Web3 with dnsmasq

I have a web3 tld + domain from freename - freename has teamed up with something called noto which provides a dns servers that resolve (freename) web3 domains, dns servers are list here. It does work (resolves).

Now.. My default wan interface get's it's ip address with DHCP and DNS is configured to 1.1.1.1 and 8.8.8.8 (my ISP does not seem to have/use it's own dns servers). And I'd like to keep those in the list, but add noto's dns ip addresses. This, I was able to do. Unfortunately, web3 domains do not resolve - I think this is because 1.1.1.1 is working and it reports that domain was not found(obviously) - what I'd like to do, is to have dnsmasq check if domain is found with other dns servers, if first one failed to find it - but I don't know name of such feature, so it's difficult to even search guidance for that topic.

Idea here is that web3 domains would resolve on LAN without any additional setup (router handling resolving). I know, I could setup web3 dns and ignore 1.1.1.1 and 8.8.8.8 - but I am not sure if I can trust to noto DNS in anything else besides web3 domains (while it not being even universal, does not support for example, unstoppable's domains).

So... What is this feature called, is it supported, how can I enable it; ideas how to get this to work?

So you want to report every domain you look up to web3?

Report?

Normal domain:
rauta.eu

web3 domain:
oskari.rauta

both map to same ip address. But I want to keep using 1.1.1.1 and 8.8.8.8 and whatever.. but when it fails, I want it to try noto's dns domain it is found there(web3) when it wasn't on the standard realm.

With 1.1.1.1 rauta.eu is found, but oskari.rauta is not(because it's web3 domain). with noto's dns, both are found, but I still would like to choose 1.1.1.1 and 8.8.8.8 as primary DNS sources, just backed up by noto to provide web3 connectivity.

If I change my /tmp/resolv.conf.d/resolv.conf.auto to only contain name servers 34.154.40.173 and 34.154.254.177 (noto's dns) either by commenting out 1.1.1.1 and others, or by removing them completely; followed by restart of dnsmasq, all works - but I know it all comes then from noto.....

This is definitive list of current TLDs.
https://www.iana.org/domains/root/db

Do:

uci add_list dhcp.@dnsmasq[0].server='/yourdomain.tld/34.154.40.173'
uci commit dhcp
service dnsmasq restart

Not sure if it would make sense to add another entry for a secondary resolver, maybe someone more knowledgable about dnsmasq can chime in on that.

You can also set up an https-dns-proxy instance for noto.network's DoH resolver and then use the instance IP/port instead of the 34.154.40.173. That is if you want to prevent your ISP from snooping on/modifying results of the name resolution.

Actually other way around. But i would not try service where tlds is common tlds plus unicode no-charactrr... Just 5 kBucks and its yours to keep

No, actually this is the way.

Great, I was replying to @oskari.rauta, sorry if it showed up as a reply to you.

@brada4

This is definitive list of current TLDs.
https://www.iana.org/domains/root/db

Yes, that's iana domains. web3 layer is separate, web3 domains are used for various things, but one of features is that you can use them as normal domains, there are browser plugins for this - but that's not good as usage would then be limited to browsers, and even so - plugins do not exist for Safari and I have no reason to use brave/chrome/etc..

Actually other way around. But i would not try service where tlds is common tlds plus unicode no-charactrr... Just 5 kBucks and its yours to keep

No - that won't work. If I have a website or what ever service that is designed for web3, using only web3 - how would it work if it links.. well, in my case, what if I would be having a web3 designed page, where it's image url refs are http://oskari.rauta/... - it would be broken once again.

You can also set up an https-dns-proxy instance for noto.network's DoH resolver and then use the instance IP/port instead of the 34.154.40.173. That is if you want to prevent your ISP from snooping on/modifying results of the name resolution.

That actually sounds more of what I actually am looking for. My ISP won't be snooping/mofifying results, as my ISP does not have it's own DNS - 1.1.1.1 belongs to WARP - DHCP of my ISP suggests their service as DNS.. And afaik, they do not modify result, their service just can't resolve to it, as web3 layer is not supported by them (and likely-hood of them not supporting it ever is more than 99%)

@stangri

Unfortunately that is not the way at all; I can add what-ever servers that way, but even while in the example; I added only one of my own domains, truth is that, I want all web3 domains to work (mine and others..) and there's.. propably hundred thousands of them, even by myself, I own about 20...
And if I change dns of my web3 domains - it would need appropriate changes to be made on dnsmasq virtual server configuration as well.
So I would need dnsmasq to query domains that weren't found from primary dns, to be tried to find from noto's dns.

I think these same instructions work with just the tld, which solves the problem of wanting it to work for all of them, assuming they all live under that tld

Maybe you can do dnsmasq “strict-order” option and put this dns server at the top, accepting that all other dns queries will experience added delay.

@lantis1008

that is exactly true. I do not want it to work on my own single TLD - I want them all to work, that's why noto's dns service exists.

If you do a nslookup on my web3 domain on, let's say 1.1.1.1..

# nslookup oskari.rauta 1.1.1.1
Server:		1.1.1.1
Address:	1.1.1.1:53

** server can't find oskari.rauta: NXDOMAIN
** server can't find oskari.rauta: NXDOMAIN

and then same with noto's dns..

# nslookup oskari.rauta 34.154.40.173
Server: 34.154.40.173
Address: 34.154.40.173:53

Non-authoritative answer:
Name: oskari.rauta
Address: 154.16.112.92

I want noto's dns to be attempted, after 1.1.1.1 (and 8.8.8.8 and what ever there is listed..) fails to find domain.

Maybe you can do dnsmasq “strict-order” option and put this dns server at the top, accepting that all other dns queries will experience added delay.

That then wouldn't put 1.1.1.1 as my primary dns, in that case, I could just get rid of every other server beside noto's. They update normal layer very slowly..

That wasn't obvious to me from your original post, so my suggestion was for your own domain only. AFAIR, you can add TLDs like that as well, so you have a few options:

  1. Assign IANA current TLDs from the link @brada4 posted to Cloudflare/Google name resolvers and resolve everything else with noto, or
  2. Assign web3 TLDs to noto's DNS and resolve everything else with Cloudflare/Google, or
  3. Find the trusted resolver which is web3-aware and use that one exclusively
1 Like

@stangri

Sorry, that's my bad.

web3 TLDs can be what ever.. not limiting to 3 characters, but can be longer.. or shorter too as long as they are not used on iana.. So assigning to them is difficult, how could one separate them like that, when on the first place; it's unknown, and even if you could.. What happens when someone buys himself a new TLD? That I would again, need to add to the list.. TLDs are purchased every day. Propably thousands of them.

Assign IANA current TLDs from the link @brada4 posted to Cloudflare/Google name resolvers and resolve everything else with noto

Yes, this is exactly what I am looking for. But how's that done? On start of dnsmasq, it should retrieve a list from that link.. Add set them up, otherwise - my dnsmasq configuration.. yes.. will be that 5kb.. and would need manual updates, when ever new TLDs are supported by IANA.

Find the trusted resolver which is web3-aware and use that one exclusively
There is only one.. Noto..

in /etc/config/dhcp:

        list server '/aaa/1.1.1.2'
        list server '/aarp/1.1.1.2'
..... list of all legit domains....
        list server '/zw/1.1.1.2'
        list server '34.154.40.173'
        list server '34.154.254.177'
1 Like