Aral Balkan @aral

OpenNIC: the unsung hero of the future?

So I’m ashamed to say that I’ve basically been ignorant of the fact that there’s been an alternate democratic/open/post-Capitalist domain name system operating since 2000. It’s called OpenNIC ( and – with a bit of design love and creative marketing – I don’t see why we couldn't get widespread support for it. It would be a huge step forward for decentralisation/individual sovereignty.

· Web · 32 · 36

@aral but what happens if the same TLD will be given away via #ICANN and #OpenNIC? #dns

@saper The sky falls :) (Apparently happened with .free and OpenNIC moved to .libre instead.) Then again, if OpenNIC gains traction (will need lots of buy-in, promotion, etc. but definitely possible) then maybe ICAAN would have to talk to them and not dictate the universal namespace.

@aral I found it some months ago but I didn't understood well how it works.

Hope your push clarifies it a little.

@ekaitz_zarraga Just tested it out today. Worked a charm (just forwarded http://aral.indy to my personal site ( Took a few hours to propagate and then boom. Only change was adding a Tier-2 OpenNIC DNS server (or two or three) to my DNS settings on my Mac.

@aral Aaaaah I get it.

It's not very usable for final users, but for applications could be... Hmmmmmm

I have a couple of projects where I can fit this.

@aral i've used foolDNS for a while now as well as my own pihole forwarding to stable DNS' but this looks quite promising. Interesting that they even have their own TLD.

@ZiiX @ekaitz_zarraga Thanks for the heads up – reading about it now :)

@aral Been using OpenNic for around 5 years now combined with DNScrypt. Main problem is that resolvers come and go so now and then DNS will break and you'll have to change the resolver (manually).
@aral Another issue is that you basically have to trust that e.g. if they say they don't keep logs that they really don't. But of course that's an issue with any DNS provider.

@hattiecat @aral - strategically a dilemma of "the non-existent transparent-and-verifiable distributed open source solution" (difficult to verify live server code+config).

E.g. the trust issue with logging.

Each "node" needs to be able to verify that each other connected node is running a "verified" version (by some form of #checksum calculation?) that somehow "proves" that logging is not happening. I wonder if that is technically possible... Complex at least.

@aral mmm ... yes ... there is all we need since 2000ish to decentralise internet... but noone cares apparently ... been there , waiting for 15y to have ppl to follow in BXL on wifi p2p network with advanced tech... but heck, everybody got vdsl/4G with gratis FB so it's just a waste of time apparently ... :/
or not ?

@aral sounds great. and some of the servers also support DNSCrypt.

@aral There were dozens of alternative roots before OpenNIC and there are still some. They all fail for the same reason: people want some.thing to mean the same thing whatever the configuration of their #DNS resolver.

@aral That's not the one (eDNS) founded by the same guy who founded the Tea Party, but I see no reason to think it's any less crankish.

@mattskala Not sure what you find “crankish” in a democratic, non-capitalist domain name system (or, inversely, what’s inherently acceptable about a commercially-owned-and-controlled system of identifiers for humanity which is what we have today with the mainstream implementation).

@aral The idea that the domain name system should be a tool for political change at all, is a good start. I'd have the same opinion of a group that tried to popularize an "alternate" set of telephone numbers for political reasons, or an "alternate" set of units of measure to replace SI for political reasons (despite that SI itself started that way). Standards organizations are an inappropriate place to start trying to smash capitalism even if you think smashing capitalism is a worthy goal.