Blog indexRollingšŸ„ŽblogPermalink

Dnsmasq and OpenNIC

Jake Thoughts ā€” 07 Apr 2021 09:43:15 -0400

I've come up with a method that will work 100% of the times with accessing OpenNIC tlds (provided the upstream DNS doesn't catch on fire) and allows me to access ICANN tlds. As you probably have figured out from the title, using dnsmasq. I know this method works because I forgot to mention it on my humble blog because it works and didn't bother me until I realized that upon reading my previous blog post that, it warrants an update.

When I say dnsmasq, I do not mean NetworkManager's implementation of it. If an enslaved dnsmasq works with NetworkManager using my way of doing it then that is good but I am running a separate dnsmasq process that is not enslaved. I will go ahead and say NetworkManager will fail to run if systemd-resolved does not work so you will need put under your [main], 'dns=none' and 'systemd-resolved=false' in a NetworkManager's conf file. This stops NetworkManager from turning on systemd-resolved and it won't do some weird self DNS stuff. Additionally, in my previous post I made a suggestion about [global-dns-domain-*]. Just ignore it. It only works when it wants to and doesn't even store a local cache as far as I could tell.

In my /etc/resolv.conf my upstream DNS is and ::1. My computer queries the DNS server located at '' or '::1' on port 53 and if neither have an answer then the DNS server ('' or '::1') asks it's upstream DNS servers (as determined in it's config file) for an answer.

In my /etc/dnsmasq.conf I have the following:

  • server=35.35.554.453 (ISP dns server)
  • server=/geek/libre/fur/cyb/chan/epic/neo/glue/parody/oss/pirate/indy/dyn/bbs/gopher/o/
  • server=/ti/uu/te/ku/ko/rm/
  • server=/null/oz/
  • server=/lib/bit/coin/emc/bazar/

Dnsmasq goes down the list of dns servers from top to bottom to try unless it is told to stop by a DNS server. Normally, when trying to access .geek tld, my ISP's DNS server would tell dnsmasq to essentially, just stop seeking I think (no idea what is actually happening behind the scenes). But with the /geek/.../ thing dnsmasq directly queries this server rather than go from top to bottom. If that server gives dnsmasq an answer then dnsmasq stores it in its cache! You can determine if dnsmasq is caching things with the dig or the drill command.

'o' tld does not work and I don't know why. Somehow they're using a github repository as a DNS server? How do you query that? I've already added a bunch of other tlds that aren't OpenNIC with my config file. Good luck finding any non-OpenNIC websites though! You will need it. Grep.geek doesn't crawl through New Nation's tld (.ti (tibet), .uu (uyghur), .te (tamil eelam), .ku (kurdish), .ko ('internal use'), .rm ('private use') so if there even is an actual domain associated with these tlds (there is a shockingly very good chance that there isn't) I haven't found them. Grep.geek has crawled through some .fur websites ... It seems that the only person who uses the .fur tld is the same person who runs the tier 1 DNS server(s) for the tld. Through more work than should be required, I can confirm that bazar tld is being used, at least by one person.

Other thoughts

Due to abuse (the comments you see now are not abuse), commenting will be disabled for sometime. Send an email or something.