18eecec21474ad79e096ebc3ae2a9c5f520a736d
FAQ.md
... | ... | @@ -29,6 +29,11 @@ issues. There may still be references back to monotone in some of the documentat |
29 | 29 | |
30 | 30 | https://git.dn42.dev/dn42/registry (https://git.dn42/dn42/registry) |
31 | 31 | |
32 | +### Can I use Windows to clone and update the registry ? |
|
33 | + |
|
34 | +No. The registry includes IPv6 resources but NTFS does not support having a `:` in filenames. |
|
35 | + |
|
36 | +A simple workaround is to use a non-Windows VM to do your changes. |
|
32 | 37 | |
33 | 38 | ### Can I reuse my public AS number/IPv4/IPv6? |
34 | 39 |
Home.md
... | ... | @@ -1,8 +1,8 @@ |
1 | 1 | ## About dn42 |
2 | 2 | |
3 | -dn42 is a big dynamic [VPN](http://en.wikipedia.org/wiki/Virtual_private_network), which employs Internet technologies ([BGP](http://en.wikipedia.org/wiki/Bgp), whois database, [DNS](http://en.wikipedia.org/wiki/Domain_Name_System), etc). Participants connect to each other using network tunnels ([GRE](/howto/GRE-on-FreeBSD), [OpenVPN](/howto/openvpn), [Tinc](/howto/tinc), [IPsec](/howto/IPsec-with-PublicKeys)) and exchange routes thanks to the Border Gateway Protocol. Network addresses are assigned in the `172.20.0.0/14` range and private AS numbers are used (see [registry](/services/Whois)) as well as IPv6 addresses from the ULA-Range (`fd00::/8`) - see [FAQ](https://internal.dn42/FAQ#frequently-asked-questions_what-about-ipv6-in-dn42). |
|
3 | +dn42 is a big dynamic [VPN](http://en.wikipedia.org/wiki/Virtual_private_network), which employs Internet technologies ([BGP](http://en.wikipedia.org/wiki/Bgp), whois database, [DNS](http://en.wikipedia.org/wiki/Domain_Name_System), etc). Participants connect to each other using network tunnels ([GRE](/howto/GRE-on-FreeBSD), [OpenVPN](/howto/openvpn), [Tinc](/howto/tinc), [IPsec](/howto/IPsec-with-PublicKeys)) and exchange routes thanks to the Border Gateway Protocol. Network addresses are assigned in the `172.20.0.0/14` range and private AS numbers are used (see [registry](/services/Whois)) as well as IPv6 addresses from the ULA-Range (`fd00::/8`) - see [FAQ](/FAQ#frequently-asked-questions_what-about-ipv6-in-dn42). |
|
4 | 4 | |
5 | -A number of services are provided on the network: see [internal](http://wiki.dn42/internal/Internal-Services) (only available from within dn42). Also, dn42 is interconnected with other networks, such as [ChaosVPN](http://wiki.hamburg.ccc.de/ChaosVPN) or some [Freifunk](http://en.wikipedia.org/wiki/Freifunk) networks. |
|
5 | +A number of services are provided on the network: see [internal](/internal/Internal-Services) (only available from within dn42). Also, dn42 is interconnected with other networks, such as [ChaosVPN](http://wiki.hamburg.ccc.de/ChaosVPN) or some [Freifunk](http://en.wikipedia.org/wiki/Freifunk) networks. |
|
6 | 6 | |
7 | 7 | Still have questions? We have [[FAQs|FAQ]] listed. |
8 | 8 | |
... | ... | @@ -39,7 +39,6 @@ The [[Getting started|howto/Getting-Started]] page helps you to get your first n |
39 | 39 | * [Wikipedia about dn42](http://en.wikipedia.org/wiki/Decentralized_network_42) |
40 | 40 | * [Lecture on 26c3](http://events.ccc.de/congress/2009/Fahrplan/events/3504.en.html) |
41 | 41 | * [Lecture on GPN8](http://entropia.de/wiki/GPN8:dn42) |
42 | - * [soup.io group](http://dn42.soup.io/) |
|
43 | 42 | * [nobody about dn42](http://nowhere.ws/guides/dn42/) |
44 | 43 | * [Lecture on mrmcd0x8](http://web.archive.org/web/20090831211324/http://mrmcd0x8.metarheinmain.de/fahrplan/events/3321.de.html) |
45 | 44 | * [dn42-category in hackerspaces.org wiki](https://hackerspaces.org/wiki/Category:DN42) |
... | ... | @@ -60,7 +59,6 @@ The [[Getting started|howto/Getting-Started]] page helps you to get your first n |
60 | 59 | * [freifunk](http://freifunk.net) |
61 | 60 | * [NoName e.V. Heidelberg](https://www.noname-ev.de) |
62 | 61 | * [raumzeitlabor/hackerspace rhein-neckar](http://www.raumzeitlabor.de) |
63 | -* [Cyberpipe](https://www.kiberpipa.org) |
|
64 | 62 | * [Hackerspace Brussels (HSB)](http://hackerspace.be) |
65 | 63 | * [[hsmr] / Hackspace Marburg](https://hsmr.cc) |
66 | 64 | * [Whitespace (0x20)](http://www.0x20.be) |
... | ... | @@ -68,7 +66,7 @@ The [[Getting started|howto/Getting-Started]] page helps you to get your first n |
68 | 66 | * [SNE group](https://www.os3.nl) |
69 | 67 | * [smrsh](http://www.smrsh.net) |
70 | 68 | * [Hackspace Jena e.V.](https://kraut.space) |
71 | -* [breizh-entropy](http://breizh-entropy.dn42) |
|
69 | +* [Breizh-Entropy](http://wiki.breizh-entropy.org/wiki/DN42) |
|
72 | 70 | * [Fédération FDN](https://www.ffdn.org) |
73 | 71 | * [Le LOOP](https://leloop.org/) |
74 | 72 | * [Hackerspace Bielefeld](https://hackerspace-bielefeld.de) |
... | ... | @@ -76,7 +74,7 @@ The [[Getting started|howto/Getting-Started]] page helps you to get your first n |
76 | 74 | |
77 | 75 | ## About this wiki |
78 | 76 | |
79 | -This wiki is the main reference about dn42. It is available in read-only mode [from the Internet](https://dn42.net), [tor](http://jsptropkiix3ki5u.onion) and [i2p](http://beb6v2i4jevo72vvnx6segsk4zv3pu3prbwcfuta3bzrcv7boy2q.b32.i2p/) and for editing from within dn42, at [https://wiki.dn42](https://wiki.dn42) - [https](services/Certificate-Authority) required for editing. |
|
77 | +This wiki is the main reference about dn42. It is available in read-only mode from the Internet [here](https://wiki.dn42.us) or [here](https://dn42.dev) or [here](https://dn42.tk) or [here](https://dn42.eu), [tor](http://jsptropkiix3ki5u.onion) and [i2p](http://beb6v2i4jevo72vvnx6segsk4zv3pu3prbwcfuta3bzrcv7boy2q.b32.i2p/) and for editing from within dn42, at [https://wiki.dn42](https://wiki.dn42) - [https](services/Certificate-Authority) required for editing. |
|
80 | 78 | |
81 | 79 | #### DN42 Logo |
