Achievements.md
... ...
@@ -1,6 +0,0 @@
1
-Add what you did in/for dn42, yet:
2
-
3
-| Who | #peerings | Bandwidth | DNS | Fileserver | Network service | Website |
4
-|:------- |:--------- |:--------- |:--- |:---------- |:--------------- |:--------- |
5
-| allo | 7 | 1 GBit/s | auth. only | no | no | yes |
6
-| stv0g | 8 | 1 GBit/s | no | no | no | [yes](https://dev.0l.dn42) |
Frequently-Asked-Questions.md
... ...
@@ -1,41 +0,0 @@
1
-[[_TOC_]]
2
-
3
-## Why are you using monotone for the registry? Why not GIT?
4
-
5
-There is an important difference between the data model of monotone and GIT: In GIT branches *are* HEADs, while in monotone, branches are a list of HEADs. Or, to state it simpler and probably less correct: It is possible to sync merge conflicts in monotone. In GIT, conflicts are part of the index and/or working tree, and thus can't be pushed/pulled.
6
-
7
-The DN42 registry is stored on multiple monotone servers which sync with each other. This is not possible in GIT, because the GIT servers don't know how to handle merge conflicts. In monotone, the servers just sync the conflict.
8
-
9
-
10
-## What about IPv6 in DN42?
11
-
12
-There are some ASes in DN42 that route IPv6 traffic. It is not yet agreed upon what prefixes should be used. The following proposals are the more sane ones:
13
-
14
-* Use Unique Local Addresses (ULAs). This is the *fd00::/8* range. In theory, this would be the obvious winner of this debate. They were standardised for exactly this purpose (not publicly routed networks that still want to use unique prefixes). Sadly, this would require you to announce two prefixes in your LAN if you want to use stateless autoconfiguration and no NAT: The ULA and a globally routed prefix. It is not yet known if this really works. [RFC 3484](http://www.rfc-editor.org/rfc/rfc3484.txt) demands a behavior that would make this work at the moment (until globally routed addresses from 8000::/1 are used).
15
-[This](http://www.sixxs.net/tools/grh/ula) generator can be used to generate a ULA prefix from one of your MAC addresses.
16
-* Use your globally unique PA space. This fixes the LAN-issue, because you only need to announce a single prefix. However, this complicates prefix filtering for everybody, and can lead to strange routing patterns, where packets are routed partially on dn42 and partially through the Internet.
17
-
18
-(*TODO*)
19
-
20
-At the moment, it is safe to assume that everyone doing IPv6 routing accepts at least prefixes from fd00::/8 with prefix lengths between 48 and 64 bits (inclusive) if they are part of the registry.
21
-
22
-
23
-## Why are you using ASN in the 76100-76199 range?
24
-
25
-Yes, we know that this is not private ASN space (rather, it is part of the reserved block 65552-131071, see [IANA](http://www.iana.org/assignments/as-numbers/as-numbers.xhtml)).
26
-
27
-We used to assign ASN in the 64600-64855 range, where you would get ASN 64600+X if you had 172.22.X.0/24. Since we are now assigning /25 by default, and we have extended the address range to include 172.23.0.0/16, this is legacy.
28
-
29
-Another issue with the private ASN range 64512-65534: other projects are also using it (for instance, Freifunk, Anonet, etc), which can lead to conflicts.
30
-
31
-Fortunately, [RFC6996](http://tools.ietf.org/html/rfc6996) defines a new private ASN range: 4200000000-4294967294. Given the size of this range, there is little chance of running into a conflict.
32
-
33
-We now encourage dn42 users to use the newly-allocated ranges in **4242420000-4242429999**. See the [registry page](Services-Whois#AS-numbers) for details.
34
-
35
-
36
-## What BGP daemon should I use?
37
-
38
-This is really up to you: that's the magic of open protocols.
39
-
40
-As of 2014, most people seem to use either Quagga or Bird (with a growing preference for Bird). You may also encounter users of OpenBGPd. Even more occasionally, people use hardware BGP routers in dn42, for instance [Extreme Networks](howto/bgp-on-extreme-summit1i) hardware.
41
-
Getting-started-with-dn42.md
... ...
@@ -1,125 +0,0 @@
1
-You want to join dn42, but you don't know where to start. This guide gives general guidelines about dn42 and routing in general, but it assumes that you are knowledgeable with routing.
2
-
3
-# Requirements
4
-
5
-- you have at least one router running 24/7. Any Linux or BSD box can be turned into a router. If your home router runs OpenWRT, you might consider using it for dn42.
6
-- your router is able to establish network tunnels over the Internet (GRE, OpenVPN, IPSec, Tinc...). Beware, your network operator might filter this kind of traffic, e.g. in schools or universities.
