, .ing, .micro, .neo, .null, .oss, .oz, .parody All CAcert critical and infrastructure servers are using these two resolvers. Note that we are *not* closely monitoring OpenNIC, so when future updates to this list are needed, a new bug tracker item should be created referencing this one. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2014-04-01 03:19 | g4jc | New Issue | |
| 2014-04-01 21:36 | MartinGummi | Priority | normal => none |
| 2014-06-27 08:27 | nbraud | Note Added: 0004873 | |
| 2014-06-27 08:28 | nbraud | File Added: unbound.conf | |
| 2014-06-27 08:28 | nbraud | Note Edited: 0004873 | |
| 2014-09-15 13:22 | wytze | Assigned To | => wytze |
| 2014-09-15 13:28 | wytze | Note Added: 0005007 | |
| 2014-09-15 13:28 | wytze | Status | new => solved? |
| 2014-09-15 13:28 | wytze | Fixed in Version | => 2014 Q3 |
| 2014-09-15 13:28 | wytze | Resolution | open => fixed |
| 2015-01-20 20:36 | INOPIAE | Status | solved? => closed |
