internal/Internal-Services.md
... ...
@@ -0,0 +1,199 @@
1
+# Internal services
2
+
3
+You are asked to show some creativity in terms of network usage and content. ;)
4
+
5
+More ideas inspiration is collected on another [page](/ideas).
6
+
7
+[[_TOC_]]
8
+
9
+## Internal SSL CA
10
+
11
+Internal.dn42 is signed by an internally maintained CA that is only allowed to sign *.dn42 domains or 172.22.0.0/15 ip addresses. If you would like to trust the certificate import the following:
12
+
13
+```
14
+-----BEGIN CERTIFICATE-----
15
+MIIDhzCCAm+gAwIBAgIJALhBYKXcLej6MA0GCSqGSIb3DQEBCwUAMCgxJjAkBgNV
16
+BAMTHURONDIgSW50ZXJuYWwgQ0EgKFVOVkVSSUZJRUQpMB4XDTE0MTIyMDE4NDAw
17
+NVoXDTI0MTIxNzE4NDAwNVowKDEmMCQGA1UEAxMdRE40MiBJbnRlcm5hbCBDQSAo
18
+VU5WRVJJRklFRCkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDViXIb
19
+VcWw+tnZCbZuy3ME4vQJsiX5ik5WkqkBaj5vk7zt+Ca8XvaM8cqppb8kEOCkC+MV
20
+/qp5R2BAukKAAcmACQ9FHx6XYGxMQztU9tTMUuAqWH8JihWjBSoEfBQ9UpJHbgvo
21
+7AAY382rcaLQJs3QgxtNiUjeblPlAy6AE3TUBEiNwa7MTZ7f2YHbVF/9DpvUZee6
22
+KytOalzgbKcuFsquf4vIBtcKav1Qwmdr8eehQHdo8Nxv32uZqd272Q+EInFmzDPu
23
+KpJdhwc/7S/+ohL/fs6RQphnJvLR572cXTzwEIkFAGqym3Fx30Q7Keoq6Cx46yez
24
+lwL2k7C82bE4c+//AgMBAAGjgbMwgbAwHQYDVR0OBBYEFNeJoQrHPqh2SMplqb1V
25
+ac9OWmkiMFgGA1UdIwRRME+AFNeJoQrHPqh2SMplqb1Vac9OWmkioSykKjAoMSYw
26
+JAYDVQQDEx1ETjQyIEludGVybmFsIENBIChVTlZFUklGSUVEKYIJALhBYKXcLej6
27
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwCwYDVR0PBAQDAgEGMBQGA1UdHgQNMAugCTAH
28
+ggUuZG40MjANBgkqhkiG9w0BAQsFAAOCAQEAMqVN55ruWA70znyWMB9+A4BcsFgI
29
+uFVZIOnJEy72Nsz0VvfEEW/3rxKs0UnLcnfBHlx2WHdD2zUJLiTAf6ziRhXpFPXY
30
+Ys3RJFE/8ZDVH3+dGOBekJusDX0YQcwXA/NVO2ogM6WIRIz7QabvOIJBaYXu71ZB
31
+ci29iKFLJ4dsUG69hoeDghwkij2mCR2G/tP+xbrb7xGM73tDjuzmESYlUAVgKtlH
32
+gfcWBU6anZMFJV9Y2lkNhxw5G7JMDSYsfONskzPet9HeHrmu67EnXMapELCjZL3O
33
+X0KmpxYGil6Ly5xImaVqwxnm7wlDiNT6vd0cPgtKd/YynPFNw9Eh+MSamw==
34
+-----END CERTIFICATE-----
35
+```
36
+
37
+If you would like to have a certificate signed by this CA send a CSR to dn42@xuu.cc
38
+
39
+
40
+
41
+## Network-related
42
+
43
+ * Polynome has some nice scripts and visualizations here: http://dataviz.polynome.dn42
44
+ * http://172.23.174.1
45
+ * See [[Looking Glasses]] for more network diagnostic tools
46
+
47
+### DNS tunnel
48
+
49
+This DNS tunnel service uses [Iodine](http://code.kryo.se/iodine/), and provides access to the dn42 network. Useful when you're on a shitty network (airport, train station) that still allows DNS.
50
+
51
+Use the anycast DNS servers (172.22.0.53) inside your tunnel.
52
+
53
+| Hostname / IP | Password |
54
+|:------------------------------------------------- |:-------- |
55
+| t.polyno.me (172.23.185.193) | dn42 |
56
+
57
+### DNS Tools
58
+
59
+This tool allows you to lookup your dn42 domain name and check to see if your name servers are all working and have the correct information.
60
+
61
+Select "Disable Recursion" to check only entries found in the registry or leave it off to check all (both are useful tests).
62
+
63
+Currently this system only supports IPv4.