7
-- you are generally knowledgable with networking and routing (i.e. you've heard about BGP, IGP, forwarding, and you're willing to configure a BGP router such as Quagga or Bird)
8
-
9
-# Formalities
10
-
11
-Don't worry, it's not as tedious as registering with a RIR ;)
12
-
13
-## Subscribe to the mailing list
14
-
15
-This is important, as it allows to stay up-to-date on best practices, new services, security issues...
16
-
17
-See [Home#Contact](Home#Contact) to subscribe.
18
-
19
-## Fill in the registry
20
-
21
-You must create several objects in the registry. The recommended method is to use the [web interface](https://io.nixnodes.net/?registry), but you may still work directly with the [monotone repository](Services-Whois#Monotone).
22
-
23
-This example assumes that your name is `<FOO>`, part of an organisation called `<FOO-ORG>` (for instance, your hackerspace). Obviously, these should be replaced by the appropriate values in all examples below.
24
-
25
-We will create several types of objects: **maintainer** objects, which have an associated password and allow you to authenticate so that you can edit your own objects; **person** objects, which describe people or organisations and provide contact information; and finally, all other objects, which are resources (AS number, IP subnet, DNS zone, etc).
26
-
27
-### Create a maintainer object
28
-
29
-Create a `mntner` object named `<FOO>-MNT`. It will be used to edit all the objects that are under your responsibility.
30
-
31
-- choose a password, and don't forget it. **Note:** even though the field is named `sha512-pw`, you must enter *your password* directly, *not* the sha512 of your password.
32
-- use `DUMMY-DN42` as `admin-c` and `tech-c`. We will update this later.
33
-- use `<FOO>-MNT` as `mnt-by`, otherwise, you won't be able to edit your maintainer object.
34
-
35
-### Create person objects
36
-
37
-Create a `person` object for **yourself** (not your organisation/hackerspace/whatever).
38
-
39
-- use something like `<FOO>-DN42` as `nic-hdl`, it should end with `-DN42`.
40
-- the `person` field is more freeform, you may use your nickname or even real name here.
41
-- provide an email.
42
-- you may provide additional ways of contacting you, using one or more `contact` field. For instance `xmpp:luke@theforce.net`, `irc:luke42@hackint`, `twitter: TheGreatLuke`.
43
-- you may whish to add other fields, such as `pgp-id`, `pgp-fingerprint`, `remarks`, and so on.
44
-- don't forget to set `mnt-by` to `<FOO>-MNT`.
45
-
46
-You must now edit the maintainer object created earlier, to properly fill in the `admin-c` and `tech-c` fields (set them to `<FOO>-DN42`).
47
-
48
-If you intend to register resources for an organisation (e.g. your hackerspace), you must also create an `organisation` object for your organisation:
49
-
50
-- `organisation` is of the form `<ORG-FOO>`.
51
-- email should be a contact address for your organisation, or maybe a mailing list (but people should be able to send email without subscribing).
52
-- you may provide a website (`www` field).
53
-- don't forget to set `mnt-by` to `<FOO>-MNT`, since you're managing this object on behalf of your organisation.
54
-
55
-### Guidelines for future objects
56
-
57
-From now on, you should use:
58
-
59
-- `admin-c: <FOO>-DN42` and `tech-c: <FOO>-DN42` for your own resources.
60
-- `admin-c: <ORG-FOO>` and `tech-c: <FOO>-DN42` for the resources of your organisation.
61
-- `mnt-by: <FOO>-MNT` for all objects, so that you can edit them later.
62
-
63
-This applies to AS numbers, network prefixes, routes, DNS records...
64
-
65
-### Register an AS number
66
-
67
-To register an AS number, simply create an `autnum` object.
68
-
69
-Your AS number can be chosen arbitrarily in the dn42 ASN space, look at the `as-block` objects. The historic ASN space is around 64600-64855 and 76100-76200. Starting from June 2014, **you must allocate your AS number in the new 4242420000-4242423999 range**.
70
-
71
-For a list of currently assigned AS numbers, see http://ix.ucis.nl/dn42/as.php. This list is automatically built from the registry.
72
-
73
-If you intend to use an ASN outside of the native dn42 ranges, please check that it doesn't clash with the [Freifunk AS-Numbers] (http://wiki.freifunk.net/AS-Nummern) or other networks (ChaosVPN, etc). For a list of ASN currently announced in dn42, see [this map](http://nixnodes.net/dn42/graph/) or [this list](http://109.24.208.244:8888/dn42/lastseen/).
74
-
75
-If unsure, ask on the mailing list or IRC.
76
-
77
-### Register a network prefix
78
-
79
-To register an IPv4 network prefix, simply create an `inetnum` object.
80
-
81
-You may choose your network prefix in one of the currently open netblocks. There is also a [graphical visualisation of the assigned ranges](http://109.24.208.244:8888/dn42-netblock-visu/registry.html).