82 | 80 |
_Sidebar.md
... | ... | @@ -12,6 +12,8 @@ |
12 | 12 | * [[IPsec With Public Keys|howto/IPsec-with-PublicKeys]] |
13 | 13 | * [[Tinc|howto/tinc]] |
14 | 14 | * [[GRE on FreeBSD|howto/GRE-on-FreeBSD]] |
15 | + * [[GRE on OpenBSD|howto/GRE-on-OpenBSD]] |
|
16 | + * [[IPv6 Multicast (PIM-SM)|howto/IPv6-Multicast]] |
|
15 | 17 | * [[Bird|howto/Bird]] / [[Bird2|howto/Bird2]] |
16 | 18 | * [[Quagga|howto/Quagga]] |
17 | 19 | * [[OpenBGPD|howto/OpenBGPD]] |
... | ... | @@ -30,6 +32,7 @@ |
30 | 32 | * [[Repository Mirrors|services/Repository-Mirrors]] |
31 | 33 | * [[Distributed Wiki|services/Distributed-Wiki]] |
32 | 34 | * [[Certificate Authority|services/Certificate-Authority]] |
35 | + * [[Route Collector|services/Route-Collector]] |
|
33 | 36 | |
34 | 37 | * Internal |
35 | 38 | * [[Internal services|internal/Internal-Services]] |
contact.md
... | ... | @@ -27,9 +27,10 @@ There are currently multiple decentralized mirrors and domains for the DN42 wiki |
27 | 27 | |
28 | 28 | * [dn42.us](https://wiki.dn42.us) maintained by xuu |
29 | 29 | * [dn42.dev](https://dn42.dev) / [wiki.burble.dn42](https://wiki.burble.dn42/) maintained by Burble |
30 | + * [dn42.eu](https://dn42.eu) maintained by Nurtic-vibe |
|
31 | + * [dn42.tk](https://dn42.tk) maintained by Androw |
|
30 | 32 | |
31 | 33 | No longer maintained: |
32 | 34 | |
33 | - * [dn42.eu](https://dn42.eu) maintained by Nurtic-vibe |
|
34 | 35 | * [dn42.net](https://dn42.net) maintained by toBee |
35 | 36 | * [wiki.dn42.lutoma.org](https://wiki.dn42.lutoma.org) maintained by lutoma |
howto/Bird2.md
... | ... | @@ -2,7 +2,7 @@ This guide is similar to the normal [Bird](/howto/Bird) guide in that it provide |
2 | 2 | |
3 | 3 | # Arch Linux |
4 | 4 | |
5 | -The `extra/bird` package in the arch repositories will usually have a relatively recent version and there is (usually) no need for a manual install over the usual `# pacman -S bird'. |
|
5 | +The `extra/bird` package in the arch repositories will usually have a relatively recent version and there is (usually) no need for a manual install over the usual `# pacman -S bird`. |
|
6 | 6 | |
7 | 7 | # Example configuration |
8 | 8 |
howto/GRE-on-OpenBSD.md
... | ... | @@ -0,0 +1,71 @@ |
1 | +# Point-to-Point Layer 3 GRE tunnel interface |
|
2 | +This guide describes how to establish an unencrypted and unauthenticated IPv6-over-IPv6 tunnel on [OpenBSD](https://openbsd.org), see [gre(4) EXAMPLES](http://man.openbsd.org/gre.4#Point-to-Point_Layer_3_GRE_tunnel_interfaces_(gre)_example) for similar setups. |
|
3 | + |
|
4 | + |
|
5 | +# Configuration |
|
6 | +Let *A* be the local OpenBSD host and *D* the remote peer, assume public DNS names and IPv6 reachability. |
|
7 | + |
|
8 | +Let `fd42::` and `fd42::1` be the IPs of *A* and *D* respectively where both are allocated as `/127` subnet from one of the peer's DN42 prefix. |
|
9 | + |
|
10 | +## pseudo interface |
|
11 | +Populate [`/etc/hostname.gre0`](https://man.openbsd.org/hostname.if.5) with: |
|
12 | +``` |
|
13 | +tunnel A.example.com D.example.net |
|
14 | +inet6 fd42::/127 |
|
15 | +``` |
|
16 | +This will resolve FQDNs at parse time, set *A*'s and *D*'s IPs as source and destination tunnel address and set *A*'s assigned IP as point-to-point address on the interface. |
|
17 | + |
|
18 | +Replace hostnames in the `tunnel` line with literal IPs if DNS is not available (at system boot). |
|
19 | + |
|
20 | +Reboot or run [`sh /etc/netstart gre0`](https://man.openbsd.org/netstart.8) to bring up the tunnel. |
|
21 | + |
|
22 | +## miscellaneous |
|
23 | +Populate `/etc/sysctl.conf` with: |
|
24 | +``` |
|
25 | +net.inet.gre.allow=1 |
|
26 | +``` |
|
27 | +Reboot or run `sysctl net.inet.gre.allow=1` to allow GRE packet processing. |
|
28 | + |
|
29 | +- |
|
30 | +At this point, `gre0` will be administratively *UP*: |
|
31 | +``` |
|
32 | +$ ifconfig gre0 |
|
33 | +gre0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1476 |
|
34 | + index 22 priority 0 llprio 6 |
|
35 | + encap: vnetid none txprio payload rxprio packet |
|
36 | + groups: gre |
|
37 | + tunnel: inet6 2001:db8::a --> 2001:db9::d ttl 64 nodf ecn |
|
38 | + inet6 fe80::221:28ff:fef9:c1d8%gre0 --> prefixlen 64 scopeid 0x16 |
|
39 | + inet6 fd42:: --> prefixlen 127 |
|
40 | +``` |
|
41 | + |
|
42 | +All traffic destined to `fd42::1/127` will be encapsulated and routed to *D*: |
|
43 | +``` |
|
44 | +$ route show |
|
45 | +[...] |
|
46 | +Internet6: |
|
47 | +Destination Gateway Flags Refs Use Mtu Prio Iface |
|
48 | +fd42::/127 fd42:: UCn 1 0 - 4 gre0 |
|
49 | +fd42:: fd42:: UHl 0 0 - 1 gre0 |
|
50 | +fd42::1 link#0 UHc 0 3180 - 3 gre0 |
|
51 | +fe80::%gre0/64 fe80::221:28ff:fef9:c1d8%gre0 Un 0 0 - 4 gre0 |
|
52 | +fe80::221:28ff:fef9:c1d8%gre0 fe80::221:28ff:fef9:c1d8%gre0 UHl 0 0 - 1 gre0 |
|
53 | +ff01::%gre0/32 fe80::221:28ff:fef9:c1d8%gre0 Um 0 1 - 4 gre0 |
|
54 | +ff02::%gre0/32 fe80::221:28ff:fef9:c1d8%gre0 Um 0 1 - 4 gre0 |
|
55 | +[...] |
|
56 | +``` |
|
57 | +``` |
|
58 | +$ route -n get fd42::1 |
|
59 | + route to: fd42::1 |
|
60 | +destination: fd42::1 |
|
61 | + mask: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff |
|
62 | + interface: gre0 |
|
63 | + if address: fd42:: |
|
64 | + priority: 3 () |
|
65 | + flags: <UP,HOST,DONE,CLONED> |
|
66 | + use mtu expire |
|
67 | + 3181 0 0 |
|
68 | +``` |
|
69 | + |
|
70 | +# Security |
|
71 | +GRE may be protected with IPsec to encrypt and authenticate traffic, [OpenIKED](http://www.openiked.org/) can be used to establish an IKEv2 session between *A* and *D*. |
|
... | ... | \ No newline at end of file |
howto/Getting-Started.md
... | ... | @@ -250,7 +250,8 @@ source: DN42 |
250 | 250 | #### DNS and Domain Registration |
251 | 251 | |
252 | 252 | *(Optional)* |