64
+
65
+http://mwd.dn42/dns.php
66
+
67
+MWD will also provide a secondary DNS server and/or cacti monitoring of your devices. Just ask on IRC. More info: http://mwd.dn42
68
+
69
+## IRC
70
+
71
+| Hostname / IP | Remarks |
72
+|:------------------------------------------------- |:--------- |
73
+| irc://irc.hackint.dn42/dn42 (172.22.24.1) | DN42 |
74
+| irc://irc.hackint.hack/dn42 (172.31.0.30) | ChaosVPN |
75
+
76
+## Search engines
77
+
78
+ * [Web search engine](http://search.dn42) (172.23.184.1) - a few chosen HTTP domains are crawled (taken from the wiki). The previous method, "crawl everything available from the wiki", generated too much data because of FTPs.
79
+ * [YaCy search engine](http://yacy.dn42) - Indexing local nets
80
+
81
+## Images and Media
82
+
83
+| Hostname / IP | Remarks |
84
+|:------------------------------------------------- |:-------------------------------------------------------- |
85
+| http://img.dn42 | Imagehoster |
86
+| http://chan.dn42 | DN42-Chan, an imageboard |
87
+| http://media.dn42 | A Mediagoblin instance (Login: dn42:dn42dn42) |
88
+| https://dev.0l.dn42/tvheadend/ | Digital Video Recorder (TVHeadend frontend) |
89
+| ftp://dev.0l.dn42/Videos/Recordings/ | Digital Video Recorder (Recorded files) |
90
+
91
+## Radio and Video Streaming
92
+
93
+| Hostname / IP | Remarks |
94
+|:------------------------------------------------- |:-------------------------------------------------------- |
95
+| http://10.11.10.30:8000 | Freimusik |
96
+| http://stream.laxu.dn42:8000 | [xenim Streams](http://streams.xenim.de) |
97
+| http://sprawl.smrsh.dn42:8000/ | [smrsh radio](http://smrsh.net/radio) |
98
+| http://10.112.0.6:8000/mpd.ogg, http://radio.ffhh:8000/mpd.ogg | Freifunk Hamburg radio, yeay 8bit music! |
99
+| http://172.23.136.65:8000/ | haxMPD |
100
+
101
+## File sharing
102
+
103
+**FIXME**: Please add info about (approximate) bandwidth of the servers.
104
+
105
+### FTP / HTTP
106
+
107
+| Hostname / IP | Space | Speed | Remarks |
108
+|:------------------------------------------------- |:----- |:----------- |:----------------------------------------------- |
109
+| ftp://dev.0l.dn42 | 10 TB | max 5MBit/s | writable incoming |
110
+| http://filer.nihilus.dn42, http://172.22.92.2 | | ~60kbps | mostly up |
111
+| ftp://cochimetl.tim.dn42, nfs://cochimetl.tim.dn42/data/ftp | ~3TB | ~700kbps | |
112
+| http://seafile.dn42 | | | Opensource Dropbox, yay! |
113
+| http://files.feuerrot.dn42 | 6TB | 1Gbit | http, ftp, nfs, rsync |
114
+| ftp://vsynology.dev.ffc (10.8.6.13) | 150G | 20Mbit/s | just drop your nzb/torrent file and be patient |
115
+| http://filer1.grmml.dn42 (172.23.149.21) | 4TB | 200Mbit/s | download only |
116
+| sftp://anonsftp:Iich0zieC3retaid@files.crest.dn42:2212/ | 12TB | 1Gb/s | incoming writable |
117
+| http://172.23.136.33 | | 100Mbit/s | some mediafiles/software |
118
+| http://files.martin89.dn42/ | | max 2Mbit/s | download only |
119
+
120
+#### Down?
121
+
122
+| Hostname / IP | Space | Speed | Remarks | Down Since |
123
+|:------------------------------------------------- |:------ |:-------- |:------------------------------- |:---------- |
124
+| http://turing.il.maxx.dn42, http://172.22.42.2 | ~6.5TB | ~400kbit | WebDAV enabled, up 24/7z | 01.01.2015 |
125
+| ftp://descent.derf.dn42 (172.23.225.35) | 3TB | 60kbit/s | download only | 01.01.2015 |
126
+
127
+## Proxies
128
+
129
+ See http://wiki.hamburg.ccc.de/ChaosVPN:Proxy
130
+
131
+### Tor
132
+
133
+| Hostname / IP | Bandwidth | Nickname |
134
+| ------------------------------------------------- | ----------- | ------------ |
135
+| socks5://lian.0l.dn42:9050 | 600 kb/s | [nulll](https://atlas.torproject.org/#details/84F41A116AD7F1E038781413E0B4ADE4494BA38A)
136
+
137
+### Hochschulbibliothekszentrum des Landes Nordrhein-Westfalen
138
+Bodems (AS76124) is announcing 193.30.112.0/24 via his DFN-Node, so you can access the "[Digibib](http://www.digibib.net/jumpto?LOCATION=Bi10&D_SERVICE=TEMPLATE&D_SUBSERVICE=DIGILINK_BROWSE&DP_FUNC=CategoryView&DP_FILTER=All&DP_CID=14211)" through DN42 with a valid IP. For some parts (like VDE norms) you will need Citrix Receiver.
