Telecomix DNS is going next-level with our own decentralized infrastructure replacing the hierarchical DNS structure currently in place. Watch WeRebuild or Gitorious for updates on the progress, or check back here shortly to start using the new system.
So, some sites on your internets are blocked? In some cases this happens because your local government or a whimsy Internet Service provider blocks certain URLs on your interweb. Telecomix works for internauts anywhere in the network, and we would like to give you another service that has no censorship filters and provides some extra cool Top Level Domains.
If you have a router in your home, this is where you make the changes required to use our service. All routers have settings that ask you to enter the IP numbers for DNS. To access your router, consult the manual that came with it. Usually it is located at 192.168.1.1, 192.168.0.1 or 192.168.1.10. Enter user name and password, then go to "basic settings" or similar. Enter 91.191.136.152 as your primary DNS server . Then save settings. (Click here to see how it looks on a simple D-Link router.)
Remember: Write down the IP-addresses of your pre-defined DNS routers in order to easily reset everything if we go down for some reason.
For the changes to take effect you might have to reboot your computer(s) inside your home network, since they grab the DNS-server IP-numbers from your router.
To try out if you have been successful or not, enter dns.tcx in your web browser. You should then come back to this page.
If you have questions, the Telecomix crew is more or less of assistance 24 hours a day on chat.telecomix.org.
Everywhere in the world, more or less, someone is trying to block your internet traffic. Telecomix does not approve. We hack your blocks away!
This service is brought to you by the workgroup Denial of Nameserver Structure. This group is a joint collaboration between the Telecomix Crypto Munitions Bureau and the Telecomix Communications Agency.
We have servers over the world that provide the same service as your local Internet Service Provider. By using our servers instead of the one provided, you trust us to combine URLs with IP-numbers, rather than your ISP. We give you uncensored access plus a few bonus Top Level Domains. That are? :-)
No it's not. We promise to not eat your computer. The only thing that will happen is that you have the possibility to reach new sites and create your own internets and not be blocked. You don't have to be a hacker to get it working, just follow each step in the tutorial and everything will work out just fine. If you are unsure about anything and want help to get started just contact us. You can reach us in IRC
Install unbound, as it is simple to configure. It's in the repositories of major distributions like Debian and Ubuntu. It's primary focus is on simplicity and security, though not necessarily in that order. :)
After installing unbound, open the unbound.conf (you'll most likely find it in /etc/unbound) in your favorite text editor. The configuration starts with "server:" and everything else will be commented out. You need to enable a few of these settings by commenting them out, e.g. removing the "#" in front of it.
I'll only describe the settings you'll need to use your DNS as a resolver. Please read the manpage if you need any further information. This is no DNS-introduction. You either know what you want or you don't.
First, start by adding a new line under the exemplary interfaces that are listed in the file:
interface: 192.168.0.2(you need to use the internet-routeable IP address of your server here, of course.) The default port is 53. You might need to setup your firewall to allow traffic to and from Port 53.
Per default unbound will send outgoing DNS queries to authoritative servers. If you do not specify an interface, all of them will be used, if necessary.
Now we want to configure the nameserver to use UDP, therefore remove the "#" and maybe exchange the default "no" (not sure, might be different according to the distribution you're using):
do-udp: yes
Right now your DNS server cannot be queried by clients, meaning it won't resolve any name to an IP address. You can either specify an entire subnet or netblock to be allowed or forbidden to query your server. Don't like queries from specific countries? Ripe-search their ranges, exclude them. (You shouldn't do this, as it hinders the goal of this project.)
This might look like this (again, using private IP addresses!):
access-control: 192.168.0.0/24 allow access-control: 172.16.0.0/16 refuse
These are the basic settings for unbound.conf. I told you it was simple. There are several sane settings that unbound knows, which might improve the security of your server. Please take to time to read the documentation, which you will find here: http://www.unbound.net/documentation/index.html
I think we need an easier tutorial for windows. What to click, what to type etc.
Unbound for Windows: Installer: http://www.unbound.net/downloads/unbound_setup_1.4.6.exe Binary: http://www.unbound.net/downloads/unbound-1.4.6.zip
Please consider the Linux tutorial. The configuration will mostly stay the same. In case of any doubt, read the documentation.
Then there's the Windows DNS Server, which is a mess to configure. It really sucks, but it works. I would never run something like this, but if you have a spare Windows Server 2003/2008 and know the least basics of DNS, go ahead.
Almost any DNS for BSD should work? Maybe try unbound or bind9. bind9 (Version 9.7.1-P2) is in macports. The same goes for unbound 1.4.5.
Get SUNWbind and configure /etc/named.conf
BIND is in Cydia. You'll have to configure the server via SSH though.
Easy tutorial on installing BIND.
Easy tutorial on installing a home DNS server.
Most firmware's like OpenWRT/DD-WRT/Tomato etc can use dnsmasq to forward DNS queries. Telling dnsmasq to forward a TLD to a master or slave can be done in dnsmasq.conf:
server=/tld/1.2.3.4
Telecomix believes in the freedom of all kinds of data. Censorship on a DNS level only belong in authoritarian regimes that do not trust people to communicate freely. Blocking of complete websites is contrary to the fundamental right to freedom of speech as enshrined in various legislative instruments, including the European Convention on Human Rights. And, it is really easy to circumvent.
Moreover, we believe that the internets function at their very best when control and power is distributed. The centralization of DNS services makes the interweb weaker, and since we have lots of data power, why not give away some of the awesomest DNS for free. If you like our service and/or our intention, please flattr us using the button on this page. But you don't need to... if you like us, we'll like you back!
Telecomix grows as more people, bots and computers connect to us. Join us in the channel #dns on irc.telecomix.org or #telekompaketet, http://chat.telecomix.org for those with no IRC access. We hang out there, and no matter your skills, you are welcome to join us. We are internauts, friends, jellyfish, randoms...
Setup your own server! Start using an existing DNS server and register new domains. If you are using Ubuntu you can set up a DNS server with BIND or NSD.