253 | -To register a domain name, create a `dns` object in the data/dns directory. |
|
253 | +To register a domain name, create a `dns` object in the data/dns directory. |
|
254 | +Domain names and nserver attributes must be lowercase. |
|
254 | 255 | |
255 | 256 | example: data/dns/foo.dn42 |
256 | 257 | ``` |
howto/IPv6-Multicast.md
... | ... | @@ -0,0 +1,168 @@ |
1 | +# IPv6 Multicast |
|
2 | + |
|
3 | +The following guide illustrates how to set up an IPv6 multicast router using [PIM-SM](https://en.wikipedia.org/wiki/Protocol_Independent_Multicast#Sparse_mode) (Protocol Independent Multicast in Sparse Mode) with your own personal multicast prefix. |
|
4 | + |
|
5 | +## Quickstart |
|
6 | + |
|
7 | +* Install pim6sd from here: https://github.com/troglobit/pim6sd/ |
|
8 | + ```sh |
|
9 | + cd /usr/src |
|
10 | + git clone https://github.com/troglobit/pim6sd.git |
|
11 | + cd pim6sd |
|
12 | + ./autogen.sh |
|
13 | + ./configure |
|
14 | + make |
|
15 | + ``` |
|
16 | +* Find a peer who is already connected to the dn42 multicast backbone |
|
17 | +* Calculate your personal, embedded-RP multicast prefix matching your network prefix via [RFC3956](https://tools.ietf.org/html/rfc3956) |
|
18 | + * Example: |
|
19 | + * Pattern: `ff7e:<RIID><plen>:<prefix>::/96` |
|
20 | + * Prefix: `fd00:2001:db8::/48` |
|
21 | + * Prefix length: `48 == 0x30` |
|
22 | + * RIID: An arbitrary number between `0x1` and `0xf`, for instance `0x2` |
|
23 | + * Result: |
|
24 | + * Multicast prefix: `ff7e:230:fd00:2001:db8::/96` |
|
25 | + * RP address: ``fd00:2001:db8::<RIID>`` -> ``fd00:2001:db8::2`` |
|
26 | + |
|
27 | +* Create a dummy interface to hold your calculated unicast Rendezvous Point address. This one needs to be reachable from within dn42. Also set "multicast on" on this dummy interface. Example: |
|
28 | + |
|
29 | + ``` |
|
30 | + # /etc/network/interfaces.d/pim6sd |
|
31 | + auto pim-router-id |
|
32 | + iface pim-router-id inet manual |
|
33 | + pre-up ip link add name $IFACE type dummy |
|
34 | + post-up ip link set multicast on dev $IFACE |
|
35 | + post-up ip -6 a a fd00:2001:db8::2/128 dev $IFACE |
|
36 | + post-down ip link del $IFACE |
|
37 | + ``` |
|
38 | + |
|
39 | +* Create the configuration file: |
|
40 | + |
|
41 | + ```sh |
|
42 | + # /etc/pim6sd.conf |
|
43 | + # disable all interfaces by default |
|
44 | + default_phyint_status disable; |
|
45 | + |
|
46 | + # enable the pim-router-id interface first to acquire the correct primary address |
|
47 | + phyint pim-router-id enable; |
|
48 | + |
|
49 | + # add multicast-capable peer interfaces below |
|
50 | + phyint dn42-peer1 enable; |
|
51 | + |
|
52 | + # configure rendezvous point for the personal multicast prefix |
|
53 | + cand_rp pim-router-id; |
|
54 | + group_prefix ff7e:230:fd00:2001:db8::/96; |
|
55 | + ``` |
|
56 | + |
|
57 | + The `phyint` statement enables [PIM](https://tools.ietf.org/html/rfc7761) and [MLD](https://tools.ietf.org/html/rfc2710) on the target interface - by default all interfaces are in the disable state. Enable an interface if it is directed towards a multicast-capable peer or other multicast-capable routers in your autonomous system. Also enable it for downstream network segments with multicast listeners and senders, like for example your home (W)LAN segments. |
|
58 | + |
|
59 | + With `cand_rp` and `group_prefix` statements you can configure this router as a Rendezvous Point (RP) for your personal multicast group prefix. The address on the interface given as `cand_rp` will be used as the primary address for your RP, it therefore *must* be routable. |
|
60 | + |
|
61 | +--- |
|
62 | + |
|
63 | +## Testing & Applications |
|
64 | + |
|
65 | +### Creating a test network namespace |
|
66 | + |
|
67 | +On your router: |
|
68 | + |
|
69 | +```sh |
|
70 | +allow-hotplug pim-ns0 |
|
71 | +iface pim-ns0 inet manual |
|
72 | + pre-up ip link add pim-ns0 type veth peer name pim-ns1 |
|
73 | + post-up ip netns add pim-ns0 |
|
74 | + post-up ip link set addr 02:11:22:00:00:02 netns pim-ns0 name pim-ns0 up dev pim-ns1 |
|
75 | + post-up ip link set addr 02:11:22:00:00:01 up dev pim-ns0 |
|
76 | + post-up ip -6 a a fdd5:69d5:c530:1::1/64 dev pim-ns0 |
|
77 | + post-up ip netns exec pim-ns0 ip -6 a a fdd5:69d5:c530:1::2/64 dev pim-ns0 |
|
78 | + post-up ip netns exec pim-ns0 ip -6 r a default via fdd5:69d5:c530:1::1 |
|
79 | + post-down ip link del pim-ns0 |
|
80 | + post-down ip netns del pim-ns0 |
|
81 | +``` |
|
82 | + |
|
83 | +You can now switch into this test network namespace via "ip netns exec /bin/bash". Inside this network namespace you can try: |
|
84 | + |
|
85 | +### Creating a test multicast listener |
|
86 | + |
|
87 | +``` |
|
88 | +$ socat -u UDP6-RECV:1234,reuseaddr,ipv6-join-group="[ff7e:230:fdd5:69d5:c530::123]:eth0" - |
|
89 | +``` |
|
90 | + |
|
91 | +### Creating a test multicast sender |
|
92 | + |
|
93 | +First select which interface should be the default one for your multicast traffic. Then send multicast packets via ICMPv6: |
|
94 | + |
|
95 | +``` |
|
96 | +$ ip -6 route add ff7e:230:fdd5:69d5:c530::/96 dev eth0 table local |
|
97 | +$ ping6 -t 16 ff7e:230:fdd5:69d5:c530::123 |
|
98 | +``` |
|
99 | + |
|
100 | +The "-t 16", a hop-limit of 16, is important here as **by default all multicast traffic is usually send with a hop-limit of just 1**. |
|
101 | + |
|
102 | +--- |
|
103 | + |
|
104 | +## Advanced Configurations |
|
105 | + |
|
106 | + |
|
107 | + |
|
108 | +### Nomenclature |
|
109 | + |
|
110 | +#### Bootstrap Router (BSR) |
|
111 | + |
|
112 | +Router that collects multicast group information from all RP in the network and advertises it across the network. |
|
113 | + |
|
114 | +#### Rendezvous Point (RP) |
|
115 | + |
|