139
+
140
+## NTP
141
+
142
+| Hostname / IP | Remarks |
143
+|:------------------------------------------------- |:----------------------------------- |
144
+| ntp.e-utp.dn42 (172.22.165.50) | Stratum 1, GPS+NMEA |
145
+| ntp1.nixnodes.dn42 (172.22.177.123) | |
146
+| ntp2.nixnodes.dn42 (172.22.177.124) | |
147
+| ntp.martin89.dn42 | more than one A records/server |
148
+
149
+## Crypto coins
150
+
151
+| Hostname / IP | Remarks |
152
+|:------------------------------------------------- |:----------------------------------- |
153
+| bitcoin.e-utp.dn42 (172.22.165.50, 172.22.165.34) | 8333 for Bitcoin, 9333 for Litecoin |
154
+
155
+## Gaming
156
+
157
+| Hostname / IP | Game | Remarks |
158
+|:------------------------------------------------- |:---------------------- |:-------------------------- |
159
+| cs.nixnodes.dn42 (172.22.177.179) | Counter-Strike 1.6 | v48 Non-Steam [Deathmatch] |
160
+
161
+## Misc
162
+
163
+| Hostname / IP | Remarks |
164
+| ------------------------------------------------- | ------------------------------------------------------------------------------ |
165
+| http://nowhere.ws/dn42 | Some random stuff concerning dn42, packages for Debian, e.g. Quagga |
166
+| https://paste.synhacx.dn42 | AES-encrypted pastebin-like ([zerobin](https://github.com/sebsauvage/ZeroBin)) |
167
+| http://ip.synhacx.dn42 | Basic "whatismyip" service ([description](http://synhacx.dn42/showmyip)) |
168
+| http://tor.mirror.martin89.dn42 | Tor Project Homepage mirror |
169
+| http://tor.e-utp.dn42 | Tor Project Homepage mirror |
170
+| http://freebsd.e-utp.dn42 | FreeBSD Homepage mirror |
171
+| http://debian.mirror.martin89.dn42 | Debian Wheezy mirror |
172
+| nntp://news.blacksheep.dn42 | Martin's newsgroup server (ping MB-DN42 for a rw account or a nntp/uucp feed) |
173
+| mumble://shard.smrsh.dn42:64738 | [Mumble](http://mumble.sourceforge.net/) Voice Chat |
174
+| http://wiki.dn42, http://internal.dn42 | This wiki! Web Hosted by [xuu](https://xuu.dn42). Git Repo hosted by welterde |
175
+
176
+# Other networks
177
+
178
+## Public Internet
179
+
180
+ * https://mirror.frubar.net 100MBit
181
+ * https://frucman.frubar.net
182
+
183
+## AnoNet
184
+
185
+A wiki page dedicated to the AnoNet Network: http://wiki.qontrol.nl/Anonet
186
+
187
+## ChaosVPN
188
+
189
+ * Anybody can add services to this list, which will be monitored for uptime: http://10.100.44.1
190
+ * Check your IP and reverse lookup: [ifconfig.hack](http://ifconfig.hack)
191
+ * View of the network: http://vpnhub1-intern.hamburg.ccc.de/chaosvpn.png
192
+ * List of nodes: http://vpnhub1-intern.hamburg.ccc.de/chaosvpn.nodes.html
193
+
194
+## Freifunk
195
+
196
+### Augsburg
197
+
198
+We have a plugin that enables us to announce services in the mesh. So instead of listing them here again just have a look at http://10.11.0.8/cgi-bin/luci/freifunk/services to see what we have to offer.
199
+(Upload is not fast, most probably DSL speed only)
... ...
\ No newline at end of file
services/Services-DNS-Configuration.md
... ...
@@ -0,0 +1,133 @@
1
+# Forwarder setup
2
+
3
+Configuration of common resolver softwares, to forward DNS queries for `.dn42` (and reverse DNS) to `172.22.0.53`.
4
+
5
+## BIND
6
+
7
+If you already run a local DNS server, you can tell it to query the dn42 anycast servers for the relevant domains
8
+by adding the following to /etc/bind/named.conf.local
9
+
10
+```
11
+zone "dn42" {
12
+ type forward;
13
+ forwarders { 172.22.0.53; };
14
+};
15
+zone "22.172.in-addr.arpa" {
16
+ type forward;
17
+ forwarders { 172.22.0.53; };
18
+};
19
+zone "23.172.in-addr.arpa" {
20
+ type forward;
21
+ forwarders { 172.22.0.53; };
22
+};
23
+```
24
+
25
+## dnsmasq
26
+
27
+If you are running dnsmasq under openwrt, you just have to add
28
+
29
+```
30
+config dnsmasq
31
+ option boguspriv '0'
32
+ option rebind_protection '1'
33
+ list rebind_domain 'dn42'
34
+ list server '/dn42/172.22.0.53'
35
+ list server '/22.172.in-addr.arpa/172.22.0.53'
36
+ list server '/23.172.in-addr.arpa/172.22.0.53'
37
+```
38
+
39
+to `/etc/config/dhcp` and run `/etc/init.d/dnsmasq` restart. After that you are able to resolve `.dn42`
40
+with the anycast DNS-Server, while your normal requests go to your standard DNS-resolver.