82
-
83
-The current guideline is to allocate a /25 by default, keeping space for a /23. You may allocate more than a /25 if you need to, but no more than a /23. In particular, if you want reverse DNS for your prefix, you will need at least a /24. (check? maybe the scripts in the repo are clever enough)
84
-
85
-
86
-# Get some peers
87
-
88
-In dn42, there is no real distinction between peering and transit: in most cases, everybody serves as an upstream provider to all its peers. Note that if you have very slow connectivity to the Internet, you may want to avoid providing transit between your peers, which can be done by filtering or prepending your ASN.
89
-
90
-If you don't know anybody who can peer with you, you can use this tool: http://peerfinder.polyno.me
91
-
92
-It will let you find people to peer with. You can then contact them on IRC or by email. In case you're really at loss, you can also ask for peers on the mailing list.
93
-
94
-## Establishing tunnels
95
-
96
-Unless your dn42 peers are on the same network, you must establish tunnels. Choose anything you like: OpenVPN, GRE, GRE + IPSec, IPIP, Tinc, ...
97
-
98
-There is some documentation in this wiki, like [gre-plus-ipsec](howto/gre-plus-ipsec).
99
-
100
-## Running a routing daemon
101
-
102
-You need a routing daemon to speak BGP with your peers. People usually run Quagga or Bird, but you may use anything (OpenBGPD, XORP, somebody even used an old [hardware router](howto/bgp-on-extreme-summit1i) ). See the relevant [FAQ entry](Frequently-Asked-Questions#What-BGP-daemon-should-I-use?).
103
-
104
-You can find [configuration examples for Bird here](howto/bird).
105
-
106
-Some [documentation of the old wiki] (http://dn42.volcanis.me/initenv/wiki/HowToPeer.html) might still be handy, but remember that everything there is terribly outdated.
107
-
108
-## Configuration Examples
109
-
110
-* [EdgeOS Configuration](EdgeOS-Config-Example)
111
-* [EdgeOS GRE/IPsec Example](howto/EdgeOS-GRE-IPsec-Example)
112
-* [BGP on Extreme Networks Summit 1i](howto/bgp-on-extreme-summit1i)
113
-* [dn42 on OpenWRT](howto/dn42-on-OpenWRT)
114
-* [Bird](howto/bird)
115
-* [IPsec with public key authentication](/howto/IPsecWithPublicKeys)
116
-
117
-# Configure DNS
118
-
119
-See [Services DNS](Services-DNS).
120
-
121
-# Use and provide services
122
-
123
-See [internal](internal) for internal services.
124
-
125
-Don't hesitate to provide interesting services, but *please*, document them on the wiki! Otherwise, nobody will use them because nobody can guess they even exist.
... ...
\ No newline at end of file
IPv6-Anycast.md
... ...
@@ -1,20 +0,0 @@
1
-We provide some anycast services over IPv6.
2
-
3
-## Anycast address space
4
-
5
-**fd42:d42:d42::/48** is reserved for anycast services.
6
-
7
-Each anycast service runs on a dedicated /64 in this range. This way, nobody needs to update filters.
8
-
9
-Remember, if you announce an anycast /64, then you need to provide **all** services within this /64. It's probably simpler to only provide one service for each /64.
10
-
11
-## Anycast services
12
-
13
-| **Name** | **/64 prefix announced** | **Service address** | **Protocol/port** | **Comment** |
14
-|----------|-------------------------|---------------------|-------------------|---|
15
-| Recursive DNS resolver | `fd42:d42:d42:53::/64` | `fd42:d42:d42:53::1` | UDP/53 | `.` and `dn42.` [Providers](Providing-Anycast-DNS#Persons-providing-anycast-DNS-for-IPv6) |
16
-
17
-### Future services
18
-
19
-- streaming
20
-- other kind of DNS (authoritative-only, recursive for `dn42` only)
... ...
\ No newline at end of file
Munin.md
howto/Frequently-Asked-Questions.md
... ...
@@ -0,0 +1,41 @@
1
+[[_TOC_]]
2
+
3
+## Why are you using monotone for the registry? Why not GIT?
4
+
5
+There is an important difference between the data model of monotone and GIT: In GIT branches *are* HEADs, while in monotone, branches are a list of HEADs. Or, to state it simpler and probably less correct: It is possible to sync merge conflicts in monotone. In GIT, conflicts are part of the index and/or working tree, and thus can't be pushed/pulled.
6
+
7
+The DN42 registry is stored on multiple monotone servers which sync with each other. This is not possible in GIT, because the GIT servers don't know how to handle merge conflicts. In monotone, the servers just sync the conflict.
8
+
9
+
10
+## What about IPv6 in DN42?