116 | +Router where senders and receivers will meet for a certain multicast address. Senders must send their data to it, after which it will be forwarded to receivers. As soon as a receivers DR learns of the sender it will ask their router to forward data along a direct path between sender and receiver. |
|
117 | + |
|
118 | +#### Designated Router (DR) |
|
119 | + |
|
120 | +First-hop router that stand in for sender and receiver on their downstream networks. The senders DR sends their data towards the RP encapsulated in PIM Register packets. The receivers DR will send join and prune messages to the RP, managing the group subscription. |
|
121 | + |
|
122 | +### RFC3306: "Unicast-Prefix-based IPv6 Multicast Addresses" |
|
123 | + |
|
124 | +Before RFC3956 (embedded RP addresses) personal, network prefix based multicast prefixes were calculated via RFC3306. Example: |
|
125 | + |
|
126 | +* Pattern: `ff3e:<plen>:<prefix>::/96` |
|
127 | + * Prefix: `fd00:2001:db8::/48` |
|
128 | + * Prefix length: `48 == 0x30` |
|
129 | + * Result: `ff3e:30:fd00:2001:db8::/96` |
|
130 | + |
|
131 | +* Pros: |
|
132 | + * More flexible RP address selection |
|
133 | + * Allows filtering on the BSR |
|
134 | + |
|
135 | +* Cons: |
|
136 | + * Needs a central BSR for coordination (or static RP configuration) |
|
137 | + * Allows filtering on the BSR |
|
138 | + |
|
139 | +However you can usually just announce and use both RFC3306 and RFC3956 based multicast prefixes, if you want to. pim6sd allows adding multiple ``group_prefix`` entries. |
|
140 | + |
|
141 | +### Address Management |
|
142 | + |
|
143 | +#### Bootstrap Router |
|
144 | + |
|
145 | +If you want to be participate as a bootstrap router candidate, please read up on how PIM works first. If you join with a bootstrap router candidate add it here below with contact information and join #dn42-multicast on HackInt: |
|
146 | +* <BSR-ADDR1> - [email protected], foo@HackInt |
|
147 | +* <BSR-ADDR2> - ... |
|
148 | + |
|
149 | +#### Shared multicast addresses |
|
150 | + |
|
151 | +Next to personal multicast prefixes generated by network prefix (RFC3306 or RFC3956) there can also be multicast addresses not owned by a specific AS. In general any one can just set up a multicast sender or listener for those. However to work, they need a reliable RP for coordination. |
|
152 | + |
|
153 | +If you want to offer an RP candidate for a shared multicast address, please read up on how PIM works first. If you join with an RP candidate for a shared multicast address add it here below with contact information and join #dn42-multicast on HackInt: |
|
154 | +* <multicast-address1>/128: |
|
155 | + - <RP-address1> - [email protected], foo@HackInt |
|
156 | + - <RP-address2> - [email protected], bar@HackInt |
|
157 | +* <multicast-address2>/128: |
|
158 | + - ... |
|
159 | + |
|
160 | +## Questions? |
|
161 | + |
|
162 | +* Join: ``#dn42-multicast`` on ``HackInt`` |
|
163 | + |
|
164 | +--- |
|
165 | + |
|
166 | +ToDo: |
|
167 | +* We have a solution for personal multicast prefixes tied to the network prefix of an AS owner. But what to do with multicast addresses that not only have listeners but also senders globally? We could have everyone add an additional "group_prefix ff00::/8" and then multicast router with the lowest address would win and become the central RP for all these addresses... not really scalable, robust or decentral though :-/. Should we use PIM-DM for some of these addresses instead (e.g. ones which generally have a low throughput, for instance Bittorrent Local Peer Discovery)? Or maybe those global addresses should be managed and configured as /128 and people who are interested in managing a specific, global multicast address will coordinate with each other? |
|
168 | +* bootstrap router coordination; according to RFCs a bootstrap router can alter/filter the multicast prefixes it received from candidate RPs. Should a bootstrap router check and filter any multicast prefix that was generated from a network prefix which does not match the network prefix used by the PR? |
|
... | ... | \ No newline at end of file |
howto/wireguard.md
... | ... | @@ -48,7 +48,7 @@ $ ip addr add 172.xx.xx.xx/32 peer 172.xx.xx.xx/32 dev <interface_name> |
48 | 48 | $ ip link set <interface_name> up |
49 | 49 | ``` |
50 | 50 | |
51 | -Nurtic-Vibe has another [script](https://git.dn42.us/Nurtic-Vibe/grmml-helper/src/master/create_wg.sh) to interactively automate the peering process. |
|
51 | +<!-- Nurtic-Vibe has another [script](https://git.dn42.us/Nurtic-Vibe/grmml-helper/src/master/create_wg.sh) to interactively automate the peering process. --> |
|
52 | 52 | |
53 | 53 | Maybe you should check the MTU to your peer with e.g. `ping -s 1472 <end_point_hostname_or_ip>`. If your output looks like `From gateway.local (192.168.0.1) icmp_seq=1 Frag needed and DF set (mtu = 1440)` substract `80` from the MTU and set it via `ip link set dev <interface_name> mtu <calculated_mtu>` |
54 | 54 |
internal/APIs.md
... | ... | @@ -1,10 +1,10 @@ |
1 | 1 | #Application Programming Interfaces (APIs) |
2 | 2 | This page can be useful if you are trying to automate something or if you are trying to retrieve data programmatically. |
3 | 3 | |
4 | -##Proving ASN ownership |
|
5 | -Through this automated service you prove your ASN ownership to KIOUBIT-MNT who then automatically creates a "ownership verification signature". This signature can be very easily verified by anyone. This removes the hassle from checking every different authentication method in the registry. This is particularly useful for automated setups. |
|
6 | - |
|
7 | -API Documentation: https://dn42.g-load.eu/api/verify/documentation.txt |
|
4 | +##ASN Authentication Solution |
|
5 | +Authenticate your users by having them verify their ASN ownership with KIOUBIT-MNT using their registry-provided methods in an automated way. |