41
+
42
+Attention: If you go with the default config you'll have to disable "boguspriv" in the first dnsmasq config section.
43
+
44
+For normal dnsmasq use
45
+
46
+```
47
+server=/dn42/172.22.0.53
48
+server=/22.172.in-addr.arpa/172.22.0.53
49
+server=/23.172.in-addr.arpa/172.22.0.53
50
+```
51
+in `dnsmasq.conf`.
52
+
53
+## PowerDNS recursor
54
+Add this to /etc/powerdns/recursor.conf (at least in Debian)
55
+
56
+```
57
+dont-query=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, ::1/128, fe80::/10
58
+forward-zones= dn42=172.22.0.53,22.172.in-addr.arpa=172.22.0.53,23.172.in-addr.arpa=172.22.0.53
59
+```
60
+
61
+## MaraDNS
62
+Put this in your mararc:
63
+
64
+```
65
+ipv4_alias["dn42_root"] = "172.22.0.53"
66
+root_servers["dn42."] = "dn42_root"
67
+root_servers["22.172.in-addr.arpa."] = "dn42_root"
68
+root_servers["23.172.in-addr.arpa."] = "dn42_root"
69
+```
70
+
71
+## Unbound
72
+
73
+`unbound.conf` for forwarding requests to `172.22.0.53`.
74
+
75
+
76
+```
77
+server:
78
+ domain-insecure: "dn42"
79
+ local-zone: "22.172.in-addr.arpa." nodefault
80
+ local-zone: "23.172.in-addr.arpa." nodefault
81
+ local-zone: "d.f.ip6.arpa." nodefault
82
+
83
+forward-zone:
84
+ name: "dn42"
85
+ forward-addr: 172.22.0.53
86
+
87
+forward-zone:
88
+ name: "22.172.in-addr.arpa"
89
+ forward-addr: 172.22.0.53
90
+
91
+forward-zone:
92
+ name: "23.172.in-addr.arpa"
93
+ forward-addr: 172.22.0.53
94
+
95
+forward-zone:
96
+ name: "d.f.ip6.arpa"
97
+ forward-addr: 172.22.0.53
98
+```
99
+
100
+## JunOS (SRX 12.1X46)
101
+Should also work in 12.1X44 and 12.1X45. After making the changes below you may need to run:
102
+```
103
+restart named-service
104
+```
105
+Config (vlan.0 is presumed to be your LAN/Trust interface)
106
+```
107
+system {
108
+ services {
109
+ dns {
110
+ dns-proxy {
111
+ interface {
112
+ vlan.0;
113
+ }
114
+ default-domain dn42 {
115
+ forwarders {
116
+ 172.22.0.53;
117
+ }
118
+ }
119
+ default-domain 22.172.in-addr.arpa {
120
+ forwarders {
121
+ 172.22.0.53;
122
+ }
123
+ }
124
+ default-domain 23.172.in-addr.arpa {
125
+ forwarders {
126
+ 172.22.0.53;
127
+ }
128
+ }
129
+ }
130
+ }
131
+ }
132
+}
133
+```
... ...
\ No newline at end of file
services/Services-DNS.md
... ...
@@ -0,0 +1,39 @@
1
+# DNS
2
+
3
+*(tl;dr)* We have a TLD for dn42, which is `.dn42`. The anycast resolver for `.dn42` runs on `172.22.0.53`.
4
+
5
+**DNS is build from [[whois database|Services Whois]]. So please edit your DNS-records there.**
6
+
7
+## Using the DNS service
8
+
9
+Below are several ways to use the `dn42` DNS service, from easiest to more challenging. The recommended method is the second one.
10
+
11
+### Using the anycast resolver directly
12
+
13
+Please be aware that this method sends **all** your DNS queries (e.g. `google.com`) to a random DNS server inside dn42. The server could fake the result and point you towards the russian mafia. They probably won't, but think about what you are doing. At the end of the day, your ISP could be evil as well, so it always boils down to a question of trust.
14
+
15
+To do this, just use `172.22.0.53` as your resolver, for instance in `/etc/resolv.conf`.
16
+
17
+### Forwarding `.dn42` queries to the anycast resolver
18
+
19
+If you run your own resolver (`unbound`, `dnsmasq`, `bind`), you can configure it to forward dn42 queries to the anycast DNS resolver. See [[DNS forwarder configuration|Services DNS Configuration]].