11
+
12
+There are some ASes in DN42 that route IPv6 traffic. It is not yet agreed upon what prefixes should be used. The following proposals are the more sane ones:
13
+
14
+* Use Unique Local Addresses (ULAs). This is the *fd00::/8* range. In theory, this would be the obvious winner of this debate. They were standardised for exactly this purpose (not publicly routed networks that still want to use unique prefixes). Sadly, this would require you to announce two prefixes in your LAN if you want to use stateless autoconfiguration and no NAT: The ULA and a globally routed prefix. It is not yet known if this really works. [RFC 3484](http://www.rfc-editor.org/rfc/rfc3484.txt) demands a behavior that would make this work at the moment (until globally routed addresses from 8000::/1 are used).
15
+[This](http://www.sixxs.net/tools/grh/ula) generator can be used to generate a ULA prefix from one of your MAC addresses.
16
+* Use your globally unique PA space. This fixes the LAN-issue, because you only need to announce a single prefix. However, this complicates prefix filtering for everybody, and can lead to strange routing patterns, where packets are routed partially on dn42 and partially through the Internet.
17
+
18
+(*TODO*)
19
+
20
+At the moment, it is safe to assume that everyone doing IPv6 routing accepts at least prefixes from fd00::/8 with prefix lengths between 48 and 64 bits (inclusive) if they are part of the registry.
21
+
22
+
23
+## Why are you using ASN in the 76100-76199 range?
24
+
25
+Yes, we know that this is not private ASN space (rather, it is part of the reserved block 65552-131071, see [IANA](http://www.iana.org/assignments/as-numbers/as-numbers.xhtml)).
26
+
27
+We used to assign ASN in the 64600-64855 range, where you would get ASN 64600+X if you had 172.22.X.0/24. Since we are now assigning /25 by default, and we have extended the address range to include 172.23.0.0/16, this is legacy.
28
+
29
+Another issue with the private ASN range 64512-65534: other projects are also using it (for instance, Freifunk, Anonet, etc), which can lead to conflicts.
30
+
31
+Fortunately, [RFC6996](http://tools.ietf.org/html/rfc6996) defines a new private ASN range: 4200000000-4294967294. Given the size of this range, there is little chance of running into a conflict.
32
+
33
+We now encourage dn42 users to use the newly-allocated ranges in **4242420000-4242429999**. See the [registry page](Services-Whois#AS-numbers) for details.
34
+
35
+
36
+## What BGP daemon should I use?
37
+
38
+This is really up to you: that's the magic of open protocols.
39
+
40
+As of 2014, most people seem to use either Quagga or Bird (with a growing preference for Bird). You may also encounter users of OpenBGPd. Even more occasionally, people use hardware BGP routers in dn42, for instance [Extreme Networks](howto/bgp-on-extreme-summit1i) hardware.
41
+
howto/Getting-started-with-dn42.md
... ...
@@ -0,0 +1,125 @@
1
+You want to join dn42, but you don't know where to start. This guide gives general guidelines about dn42 and routing in general, but it assumes that you are knowledgeable with routing.
2
+
3
+# Requirements
4
+
5
+- you have at least one router running 24/7. Any Linux or BSD box can be turned into a router. If your home router runs OpenWRT, you might consider using it for dn42.
6
+- your router is able to establish network tunnels over the Internet (GRE, OpenVPN, IPSec, Tinc...). Beware, your network operator might filter this kind of traffic, e.g. in schools or universities.
7
+- you are generally knowledgable with networking and routing (i.e. you've heard about BGP, IGP, forwarding, and you're willing to configure a BGP router such as Quagga or Bird)
8
+
9
+# Formalities
10
+
11
+Don't worry, it's not as tedious as registering with a RIR ;)
12
+
13
+## Subscribe to the mailing list
14
+
15
+This is important, as it allows to stay up-to-date on best practices, new services, security issues...
16
+
17
+See [Home#Contact](Home#Contact) to subscribe.
18
+
19
+## Fill in the registry
20
+
21
+You must create several objects in the registry. The recommended method is to use the [web interface](https://io.nixnodes.net/?registry), but you may still work directly with the [monotone repository](Services-Whois#Monotone).
22
+
23
+This example assumes that your name is `<FOO>`, part of an organisation called `<FOO-ORG>` (for instance, your hackerspace). Obviously, these should be replaced by the appropriate values in all examples below.
24
+
25
+We will create several types of objects: **maintainer** objects, which have an associated password and allow you to authenticate so that you can edit your own objects; **person** objects, which describe people or organisations and provide contact information; and finally, all other objects, which are resources (AS number, IP subnet, DNS zone, etc).
26
+
27
+### Create a maintainer object
28
+
29
+Create a `mntner` object named `<FOO>-MNT`. It will be used to edit all the objects that are under your responsibility.
30
+
31
+- choose a password, and don't forget it. **Note:** even though the field is named `sha512-pw`, you must enter *your password* directly, *not* the sha512 of your password.
32
+- use `DUMMY-DN42` as `admin-c` and `tech-c`. We will update this later.
33
+- use `<FOO>-MNT` as `mnt-by`, otherwise, you won't be able to edit your maintainer object.