|
6 | +More Information in the setup tutorial: https://dn42.g-load.eu/auth/documentation/tutorial.html |
|
7 | +To use the service, please message Kioubit on IRC to have your domain activated. |
|
8 | 8 | |
9 | 9 | ##Registry REST API |
10 | 10 |
internal/Historical-Services.md
... | ... | @@ -43,24 +43,32 @@ http://mwd.dn42/dns.php |
43 | 43 | MWD will also provide a secondary DNS server and/or cacti monitoring of your devices. Just ask on IRC. More info: http://mwd.dn42 |
44 | 44 | |
45 | 45 | ### Getting your current dn42 IPv4/IPv6 address |
46 | + * What is my IP: [ip4.dn42](http://ip4.dn42/), [ip6.dn42](http://ip6.dn42/) |
|
46 | 47 | |
47 | -http://wieistmeineip.dn42 provides a service like http://wieistmeineip.de, but for dn42. |
|
48 | + * http://wieistmeineip.dn42 provides a service like http://wieistmeineip.de, but for dn42. |
|
48 | 49 | wieistmeineip.dn42 also provides a telnet service that returns the address you connected with. This service only shows you the address of the preferred protocol, but there are also ipv4.wieistmeineip.dn42 and ipv6.wieistmeineip.dn42 that accept only connections via IPv4/IPv6. |
49 | 50 | |
50 | -You can also use http://whatismyip.dn42 from inside dn42 to get your IPv4 and IPv6 address. It also returns information about your latency, netblock details, and route information. |
|
51 | + * You can also use http://whatismyip.dn42 from inside dn42 to get your IPv4 and IPv6 address. It also returns information about your latency, netblock details, and route information. |
|
51 | 52 | |
52 | -An alternative is available at https://ip.naive.network, which displays your clearnet and dn42 IP addresses. |
|
53 | + * An alternative is available at https://ip.naive.network, which displays your clearnet and dn42 IP addresses. |
|
53 | 54 | |
54 | 55 | ## Search engines |
55 | 56 | |
56 | 57 | | Hostname / IP | Remarks | |
57 | 58 | |:------------------------------------------------- |:-------------------------------------------------------- | |
58 | 59 | | http://yacy.dn42 (OFFLINE 2020-01-18) | YaCy search engine. Indexing local nets | |
59 | -| _Configuring Yacy Network settings:_ |[YaCy Network Configuration](http://yacy.dn42/yacy.network.dn42.unit) | |
|
60 | - |
|
60 | +| _Configuring Yacy Network settings:_ |[YaCy Network Configuration](http://yacy.dn42/yacy.network.dn42.unit) | |
|
61 | +| http://mhm.dn42/search | Hosted by toBee | |
|
61 | 62 | |
62 | 63 | ## File Sharing |
63 | 64 | |
65 | +### FTP / HTTP |
|
66 | + |
|
67 | +| Hostname / IP | Space | Speed | Remarks | |
|
68 | +|:----------------------------------------------------------- |:----- |:----------- |:---------------------------------- | |
|
69 | +| http://filer.mhm.dn42 | 4TB | 1GBit | 24/7/365 | |
|
70 | +| http://data.0l.dn42 | 5TB | 1GBit | 24/7/365, download, dn42 MRT dumps | |
|
71 | + |
|
64 | 72 | ### Tahoe LAFS |
65 | 73 | Some people runs [Tahoe LAFS](/services/Tahoe-LAFS) nodes to provide a secure decentralized crypted file storage but in dn42. |
66 | 74 | |
... | ... | @@ -84,6 +92,10 @@ Until browsers have ipfs access (either through native support or js), one can u |
84 | 92 | https://rest.dn42/ |
85 | 93 | ``` |
86 | 94 | |
95 | +### Torrent Search Engine |
|
96 | + |
|
97 | +* https://magnetic.dn42 (DHT Search Engine) |
|
98 | + |
|
87 | 99 | ### Torrent Index |
88 | 100 | |
89 | 101 | * http://torrents.dn42 |
internal/Internal-Services.md
... | ... | @@ -2,7 +2,7 @@ |
2 | 2 | |
3 | 3 | You are asked to show some creativity in terms of network usage and content. ;) |
4 | 4 | |
5 | -**More inspiration is collected [here](/internal/Historical-Services) and [here](/internal/ideas).** |
|
5 | +**More inspiration is collected [here](/internal/Historical-Services) and [here](/internal/Ideas).** |
|
6 | 6 | |
7 | 7 | ## CA |
8 | 8 | |
... | ... | @@ -13,12 +13,14 @@ zotan is maintaining an (experimental, but working) [ACME server](https://acme.d |
13 | 13 | ## Network-related |
14 | 14 | * See [[Looking Glasses|/services/Looking-Glasses]] for more network diagnostic tools |
15 | 15 | * Realtime network map: [map.dn42](http://map.dn42/) (via DN42) or [map42.0x7f.cc](https://map42.0x7f.cc) (via clearnet) _(Note: This is a direct copy of nixnodes map with some fixes and new functions since original map is no longer get maintained. This map uses the GRC as source, so it would be more comprehensive than original one. Data refreshes every 20~30 minutes.)_ |
16 | + * Network Information Service: [info.nia.dn42](http://info.nia.dn42) (DN42) or [bgp42.strexp.net](https://bgp42.strexp.net) (IANA). Main functions including _network information_, _network map (from map.dn42, require WebGL)_, _network ranking (based on centrality)_, _ROA alerting_ and _path finder_. |
|
17 | + * Yet Another WIP network map: [map.jerry.dn42](http://map.jerry.dn42/) (via DN42) or [map.meson.cc](https://map.meson.cc) (via clearnet) _(uses GRC shell as source, updated every 24 hours.)_ |
|
16 | 18 | * Nixnodes original Map of the network: [map.nixnodes.net](http://map.nixnodes.net) |
17 | 19 | * DN42 IP address lookup tool: [dn42.g-load.eu/ip](https://dn42.g-load.eu/ip/) |
18 | 20 | * New DNS System monitoring: [grafana.burble.com/d/E4iCaHoWk/dn42-dns-status](https://grafana.burble.com/d/E4iCaHoWk/dn42-dns-status?orgId=1&refresh=1m) |
19 | 21 | * DN42 Toplevel domain DNS monitoring: [gatuno.dn42/dns](http://gatuno.dn42/dns) |
20 | 22 | * Free DNS Hosting. You can host any toplevel or subdomain from dn42: [gatuno.dn42/managed](http://gatuno.dn42/managed/) |
21 | - * What is my IP: [whatismyip.dn42](http://whatismyip.dn42/), [ip4.dn42](http://ip4.dn42/), [ip6.dn42](http://ip6.dn42/) |
|
23 | + * What is my IP: [whatismyip.dn42](http://whatismyip.dn42/) |
|
22 | 24 | |
23 | 25 | |
24 | 26 | ### GeoIP Services |