20
+
21
+### Recursive resolver
22
+
23
+You may also want to configure your resolver to recursively resolve dn42 domains. For this, you need to find authoritative DNS servers for the `dn42` zone (and for the reverse zones). See [[Recursive DNS resolver]].
24
+
25
+### Building the dn42 zones from the registry
26
+
27
+Finally, you may want to host your own authoritative DNS server for the `dn42` zone and the reverse zones. The zone files are built from the monotone repository: scripts are provided in the repository itself.
28
+
29
+## Register a `.dn42` domain name
30
+
31
+The root zone for `dn42.` is built from the [[whois registry|Services Whois]]. If you want to register a domain name, you need to add it to the registry (of course, you also need one or two authoritative nameservers).
32
+
33
+## DNS services for other networks
34
+
35
+Other networks are interconnected with dn42 (ChaosVPN, Freifunk, etc). Some of them also provide DNS service, you can configure your resolver to use it. See [[External DNS]].
36
+
37
+## Providing DNS service
38
+
39
+See [[Providing Anycast DNS]].
... ...
\ No newline at end of file
services/Services-FreePhone.md
... ...
@@ -0,0 +1,51 @@
1
+# What's FreePhone?
2
+Where's the point in using a phone flat just for a single person? !FreePhone is a project aimed to develop a VPN wide SIP phone service. Calling german landline is possible at the moment, as well as local participants (eg. maxx).
3
+
4
+## How does this work?
5
+### Public proxy
6
+Set up your softphone or hardware implementation to use:
7
+ * SIP-Proxy/Proxy domain: maxx.spaceboyz.net (SRV-Record)
8
+ * Username/Account/Login: vpn
9
+ * Password: vpn
10
+The proxy is strictly outbound, registration is impossible and unintended.
11
+
12
+## Special needs
13
+Just contact me if you like to use your SIP hardware (eg. Fritz!Box FON). You'll get a special account allowing registrations plus a local extension.
14
+
15
+## Restrictions
16
+ * Any call under the terms of the flatrate is allowed, so to speak: no mobile phones or pr0n calls
17
+ * One call at a time for FreePhone users (stupid bandwidth restrictions :/).
18
+ * Internal calls are more or less unrestricted.
19
+ * alaw/ulaw are disallowed for bandwidth reasons
20
+
21
+## Additional extensions
22
+| **Extension** | **Target** |
23
+|---|---|
24
+| maxx | myself, almost anywhere wireless lan is availiable |
25
+| grim | sometimes, sometimes not |
26
+| equinox | i think nokia prevents but you may try |
27
+| helios | did not connect for some time now |
28
+
29
+If you like listening to german news, dial 787326353 (Vanity: STREAMDLF). Just contact me in case you want more.
30
+
31
+## Configuration examples
32
+Just look at the german version, you'll get the idea.
33
+
34
+## What's next?
35
+### Real dn42 phone system
36
+If i'm bored some day i might implement the following:
37
+ * SIP extensions for every participant
38
+ * Voicemail
39
+ * Funny games
40
+ * FreePhone integration (maybe with redundancy)
41
+ * ...
42
+
43
+If someone is willing to experiment we could try allowing reinvites. This way all SIP endpoints inside the VPN could connect their media streams directly, thus saving bandwidth and raising call quality.
44
+
45
+## Latest changes
46
+ * G.729 now is the preferred codec because of bandwith issues
47
+ * My "Homezone" works perfectly, moving with me
48
+ * Phone #: +493727/959023
49
+ * Sipgate: 5884293
50
+ * SIP: maxx(at)maxx.spaceboyz.net
51
+ * Transcoding from/into G.729 works fine now, thanks to some precompiled versions for asterisk.
... ...
\ No newline at end of file
services/Services-IRC.md
... ...
@@ -0,0 +1,18 @@
1
+# IRC
2
+
3
+We have several [hackint](http://www.hackint.eu/)-IRC-Servers, reachable via internet, but also via dn42.
4
+
5
+## irc.spaceboyz.net
6
+ * IPv6: 2001:8d8:81:5c0::1
7
+ * dn42: 172.22.24.1
8
+ * IPv4: 87.106.131.203
9
+ * Ports: 6666-6669 & SSL 6697,9999
10
+
11
+## irc.chaostreff-dortmund.de
12
+ * irc.chaostreff-dortmund.de (195.160.168.7, 6666-6669 & ssl: 6697, 9999)
13
+
14
+## lechuck.darmstadt.ccc.de
15
+ * lechuck.darmstadt.ccc.de (via dn42: 172.31.98.1)
16
+
17
+Usage with SSL (6697/tcp) is preferred.
18
+**Please join #dn42.**
... ...
\ No newline at end of file
services/Services-News.md
... ...