34
+
35
+### Create person objects
36
+
37
+Create a `person` object for **yourself** (not your organisation/hackerspace/whatever).
38
+
39
+- use something like `<FOO>-DN42` as `nic-hdl`, it should end with `-DN42`.
40
+- the `person` field is more freeform, you may use your nickname or even real name here.
41
+- provide an email.
42
+- you may provide additional ways of contacting you, using one or more `contact` field. For instance `xmpp:luke@theforce.net`, `irc:luke42@hackint`, `twitter: TheGreatLuke`.
43
+- you may whish to add other fields, such as `pgp-id`, `pgp-fingerprint`, `remarks`, and so on.
44
+- don't forget to set `mnt-by` to `<FOO>-MNT`.
45
+
46
+You must now edit the maintainer object created earlier, to properly fill in the `admin-c` and `tech-c` fields (set them to `<FOO>-DN42`).
47
+
48
+If you intend to register resources for an organisation (e.g. your hackerspace), you must also create an `organisation` object for your organisation:
49
+
50
+- `organisation` is of the form `<ORG-FOO>`.
51
+- email should be a contact address for your organisation, or maybe a mailing list (but people should be able to send email without subscribing).
52
+- you may provide a website (`www` field).
53
+- don't forget to set `mnt-by` to `<FOO>-MNT`, since you're managing this object on behalf of your organisation.
54
+
55
+### Guidelines for future objects
56
+
57
+From now on, you should use:
58
+
59
+- `admin-c: <FOO>-DN42` and `tech-c: <FOO>-DN42` for your own resources.
60
+- `admin-c: <ORG-FOO>` and `tech-c: <FOO>-DN42` for the resources of your organisation.
61
+- `mnt-by: <FOO>-MNT` for all objects, so that you can edit them later.
62
+
63
+This applies to AS numbers, network prefixes, routes, DNS records...
64
+
65
+### Register an AS number
66
+
67
+To register an AS number, simply create an `autnum` object.
68
+
69
+Your AS number can be chosen arbitrarily in the dn42 ASN space, look at the `as-block` objects. The historic ASN space is around 64600-64855 and 76100-76200. Starting from June 2014, **you must allocate your AS number in the new 4242420000-4242423999 range**.
70
+
71
+For a list of currently assigned AS numbers, see http://ix.ucis.nl/dn42/as.php. This list is automatically built from the registry.
72
+
73
+If you intend to use an ASN outside of the native dn42 ranges, please check that it doesn't clash with the [Freifunk AS-Numbers] (http://wiki.freifunk.net/AS-Nummern) or other networks (ChaosVPN, etc). For a list of ASN currently announced in dn42, see [this map](http://nixnodes.net/dn42/graph/) or [this list](http://109.24.208.244:8888/dn42/lastseen/).
74
+
75
+If unsure, ask on the mailing list or IRC.
76
+
77
+### Register a network prefix
78
+
79
+To register an IPv4 network prefix, simply create an `inetnum` object.
80
+
81
+You may choose your network prefix in one of the currently open netblocks. There is also a [graphical visualisation of the assigned ranges](http://109.24.208.244:8888/dn42-netblock-visu/registry.html).
82
+
83
+The current guideline is to allocate a /25 by default, keeping space for a /23. You may allocate more than a /25 if you need to, but no more than a /23. In particular, if you want reverse DNS for your prefix, you will need at least a /24. (check? maybe the scripts in the repo are clever enough)
84
+
85
+
86
+# Get some peers
87
+
88
+In dn42, there is no real distinction between peering and transit: in most cases, everybody serves as an upstream provider to all its peers. Note that if you have very slow connectivity to the Internet, you may want to avoid providing transit between your peers, which can be done by filtering or prepending your ASN.
89
+
90
+If you don't know anybody who can peer with you, you can use this tool: http://peerfinder.polyno.me
91
+
92
+It will let you find people to peer with. You can then contact them on IRC or by email. In case you're really at loss, you can also ask for peers on the mailing list.
93
+
94
+## Establishing tunnels
95
+
96
+Unless your dn42 peers are on the same network, you must establish tunnels. Choose anything you like: OpenVPN, GRE, GRE + IPSec, IPIP, Tinc, ...
97
+
98
+There is some documentation in this wiki, like [gre-plus-ipsec](howto/gre-plus-ipsec).
99
+
100
+## Running a routing daemon
101
+
102
+You need a routing daemon to speak BGP with your peers. People usually run Quagga or Bird, but you may use anything (OpenBGPD, XORP, somebody even used an old [hardware router](howto/bgp-on-extreme-summit1i) ). See the relevant [FAQ entry](Frequently-Asked-Questions#What-BGP-daemon-should-I-use?).
103
+
104
+You can find [configuration examples for Bird here](howto/bird).
105
+
106
+Some [documentation of the old wiki] (http://dn42.volcanis.me/initenv/wiki/HowToPeer.html) might still be handy, but remember that everything there is terribly outdated.