... | ... | @@ -27,31 +29,24 @@ zotan is maintaining an (experimental, but working) [ACME server](https://acme.d |
27 | 29 | #### API |
28 | 30 | Results are in JSON format. |
29 | 31 | |
30 | -http://ipip.map.dn42/whois?ip=[DN42_IP]&lang=en |
|
31 | - |
|
32 | +http://ipip.map.dn42/whois?ip=[DN42_IP]&lang=en |
|
32 | 33 | http://ipip.map.dn42/whois?asn=AS[DN42_ASN] |
33 | 34 | |
34 | 35 | #### Client |
35 | 36 | There is a client software using above apis to provide GeoIP-based traceroute. |
36 | 37 | It is a modified IPIP.NET Best Trace software with DN42 support injection. |
37 | 38 | |
38 | -Windows only, no virus scan report available, but our DLL source is provided with the modified client. |
|
39 | - |
|
40 | -It's highly recommended to run this tool in a sandbox. |
|
39 | +Windows only, no virus scan report available, but our DLL source is provided with the modified client. It's highly recommended to run this tool in a sandbox. |
|
41 | 40 | |
42 | 41 | ** Since the original software is not open source, so use it at your own risk. ** |
43 | 42 | |
44 | -Preview: http://img.dn42/images/GEOTRACE42.jpg |
|
45 | - |
|
43 | +Preview: http://img.dn42/images/GEOTRACE42.jpg |
|
46 | 44 | Link: http://map.dn42/BestTrace42.zip |
47 | 45 | |
48 | -### Proving ASN ownership |
|
49 | -Through this automated service you prove your ASN ownership to KIOUBIT-MNT who then automatically creates a "ownership verification signature". |
|
50 | -This signature can be very easily verified by anyone. This removes the hassle from checking every different authentication method in the registry. This is particularly useful for automated setups. |
|
51 | - |
|
52 | -Manual Verification: https://dn42.g-load.eu/verify/manual/ |
|
53 | - |
|
54 | -API: https://dn42.g-load.eu/verify/documentation.txt |
|
46 | +### ASN Authentication Solution |
|
47 | +Authenticate your users by having them verify their ASN ownership with KIOUBIT-MNT using their registry-provided methods in an automated way. |
|
48 | +More Information in the setup tutorial: https://dn42.g-load.eu/auth/documentation/tutorial.html |
|
49 | +To use the service, please message Kioubit on IRC to have your domain activated. |
|
55 | 50 | |
56 | 51 | ## IRC |
57 | 52 | |
... | ... | @@ -67,27 +62,21 @@ API: https://dn42.g-load.eu/verify/documentation.txt |
67 | 62 | |:--------------|:--------| |
68 | 63 | | https://lounge.burble.dn42 | [thelounge](https://thelounge.chat/) for lurking on #dn42, see [burble.dn42 services](https://dn42.burble.com/home/burble-dn42-services). | |
69 | 64 | |
70 | -## Search engines |
|
71 | - |
|
72 | -| Hostname / IP | Remarks | |
|
73 | -|:------------------------------------------------- |:-------------------------------------------------------- | |
|
74 | -| http://mhm.dn42/search | Hosted by toBee | |
|
75 | - |
|
76 | 65 | ## Images, E-Books, Videos and other Media |
77 | 66 | |
78 | 67 | | Hostname / IP | Remarks | |
79 | 68 | |:------------------------------------------------- |:-------------------------------------------------------- | |
80 | 69 | | http://img.dn42 | Imagehoster | |
81 | 70 | | http://chan.dn42 | DN42-Chan, an imageboard | |
82 | -| http://j.munsternet.dn42 | Jellyfin instance with movies and TV shows (test) |
|
83 | -| |
|
71 | +| http://j.munsternet.dn42 | Jellyfin instance with movies and TV shows (test). | |
|
84 | 72 | |
85 | 73 | ## Radio and Video Streaming |
86 | 74 | |
87 | -| Hostname / IP | Remarks | |
|
88 | -|:------------------------------------------------- |:-------------------------------------------------------- | |
|
89 | -| http://stream.media.dn42/ | icecast-relay, contact toBee for more streams | |
|
90 | -| https://invidious.doxz.dn42/ | Invidious instance with proxy (Youtube) | |
|
75 | +| Hostname / IP | Remarks | |
|
76 | +|:------------------------------------------------- |:-------------------------------------------------------------- | |
|
77 | +| http://stream.media.dn42/ | icecast-relay, contact toBee for more streams (DOWN 2020-11-02)| |
|
78 | +| https://invidious.doxz.dn42/ | Invidious instance with proxy (Youtube) | |
|
79 | +| http://radio.hex.dn42/ | Ambient musics | |
|
91 | 80 | |
92 | 81 | ### Direct Connect |
93 | 82 | Some [Advanced Direct Connect](https://en.wikipedia.org/wiki/Advanced_Direct_Connect) Hubs are being run DN42 internally. Choose a [client](https://en.wikipedia.org/wiki/Comparison_of_ADC_software#Client_software) and connect to exchange files. |
... | ... | @@ -106,12 +95,6 @@ Some [Advanced Direct Connect](https://en.wikipedia.org/wiki/Advanced_Direct_Con |
106 | 95 | |:----------------------------------------------------------- |:----- |:----------- |:---------------------------------------------- | |
107 | 96 | | http://seafile.dn42 | | | Opensource Dropbox, yay! | |
108 | 97 | | http://files.nop.dn42 | | max 1Mbit/s | download only | |
109 | -| http://filer.mhm.dn42 | 4TB | 1GBit | 24/7/365 | |
|
110 | -| http://data.0l.dn42 | 5TB | 1GBit | 24/7/365, download, dn42 MRT dumps | |
|
111 | - |
|
112 | -### Torrent Search Engine |
|
113 | - |
|
114 | -- https://magnetic.dn42 (DHT Search Engine) |
|
115 | 98 | |
116 | 99 | ## Proxies |
117 | 100 | |
... | ... | @@ -133,6 +116,7 @@ A MTProxy server is available at [mtp.jerry.dn42:8044](https://t.me/proxy?server |
133 | 116 | | tick.gotroot.dn42 (172.20.14.247) | Stratum 1, GPS, Vancouver Canada | |
134 | 117 | | tock.gotroot.dn42 (172.20.14.250) | Stratum 2, Anycast on each node | |
135 | 118 | | *.burble.dn42 | All burble.dn42 nodes are part of the NTP Pool and provide NTP over clearnet and DN42. See also [burble.dn42 services](https://dn42.burble.com/home/burble-dn42-services) | |
119 | +| ntp.yuetau.dn42 (172.21.68.50) | Anycast on all node | |
|
136 | 120 | |
137 | 121 | ## OS Mirror/Repository's |