@@ -0,0 +1,13 @@
1
+# List of Usenet servers
2
+| **Person** | **Status** | **Address** | **Posting** | **Newsgroups** | **Binaries** |
3
+|----|----|----|----|----|----|
4
+| welterde | _up_ | news.welterde.dn42 | _yes_ | Big 8, de.\*, alt.\* | _no_ |
5
+| UFO | _up_ | core.ucis.dn42 | _yes_ | anonet, dn42 | _no_ |
6
+| blacksheep | _up_ | news.blacksheep.dn42 | _ask_ | Big 8, de.\*, alt.\*, uk.\*, etc. | _no_ |
7
+
8
+# List of Usenet WebFrontends
9
+| **Person** | **Status** | **Address** | **Posting** | **Newsgroups** | **Binaries** |
10
+|----|----|----|----|----|----|
11
+| cronix | _down_ | news.crystalnet.dn42 | _yes_ | as requested | _no_ |
12
+| UFO | _up_ | [UCIS.ano news](http://cgiproxy.ucis.dn42/nph-proxy.cgi/00/http/www.ucis.ano/news/) | _no_ | anonet, dn42 | _limited_ |
13
+| SeekingFor | _up_ | [AnoNet News](http://cgiproxy.ucis.dn42/nph-proxy.cgi/00/http/news.sfor.ano/) | _yes_ | anonet, dn42 | _no_ |
... ...
\ No newline at end of file
services/Services-Statistics.md
... ...
@@ -0,0 +1,111 @@
1
+# Statistics
2
+Please add your public statistics.
3
+
4
+## Scripts
5
+
6
+### Number of prefixes for collectd
7
+
8
+#### collectd.conf
9
+
10
+```
11
+LoadPlugin exec
12
+<Plugin exec>
13
+ Exec nobody "/etc/collectd/bgp_prefixes-quagga.sh"
14
+</Plugin>
15
+```
16
+
17
+collectd refuses to exec scripts as root. On Debian vtysh is compiled with PAM support: adding nobody to the quaggavty group suffices.
18
+
19
+#### bgp_prefixes-quagga.sh
20
+
21
+```
22
+#!/bin/bash
23
+
24
+INTERVAL=10
25
+HOSTNAME=dn42.hq.c3d2.de
26
+
27
+while true; do
28
+n4=$(vtysh -d bgpd -c "show ip bgp"|grep Total|sed -e 's/Total number of prefixes //')
29
+n6=$(vtysh -d bgpd -c "show ipv6 bgp"|grep Total|sed -e 's/Total number of prefixes //')
30
+
31
+echo "PUTVAL $HOSTNAME/quagga-bgpd/routes-IPv4 interval=$INTERVAL N:$n4"
32
+echo "PUTVAL $HOSTNAME/quagga-bgpd/routes-IPv6 interval=$INTERVAL N:$n6"
33
+
34
+sleep $INTERVAL
35
+done
36
+```
37
+
38
+#### Number of prefixes per neighbour for bird
39
+
40
+```
41
+#!/bin/sh
42
+#
43
+# Collectd script for collecting the number of routes going through each
44
+# BGP neighour. Works for bird.
45
+#
46
+# See https://dn42.net/Services-Statistics
47
+
48
+INTERVAL=60
49
+HOSTNAME=mydn42router
50
+[ -n "$COLLECTD_HOSTNAME" ] && HOSTNAME="$COLLECTD_HOSTNAME"
51
+
52
+while true
53
+do
54
+ birdc 'show protocols "*"' | grep ' BGP' | cut -d ' ' -f 1 | while read neighbour
55
+ do
56
+ nbroutes=$(birdc "show route protocol $neighbour primary count" | grep -v 'BIRD' | cut -d ' ' -f 1)
57
+ echo "PUTVAL $HOSTNAME/bird-bgpd/routes-$neighbour interval=$INTERVAL N:$nbroutes"
58
+ done
59
+ # FIXME: we probably count non-BGP routes here
60
+ totalroutes=$(birdc "show route primary count" | grep -v 'BIRD' | cut -d ' ' -f 1)
61
+ echo "PUTVAL $HOSTNAME/bird-bgpd/routes-all interval=$INTERVAL N:$totalroutes"
62
+ sleep $INTERVAL
63
+done
64
+```
65
+
66
+### munin plugin
67
+* add the following to /etc/munin/plugin-conf.d/munin-node
68
+
69
+```
70
+[quagga_bgp]
71
+user root
72
+```
73
+
74
+* place the script as quagga_bgp in /etc/munin/plugins
75
+
76
+```
77
+#!/bin/sh
78
+#
79
+#
80
+# Munin Plugin to show quagga bgp4 routes
81
+
82
+# Standard Config Section Begin ##
83
+ if [ "$1" = "autoconf" ]; then
84
+ echo yes
85
+ exit 0
86
+ fi
87
+
88
+ if [ "$1" = "config" ]; then
89
+
90
+ echo 'graph_title Quagga BGP4 Routes'
91
+ echo 'graph_args --base 1000 -l 0'
92
+ echo 'graph_scale yes'
93
+ echo 'graph_vlabel Received routes via BGP4'
94
+ echo 'graph_category Network'
95
+ echo 'bgproutes.label Routes'
96
+ echo 'graph_info Route information provided by quagga daemon via vtysh'
97
+ exit 0
98
+ fi
99
+# Standard Config Section End ####
100
+
101
+# Measure Section Begin ##########
102
+ data=($(vtysh -c "show ip bgp"|grep Total|cut -d" " -f5))
103
+
104
+ if [ "$data" = "" ]; then
105
+ echo bgproutes.value 0
106
+ else
107
+ echo bgproutes.value $data
108
+ fi
109
+# Measure Section ##########
110
+```
111
+* restart munin-node
... ...