107
+
108
+## Configuration Examples
109
+
110
+* [EdgeOS Configuration](EdgeOS-Config-Example)
111
+* [EdgeOS GRE/IPsec Example](howto/EdgeOS-GRE-IPsec-Example)
112
+* [BGP on Extreme Networks Summit 1i](howto/bgp-on-extreme-summit1i)
113
+* [dn42 on OpenWRT](howto/dn42-on-OpenWRT)
114
+* [Bird](howto/bird)
115
+* [IPsec with public key authentication](/howto/IPsecWithPublicKeys)
116
+
117
+# Configure DNS
118
+
119
+See [Services DNS](Services-DNS).
120
+
121
+# Use and provide services
122
+
123
+See [internal](internal) for internal services.
124
+
125
+Don't hesitate to provide interesting services, but *please*, document them on the wiki! Otherwise, nobody will use them because nobody can guess they even exist.
... ...
\ No newline at end of file
ideas.md
... ...
@@ -1,19 +0,0 @@
1
-# Ideas
2
-
3
-… or the service that would make dn42 truly interesting for people (for non-technical reasons).
4
-
5
-#### Criterias
6
-
7
- - it should be difficult to setup on the Internet (for technical or legal reasons)
8
- - it should interest people that are likely to know dn42 (hackerspaces, etc)
9
-
10
-Any idea, apart from pr0n? Multicasting video flux?
11
-
12
-Ideas for stuff that are technically difficult on the Internet:
13
-
14
- - multicast routing (well, it doesn't work in dn42 either)
15
- - something that depends on the network infrastructure or topology (e.g. a game where you have to announce things with BGP)
16
-
17
----
18
-
19
- - We could make the services zeroconf-browseable with the .dn42 TLD
... ...
\ No newline at end of file
internal.md
... ...
@@ -0,0 +1,4 @@
1
+[[Achievements]]
2
+[[ideas]]
3
+[[Internal-Services]]
4
+[[lglass]]
internal/Achievements.md
... ...
@@ -0,0 +1,6 @@
1
+Add what you did in/for dn42, yet:
2
+
3
+| Who | #peerings | Bandwidth | DNS | Fileserver | Network service | Website |
4
+|:------- |:--------- |:--------- |:--- |:---------- |:--------------- |:--------- |
5
+| allo | 7 | 1 GBit/s | auth. only | no | no | yes |
6
+| stv0g | 8 | 1 GBit/s | no | no | no | [yes](https://dev.0l.dn42) |
internal/ideas.md
... ...
@@ -0,0 +1,19 @@
1
+# Ideas
2
+
3
+… or the service that would make dn42 truly interesting for people (for non-technical reasons).
4
+
5
+#### Criterias
6
+
7
+ - it should be difficult to setup on the Internet (for technical or legal reasons)
8
+ - it should interest people that are likely to know dn42 (hackerspaces, etc)
9
+
10
+Any idea, apart from pr0n? Multicasting video flux?
11
+
12
+Ideas for stuff that are technically difficult on the Internet:
13
+
14
+ - multicast routing (well, it doesn't work in dn42 either)
15
+ - something that depends on the network infrastructure or topology (e.g. a game where you have to announce things with BGP)
16
+
17
+---
18
+
19
+ - We could make the services zeroconf-browseable with the .dn42 TLD
... ...
\ No newline at end of file
internal/lglass.md
... ...
@@ -0,0 +1,44 @@
1
+lglass is a Python software package designed for Internet Registries like the DN42. You can generate zone files for DNS and rDNS IPv4/v6, and handle the registry. It is available on GitHub as free software:
2
+
3
+ $ git clone git://github.com/fritz0705/lglass.git
4
+
5
+## Running your own Whois daemon
6
+
7
+lglass provides an event-based whois daemon with internal caching, which was written in Python. It is very simple to run an instance:
8
+
9
+ $ ./bin/lglass-whoisd -D $PATH_TO_DATA_DIR -H $HOST -P $PORT
10
+
11
+## Generate zone files
12
+
13
+lglass also provides a script to generate zone files from the registry. It's named zonegen.py and requires a registry dump from Monotone.
14
+
15
+To generate DNS zones:
16
+
17
+ $ ./bin/lglass-zonegen -d $PATH_TO_DATA_DIR -n ns1... -n ns2... -e foo.bar.com dns -z dn42
18
+
19
+To generate IPv4 rDNS zones:
20
+
21
+ $ ./bin/lglass-zonegen -d $PATH_TO_DATA_DIR -n ns1... -n ns2... -e foo.bar.com rdns4 -N 172.22.0.0/16
22
+
23
+To generate IPv6 rDNS zones:
24
+
25
+ $ ./bin/lglass-zonegen -d $PATH_TO_DATA_DIR -n ns1... -n ns2... -e foo.bar.com rdns6 -N fd00::/8
26
+
27
+## Reformat RPSL files
28
+
29
+You can also reformat RPSL files using lglass by using the lglass.rpsl module:
30
+
31
+ $ ./bin/lglass-rpsl < $DATA/inetnum/172.22.0.53_32
32
+
33
+lglass.rpsl also supports in-place operation:
34
+
35
+ $ ./bin/lglass-rpsl -i $DATA/inetnum/172.22.0.53_32
36
+
37
+This opens the file, reads the content into memory, seeks to position 0, writes the formatted object and truncates the file.