138 | 122 | |
... | ... | @@ -144,11 +128,12 @@ Repository Mirrors are listed on another page: [Repository Mirrors](/services/Re |
144 | 128 | | Hostname / IP | Game | Remarks | |
145 | 129 | |:------------------------------------------------- |:---------------------- |:-------------------------- | |
146 | 130 | | hulk.mhm.dn42 (172.23.67.1) | Tetrinet | | |
147 | -| mc.nia.dn42 (172.20.168.133, fd01:1926:817:3::) | Minecraft | 1.16.1, Optimized for CN | |
|
131 | +| 172.20.34.168 | Minecraft | 1.16.4, Bedrock supported, Abuse may lead to a network-wide ban or peer removal | |
|
132 | +| mc.nia.dn42 (172.20.168.133, fd01:1926:817:3::) | Minecraft | 1.16.4 Mod, Optimized for CN | |
|
148 | 133 | | ttd.nia.dn42 (172.20.168.132, fd01:1926:817:2::) | OpenTTD | 1.10.1, Optimized for CN | |
149 | 134 | | mc.jerry.dn42 | Minecraft | 1.16.3, IPv4 & IPv6 | |
150 | 135 | | ttd.jerry.dn42 | OpenTTD | latest, IPv4 & IPv6 | |
151 | -| stk.jerry.dn42:2759 | SuperTuxKart | latest, IPv4 only, NeoNetwork users please use stk.jerry.neo | |
|
136 | +| stk.jerry.dn42:2759, stk.jerry.neo:2759 | SuperTuxKart | latest, IPv4 only | |
|
152 | 137 | | ns1.deltaman.dn42 (172.22.134.131, fd1b:7f7d:dd55:4600:219:ff:fe00:fafe) | OpenTTD | 1.10.3, Hosted in NL | |
153 | 138 | |
154 | 139 | ## Shell |
... | ... | @@ -158,7 +143,7 @@ Providers of shell access: |
158 | 143 | | Person | Hostname | Net | Description | Contact | |
159 | 144 | |:------------- |:------------------------------------ |:---------------- |:----------- |:------------- | |
160 | 145 | | mc36 | telnet test.nop.dn42 | dn42 only |looking glass| - | |
161 | -| JerryXiao | ssh [email protected] | dn42 and neonet |looking glass| - | |
|
146 | +| JerryXiao | ssh [email protected] | dn42 and icvpn |looking glass| - | |
|
162 | 147 | |
163 | 148 | |
164 | 149 | ## Misc |
... | ... | @@ -187,6 +172,18 @@ There are some News Servers available [here](/services/News) |
187 | 172 | * https://mirror.frubar.net 100MBit |
188 | 173 | * https://frucman.frubar.net |
189 | 174 | |
175 | +### NAT64 |
|
176 | + |
|
177 | +Niantic Network (AS4242421331) is providing a NAT64 service at Strategic Explorations (AS207268). |
|
178 | + |
|
179 | +* IPv6 at public Internet: `2a0e:b107:b7f::[DN42 IPv4]` |
|
180 | + |
|
181 | +* IPv4 endpoint at DN42: |
|
182 | + * `172.20.158.177`: Seattle |
|
183 | + * `172.20.158.178`: Singapore |
|
184 | + |
|
185 | +* DNS64: `2602:feda:3c9::` or `dns.strexp.net` |
|
186 | + |
|
190 | 187 | ## AnoNet |
191 | 188 | |
192 | 189 | A wiki page dedicated to the AnoNet Network: http://wiki.qontrol.nl/Anonet |
services/Automatic-CA.md
... | ... | @@ -1,3 +1,8 @@ |
1 | +DN42 ACME CA |
|
2 | +================== |
|
3 | + |
|
4 | +Certificates can be automatically generated with the [ACME-CA](http://acme.dn42). More information can be found on [acme.dn42](http://acme.dn42/) |
|
5 | + |
|
1 | 6 | DN42 Self-Serve CA |
2 | 7 | ================== |
3 | 8 |
services/Clearnet-Domains.md
... | ... | @@ -6,6 +6,9 @@ To provide services over the public internet some community members have contrib |
6 | 6 | |:--| |
7 | 7 | |dn42.dev| |
8 | 8 | |dn42.no| |
9 | +|dn42.fi| |
|
10 | +|dn42.tk| |
|
11 | + |
|
9 | 12 | |
10 | 13 | DNS records for these domains are managed by a gitea repository: |
11 | 14 |
services/DNS.md
... | ... | @@ -39,6 +39,8 @@ nameserver fd42:d42:d42:53::1 |
39 | 39 | nameserver fd42:d42:d42:54::1 |
40 | 40 | nameserver 172.23.0.53 |
41 | 41 | nameserver 172.20.0.53 |
42 | +option inet6 # Linux/glibc |
|
43 | +family inet6 inet4 # BSD |
|
42 | 44 | search dn42 |
43 | 45 | ``` |
44 | 46 |
services/Distributed-Wiki.md
... | ... | @@ -78,7 +78,7 @@ RACK_ENV=production gollum --css --host 127.0.0.1 --port 4567 --no-edit <path> |
78 | 78 | |
79 | 79 | #### SSL |
80 | 80 | |
81 | - - Setup your maintainer object according to [Automatic CA](https://internal.dn42/services/Automatic-CA) |
|
81 | + - Setup your maintainer object according to [Automatic CA](/services/Automatic-CA) |
|
82 | 82 | - Generate a [CSR](/services/Certificate-Authority) and send DNS Key Pin to [[email protected]](mailto:[email protected]): |
83 | 83 | - \<AS> is the as number with the prefix `as` like `as64737-ca.wiki.dn42` |
84 | 84 |
services/Looking-Glasses.md
... | ... | @@ -14,32 +14,41 @@ Please sort by AS number. |
14 | 14 | | 4242420022 | dn42: http://mhm.dn42:5001 | UP | |
15 | 15 | | 4242420123 | dn42: https://lg.grmml.dn42 <br> Interactive (traceroute, BGP-map) | UP | |
16 | 16 | | 4242420151 | ext: ssh [email protected] <br> restricted bird shell | UP | |
17 | +| 4242420181 | ext: https://lg.dn42.miegl.cz <br> dn42: http://lg.mgl.dn42 | UP | |
|
17 | 18 | | 4242420321 | dn42: http://lg.dn42 <br> Interactive (traceroute, BGP-map) | UP | |
19 | +| 4242420827 | ext: https://lg.aasg.name <br> dn42: http://lg.lorkep.dn42 <br> Interactive (traceroute, BGP-map) <br> IPv6 only | UP | |
|
20 | +| 4242420925 | dn42: https://lg.yuetau.dn42/ <br> ext: https://lg-dn42.yuetau.net | UP | |
|
21 | +| 4242420977 | ext: https://lg.moerail.ml <br> dn42: http://lg.moerail.dn42 | UP | |
|
18 | 22 | | 4242421050 | ext: https://lg.dn42.napshome.net <br> dn42: http://lg.napshome.dn42 | UP | |
23 | +| 4242421055 | dn42: http://lg.tmwawpl.dn42 | UP | |
|
19 | 24 | | 4242421080 | dn42: http://lg.jlu5.dn42 | UP | |
20 | 25 | | 4242421099 | ext: https://lg.owensresearch.org <br> dn42: https://lg.owensresearch.dn42/ <br> BGP Route, BGP Community, BGP AS Path, Ping, and Traceroute | UP | |
21 | -| 4242421231 | dn42: http://lg.caesia.dn42 <br> ext: https://lg.caesia.net | UP | |
|
26 | +| 4242421224 | dn42: http://lg.bit.dn42 | UP | |
|
27 | +| 4242421331<br>4242421332<br>207268 | ext: https://lg.strexp.net <br> dn42: http://lg.nia.dn42 | UP | |
|