\ No newline at end of file
services/Services-VirtualMachines.md
... ...
@@ -0,0 +1,7 @@
1
+# Virtual Machines
2
+
3
+| Person | RAM | HDD | Net | CPU | Description |
4
+|:------------- |:----- |:---- |:--------- |:-------- |:--------------------- |
5
+| otih | | | | | KVM/OpenVZ (AS64608)
6
+| siska | 384Mb | 40Gb | 10/10Mbit | 1x2.9Ghz | KVM/QEMU (VNC) (AS76103)
7
+| thomasdotde | | | | | HyperV-Server
... ...
\ No newline at end of file
services/Services-Whois.md
... ...
@@ -0,0 +1,145 @@
1
+# Whois registry
2
+**aka** _The registry_ contains:
3
+
4
+ * AS numbers assignations
5
+ * Subnet assignations
6
+ * DNS root zone for `dn42.`
7
+
8
+## Names and numbers
9
+
10
+dn42 uses some names and numbers, which are declared in the registry. Whenever possible, we try to stick to names and numbers that do not conflict with the ICANN-net or other networks similar to dn42, for instance by using private numbers space.
11
+
12
+### Address space
13
+
14
+dn42 uses **172.22.0.0/15** for IPv4.
15
+
16
+For IPv6, we use both ULA (that is, **fd00::/8**) and globally unique PI/PA address space of participants. ULA is prefered for various reasons, see the [FAQ](Frequently-Asked-Questions#What-about-IPv6-in-DN42?).
17
+
18
+### AS numbers
19
+
20
+Since June 2014, dn42 is using the **4242420000-4242429999** ASN range for allocations. This range is further subdivided:
21
+* **4242420000-4242423999** for end-users allocations
22
+* **4242424000-4242426999** reserved for future use
23
+* **4242427000-4242429999** for sub-allocations
24
+
25
+If you are running a project similar to dn42, please use another range of ASN. The "sub-allocations" range is meant for dn42 users willing to have administrative control over a small, consecutive range of ASN (e.g. to use them directly or to distribute them).
26
+
27
+Note that currently, most AS are using one of the legacy ASN range (and will probably continue to do so, as renumbering is painful). See the [FAQ](Frequently-Asked-Questions#Why-are-you-using-ASN-in-the-76100-76199-range?) for a discussion on AS ranges.
28
+
29
+### DNS zones
30
+
31
+dn42 uses the `dn42.` TLD, which is not present in the root DNS zone of the ICANN-net. For details, see [DNS](Services-DNS).
32
+
33
+Note that other TLDs should also be usable from dn42, most notably from Freifunk and ChaosVPN. A tentative list is available at [External DNS](External-DNS).
34
+
35
+## Web interface
36
+
37
+Nixnodes provides a nice web interface, that allows you to **add/edit records** easily. It is available at https://io.nixnodes.net/?registry. A full guide is available at [Getting started](Getting-started-with-dn42#Fill-in-the-registry).
38
+
39
+### Authentication
40
+
41
+To add or edit records with the web interface, authentication is done thanks to **maintainer objects**. Each maintainer object has a password associated to it.
42
+
43
+The password are not stored in cleartext in the registry: a hash is computed from the password and the name of the maintainer object. To generate such a hash (e.g. in case you forgot your password), use https://io.nixnodes.net/nctlio.php?m=dnr&gen=mypassword&mnt=MYMAINTAINER-MNT
44
+
45
+### Misc
46
+
47
+A read-only interface is also available at http://ix.ucis.dn42/dn42/ ([public](http://ix.ucis.nl/dn42/) or 172.22.166.3). The used PHP scripts are available from UFO a.k.a. Ivo at request.
48
+
49
+## DNS interface
50
+
51
+There is also a DNS-based interface to query AS information from the registry. The DNS zone is `asn.dn42`. Example:
52
+
53
+ $ dig +short AS76103.asn.dn42 TXT
54
+ "76103 | DN42 | dn42 | | NIXNODES-IX - NixNodes CORE Network"
55
+
56
+The Python code for generating the zone from the registry is available on the monotone repository.