38
+Simple web interface
39
+
40
+lglass also comes with a simple web interface written in Python3 using Bottle and Jinja2. It also provides a binary to run it using wsgiref:
41
+
42
+ $ ./bin/lglass-web
43
+
44
+Furthermore you can use any WSGI server like Gunicorn by using lglass.web.application:app as WSGI callback. You can provide a path to the configuration file in the environment variable `LGLASS_WEB_CFG`.
lglass.md
... ...
@@ -1,44 +0,0 @@
1
-lglass is a Python software package designed for Internet Registries like the DN42. You can generate zone files for DNS and rDNS IPv4/v6, and handle the registry. It is available on GitHub as free software:
2
-
3
- $ git clone git://github.com/fritz0705/lglass.git
4
-
5
-## Running your own Whois daemon
6
-
7
-lglass provides an event-based whois daemon with internal caching, which was written in Python. It is very simple to run an instance:
8
-
9
- $ ./bin/lglass-whoisd -D $PATH_TO_DATA_DIR -H $HOST -P $PORT
10
-
11
-## Generate zone files
12
-
13
-lglass also provides a script to generate zone files from the registry. It's named zonegen.py and requires a registry dump from Monotone.
14
-
15
-To generate DNS zones:
16
-
17
- $ ./bin/lglass-zonegen -d $PATH_TO_DATA_DIR -n ns1... -n ns2... -e foo.bar.com dns -z dn42
18
-
19
-To generate IPv4 rDNS zones:
20
-
21
- $ ./bin/lglass-zonegen -d $PATH_TO_DATA_DIR -n ns1... -n ns2... -e foo.bar.com rdns4 -N 172.22.0.0/16
22
-
23
-To generate IPv6 rDNS zones:
24
-
25
- $ ./bin/lglass-zonegen -d $PATH_TO_DATA_DIR -n ns1... -n ns2... -e foo.bar.com rdns6 -N fd00::/8
26
-
27
-## Reformat RPSL files
28
-
29
-You can also reformat RPSL files using lglass by using the lglass.rpsl module:
30
-
31
- $ ./bin/lglass-rpsl < $DATA/inetnum/172.22.0.53_32
32
-
33
-lglass.rpsl also supports in-place operation:
34
-
35
- $ ./bin/lglass-rpsl -i $DATA/inetnum/172.22.0.53_32
36
-
37
-This opens the file, reads the content into memory, seeks to position 0, writes the formatted object and truncates the file.
38
-Simple web interface
39
-
40
-lglass also comes with a simple web interface written in Python3 using Bottle and Jinja2. It also provides a binary to run it using wsgiref:
41
-
42
- $ ./bin/lglass-web
43
-
44
-Furthermore you can use any WSGI server like Gunicorn by using lglass.web.application:app as WSGI callback. You can provide a path to the configuration file in the environment variable `LGLASS_WEB_CFG`.
services.md
... ...
@@ -0,0 +1,11 @@
1
+[[dns]]
2
+[[IPv6-Anycast]]
3
+[[Looking-Glasses]]
4
+[[Services-DNS-Configuration]]
5
+[[Services-DNS]]
6
+[[Services-FreePhone]]
7
+[[Services-IRC]]
8
+[[Services-News]]
9
+[[Services-Statistics]]
10
+[[Services-VirtualMachines]]
11
+[[Services-Whois]]
services/DNS.md
... ...
@@ -1,39 +0,0 @@
1
-# DNS
2
-
3
-*(tl;dr)* We have a TLD for dn42, which is `.dn42`. The anycast resolver for `.dn42` runs on `172.22.0.53`.
4
-
5
-**DNS is build from [[whois database|Services Whois]]. So please edit your DNS-records there.**
6
-
7
-## Using the DNS service
8
-
9
-Below are several ways to use the `dn42` DNS service, from easiest to more challenging. The recommended method is the second one.
10
-
11
-### Using the anycast resolver directly
12
-
13
-Please be aware that this method sends **all** your DNS queries (e.g. `google.com`) to a random DNS server inside dn42. The server could fake the result and point you towards the russian mafia. They probably won't, but think about what you are doing. At the end of the day, your ISP could be evil as well, so it always boils down to a question of trust.
14
-
15
-To do this, just use `172.22.0.53` as your resolver, for instance in `/etc/resolv.conf`.