57
+
58
+The idea comes from the guys at cymru.com, who provide this service for the Internet (e.g. `AS1.asn.cymru.com`), see https://www.team-cymru.org/Services/ip-to-asn.html#dns
59
+
60
+## Address space
61
+
62
+There is nice 3djs visualisation showing current address space usage: http://dataviz.polynome.dn42/dn42-netblock-visu/registry.html ([public](http://109.24.208.244:8888/dn42-netblock-visu/registry.html) or 172.23.184.98). The input data is taken from the registry.
63
+
64
+Another visualisation shows the prefixes seen by BGP: http://dataviz.polynome.dn42/dn42-netblock-visu/index.html ([public](http://109.24.208.244:8888/dn42-netblock-visu/index.html) or 172.23.184.98).
65
+
66
+## Software
67
+
68
+ * [[lglass]] is a python implementation for working with the registry. It features a whois server, tools to manipulate the data (DNS zone generation, etc).
69
+
70
+## Whois daemons
71
+
72
+| **person** | **dns** | **ip** |
73
+|------------|---------------------------|-----------------|
74
+| welterde | thinkbase.srv.welterde.de | 46.4.248.201 |
75
+| fritz | whois.fritz.dn42 | 172.22.119.139 |
76
+| nixnodes | whois.nixnodes.dn42 | 172.22.177.77 |
77
+
78
+### Usage
79
+```sh
80
+whois -h $host $query
81
+```
82
+### Using a whois config
83
+```sh
84
+$ cat /etc/whois.conf
85
+\.dn42$ 172.22.177.77
86
+\-DN42$ 172.22.177.77
87
+# dn42 range 64512-65534
88
+^as6(4(5(1[2-9]|[2-9][0-9])|[6-9][0-9]{2})|5([0-4][0-9]{2}|5([0-2][0-9]|3[0-4])))$ 172.22.177.77
89
+# dn42 range 76100-76199
90
+^as761[0-9][0-9]$ 172.22.177.77
91
+# dn42 range 4242420000-4242429999
92
+^as424242[0-9]{4}$ 172.22.177.77
93
+# dn42 ipv4 address space
94
+^172\.2[2-3]\.[0-9]{1,3}\.[0-9]{1,3}(/(1[56789]|2[0-9]|3[012]))?$ 172.22.177.77
95
+
96
+# dn42 ula ipv6 address space
97
+fd**:****:****:****:****:****:****:**** 172.22.177.77
98
+
99
+```
100
+You can then use whois without specifying the server. Works at least with Marco d'Itri's whois client.
101
+
102
+### Running your own whoisd
103
+```sh
104
+cd /home/some/path/to/store/branch
105
+sudo aptitude install ruby rubygems
106
+sudo gem install netaddr
107
+cd whoisd/ruby
108
+sudo ruby whoisd.rb nobody
109
+```
110
+
111
+## Monotone
112
+Monotone is an distributed revision control system. Monotone tracks revisions to files, groups sets of revisions into changesets, and tracks history across renames. The design principle is distributed operation making heavy use of cryptographic primitives to track file revisions (via the SHA-1 secure hash) and to authenticate user actions (via RSA cryptographic signatures). Each participant maintains their own revision history store in a local SQLite database. Monotone is especially strong in its support of a diverge/merge workflow, which it achieves in part by always allowing commit before merge. Revisions are exchanged using the custom netsync protocol which shares some conceptual ground with rsync and cvs.
113
+ * [Website](http://monotone.ca/)
114
+ * [Tutorial](http://monotone.ca/docs/Tutorial.html)
115
+
116
+### Monotone servers
117
+
118
+| Person | Address | Status |
119
+|----------|----------------------------------------|--------|
120
+| crest | mtn.crest.dn42 | UP |
121
+| dracoling | dn42.smrsh.net (net.smrsh.dn42) | UP |
122
+| siska | mtn.nixnodes.net / mtn.nixnodes.dn42 (172.22.177.77) | UP |
123
+| xuu | mtn.xuu.dn42 (172.22.141.248) | UP |
124
+| zorun | mtn.polyno.me / mtn.polynome.dn42 (172.23.184.71| UP |
125
+
126
+### Monotone branches
127
+ * net.dn42.registry: Contains the registry and some related code
128
+
129
+### Client setup
130
+```sh
131
+mtn genkey you@domain.tld
132
+mtn pubkey you@domain.tld # send the output to some $monotone_server operator (do NOT send the keypair!)
133
+mtn clone 'mtn://$monotone_server/?net.dn42.*' --branch net.dn42.registry
134
+cd net.dn42.registry
135
+$add_your_objects
136
+mtn add --unknown
137
+mtn ci -k you@domain.tld
138
+mtn sync
139
+```
140
+
141
+### Server setup
142
+
143
+Debian has a package "monotone-server", with config located in "/etc/monotone".
144
+
145
+Pro-tip: monotone seems to use `SO_V6ONLY`, which is annoying. To bind to both IPv4 and IPv6, use `ADDRESS=":: --bind 0.0.0.0"` in `/etc/default/monotone`.