16
-
17
-### Forwarding `.dn42` queries to the anycast resolver
18
-
19
-If you run your own resolver (`unbound`, `dnsmasq`, `bind`), you can configure it to forward dn42 queries to the anycast DNS resolver. See [[DNS forwarder configuration|Services DNS Configuration]].
20
-
21
-### Recursive resolver
22
-
23
-You may also want to configure your resolver to recursively resolve dn42 domains. For this, you need to find authoritative DNS servers for the `dn42` zone (and for the reverse zones). See [[Recursive DNS resolver]].
24
-
25
-### Building the dn42 zones from the registry
26
-
27
-Finally, you may want to host your own authoritative DNS server for the `dn42` zone and the reverse zones. The zone files are built from the monotone repository: scripts are provided in the repository itself.
28
-
29
-## Register a `.dn42` domain name
30
-
31
-The root zone for `dn42.` is built from the [[whois registry|Services Whois]]. If you want to register a domain name, you need to add it to the registry (of course, you also need one or two authoritative nameservers).
32
-
33
-## DNS services for other networks
34
-
35
-Other networks are interconnected with dn42 (ChaosVPN, Freifunk, etc). Some of them also provide DNS service, you can configure your resolver to use it. See [[External DNS]].
36
-
37
-## Providing DNS service
38
-
39
-See [[Providing Anycast DNS]].
... ...
\ No newline at end of file
services/IPv6-Anycast.md
... ...
@@ -0,0 +1,20 @@
1
+We provide some anycast services over IPv6.
2
+
3
+## Anycast address space
4
+
5
+**fd42:d42:d42::/48** is reserved for anycast services.
6
+
7
+Each anycast service runs on a dedicated /64 in this range. This way, nobody needs to update filters.
8
+
9
+Remember, if you announce an anycast /64, then you need to provide **all** services within this /64. It's probably simpler to only provide one service for each /64.
10
+
11
+## Anycast services
12
+
13
+| **Name** | **/64 prefix announced** | **Service address** | **Protocol/port** | **Comment** |
14
+|----------|-------------------------|---------------------|-------------------|---|
15
+| Recursive DNS resolver | `fd42:d42:d42:53::/64` | `fd42:d42:d42:53::1` | UDP/53 | `.` and `dn42.` [Providers](Providing-Anycast-DNS#Persons-providing-anycast-DNS-for-IPv6) |
16
+
17
+### Future services
18
+
19
+- streaming
20
+- other kind of DNS (authoritative-only, recursive for `dn42` only)
... ...
\ No newline at end of file
services/Services-DNS.md
... ...
@@ -0,0 +1,39 @@
1
+# DNS
2
+
3
+*(tl;dr)* We have a TLD for dn42, which is `.dn42`. The anycast resolver for `.dn42` runs on `172.22.0.53`.
4
+
5
+**DNS is build from [[whois database|Services Whois]]. So please edit your DNS-records there.**
6
+
7
+## Using the DNS service
8
+
9
+Below are several ways to use the `dn42` DNS service, from easiest to more challenging. The recommended method is the second one.
10
+
11
+### Using the anycast resolver directly
12
+
13
+Please be aware that this method sends **all** your DNS queries (e.g. `google.com`) to a random DNS server inside dn42. The server could fake the result and point you towards the russian mafia. They probably won't, but think about what you are doing. At the end of the day, your ISP could be evil as well, so it always boils down to a question of trust.
14
+
15
+To do this, just use `172.22.0.53` as your resolver, for instance in `/etc/resolv.conf`.
16
+
17
+### Forwarding `.dn42` queries to the anycast resolver
18
+
19
+If you run your own resolver (`unbound`, `dnsmasq`, `bind`), you can configure it to forward dn42 queries to the anycast DNS resolver. See [[DNS forwarder configuration|Services DNS Configuration]].
20
+
21
+### Recursive resolver
22
+
23
+You may also want to configure your resolver to recursively resolve dn42 domains. For this, you need to find authoritative DNS servers for the `dn42` zone (and for the reverse zones). See [[Recursive DNS resolver]].
24
+
25
+### Building the dn42 zones from the registry
26
+
27
+Finally, you may want to host your own authoritative DNS server for the `dn42` zone and the reverse zones. The zone files are built from the monotone repository: scripts are provided in the repository itself.
28
+
29
+## Register a `.dn42` domain name
30
+
31
+The root zone for `dn42.` is built from the [[whois registry|Services Whois]]. If you want to register a domain name, you need to add it to the registry (of course, you also need one or two authoritative nameservers).
32
+
33
+## DNS services for other networks
34
+
35
+Other networks are interconnected with dn42 (ChaosVPN, Freifunk, etc). Some of them also provide DNS service, you can configure your resolver to use it. See [[External DNS]].
36
+
37
+## Providing DNS service
38
+
39
+See [[Providing Anycast DNS]].
... ...
\ No newline at end of file