22 | 28 | | 4242421588 | dn42: http://lg.tech9computers.dn42 <br> Interactive (traceroute, BGP-map) | UP | |
29 | +| 4242421722 | ext: https://lg42.tchekda.fr <br> dn42: http://lg42.tchekda.dn42/ | UP | |
|
30 | +| 4242421876<br>211876 | ext: https://lg42.fixmix.network<br>dn42: https://lg.fixmix.dn42 | UP | |
|
23 | 31 | | 4242421926 | dn42: https://lg.zhaofeng.dn42 <br> ext: https://lg.naive.network | UP | |
24 | 32 | | 4242421955 | dn42: http://lg.nop.dn42/ <br> telnet:test.nop.dn42 <br> ext: http://freerouter.nop.hu/online.html| UP | |
25 | 33 | | 4242422024 | ext: http://lg.dn42.gcc.ac.cn/ <br> Interactive (ping, traceroute, BGP-map)| UP | |
26 | -| 4242422547 | ext: https://lg.lantian.pub or https://lg-alt.lantian.pub <br> dn42: http://lg.lantian.dn42 or http://lg-alt.lantian.dn42 | UP | |
|
34 | +| 4242422092 | ext: https://lg.dn42.pebkac.gr <br> dn42: http://lg.pebkac.dn42 <br> IPv4 and IPv6 | UP | |
|
35 | +| 4242422189 | dn42: http://lg.iedon.dn42 | UP | |
|
36 | +| 4242422237 | ext: https://lg.dn42.munsternet.eu | UP | |
|
37 | +| 4242422341 | ext: https://lg.dn42.zotan.network <br> dn42: https://lg.zotan.dn42 | UP | |
|
38 | +| 4242422428 | ext: https://lg.0l.de <br> IPv4 and IPv6 | UP | |
|
39 | +| 4242422547 | ext: https://lg.lantian.pub <br> dn42: http://lg.lantian.dn42 | UP | |
|
27 | 40 | | 4242422575 | dn42: https://lg.androw.dn42 <br> ext: https://lg.androw.eu/ | UP | |
28 | 41 | | 4242422601 | dn42: http://lg.burble.dn42 <br> ext: https://lg.burble.com/ | UP | |
42 | +| 4242422633 | dn42: http://lg.eb.dn42/ <br> ext: https://lg.eastbnd.com/ | UP | |
|
29 | 43 | | 4242422700 | dn42: http://lg.gotroot.dn42 <br> ext: http://dn42.gotroot.ca/ | UP | |
30 | 44 | | 4242422904 | ext: https://lg.doxz.net/ | UP | |
31 | -| 4242423905 | ext: https://dn42-svc.weiti.org/ulg/ <br> dn42: https://lg.weiti.dn42/ | UP | |
|
32 | -| 4242423088 | ext: https://lg.dn42.6700.cc <br> dn42: http://lg.sun.dn42/ | UP | |
|
33 | -| 4242421722 | ext: https://lg42.tchekda.fr <br> dn42: http://lg42.tchekda.dn42/ | UP | |
|
34 | -| 4242422237 | ext: https://lg.dn42.munsternet.eu | UP | |
|
35 | -| 4242420181 | ext: https://lg.dn42.miegl.cz <br> dn42: http://lg.mgl.dn42 | UP | |
|
36 | -| 4242421331<br>4242421332<br>207268 | ext: https://lg.strexp.net <br> dn42: http://lg.nia.dn42 | UP | |
|
37 | -| 4242422189 | dn42: http://lg.iedon.dn42 | UP | |
|
38 | -| 4242422341 | ext: https://lg.dn42.zotan.network <br> dn42: https://lg.zotan.dn42 | UP | |
|
39 | -| 4242422428 | ext: https://lg.0l.de <br> IPv4 and IPv6 | UP | |
|
40 | 45 | | 4242423078 | ext: https://lg.hexanet.dev <br> dn42: http://lg.hex.dn42 <br> Interactive (traceroute, BGP-map) <br> IPv6 only | UP | |
41 | 46 | | 4242421224 | dn42: http://lg.bit.dn42 | UP | |
42 | - |
|
47 | +| 4242423315 | ext: http://lg.unknownts.tk <br> dn42: http://unknownts.dn42 | UP | |
|
48 | +| 4242423088 | ext: https://lg.dn42.6700.cc <br> dn42: http://lg.sun.dn42/ | UP | |
|
49 | +| 4242423735 | ext: https://lg.dn42.cperrin.xyz <br> dn42: http://lg.cperrin.dn42 | UP | |
|
50 | +| 4242423905 | ext: https://dn42-svc.weiti.org/ulg/ <br> dn42: https://lg.weiti.dn42/ | UP | |
|
51 | +| 4242420197 | ext: https://lg.n0emis.eu <br> dn42: https://lg.n0emis.dn42 (soon) | UP | |
|
43 | 52 | |
44 | 53 | ## Down |
45 | 54 | |
... | ... | @@ -48,9 +57,6 @@ These looking glasses were added to the table at some point, but now seem to be |
48 | 57 | |
49 | 58 | | AS | URL | Status | |
50 | 59 | |:-- |:--- |:------ | |
51 | -| 4242423973 | dn42: http://lg.technopoint.dn42 <br> (traceroute, BGP-map) IPv4 only. | DOWN | |
|
52 | -| 4242422016 | ext: https://dn42.sidereal.ca <br> dn42: https://lg.sidereal.dn42 | DOWN | |
|
53 | -| 4242423993 | ext: https://lg.2f30.org/ <br> IPv4 only. | DOWN | |
|
54 | 60 | | 64719 | ext: https://lg.dn42.lutoma.org/ <br> dn42: https://lg.lutoma.dn42/ | DOWN | |
55 | 61 | | 76103 | ext: http://lg.nixnodes.net <br> dn42: http://lg.nixnodes.dn42 <br> IPv4 only. | DOWN | |
56 | 62 | | 64835 | ext: http://lg.nordkapp-5.dn42 <br> dn42: http://172.22.235.4 | DOWN | |
... | ... | @@ -65,8 +71,12 @@ These looking glasses were added to the table at some point, but now seem to be |
65 | 71 | | 4242420812 | dn42: https://lg.jan.dn42 <br> Interactive (traceroute, BGP-map) | DOWN | |
66 | 72 | | 4242421092 | dn42: http://lg.erg.dn42 <br> Interactive (traceroute, BGP-map) | DOWN | |
67 | 73 | | 4242421166 | dn42: http://lg.alcatrash.dn42/ | DOWN | |
74 | +| 4242421231 | dn42: http://lg.caesia.dn42 <br> ext: https://lg.caesia.net | UP | |
|
75 | +| 4242422016 | ext: https://dn42.sidereal.ca <br> dn42: https://lg.sidereal.dn42 | DOWN | |
|
68 | 76 | | 4242422342 | dn42: http://lg.gbe.dn42 <br> Semi-interactive (no traceroute, no ping) | DOWN | |
69 | 77 | | 4242422506 | dn42: http://www.as4242422506.dn42/ | DOWN | |
70 | 78 | | 4242423827 | ext: https://sky.nullroute.eu.org/dn42/lg/ <br> dn42: http://lg.nullroute.dn42 | DOWN | |
71 | 79 | | 4242423905 | ext: http://zeus.nowhere.ws/dn42/routes.cgi <br> dn42: http://zeus.nihilus.dn42/dn42/routes.cgi <br> Non-interactive (route listing only). | DOWN | |
72 | -| 4242423955 | dn42: http://lg.flo.dn42 | DOWN | |
|
... | ... | \ No newline at end of file |
0 | +| 4242423955 | dn42: http://lg.flo.dn42 | DOWN | |
|
1 | +| 4242423973 | dn42: http://lg.technopoint.dn42 <br> (traceroute, BGP-map) IPv4 only. | DOWN | |
|
2 | +| 4242423993 | ext: https://lg.2f30.org/ <br> IPv4 only. | DOWN | |
services/Route-Collector.md
... | ... | @@ -0,0 +1,127 @@ |
1 | +# Global Route Collector |
|
2 | + |
|
3 | +The Global Route Collector (GRC) provides a real time view of routing and peering across DN42 and can be used to generate maps, stats or just query how routes are being propagated across the network. |
|
4 | + |
|
5 | +Technically the GRC is a [bird](https://bird.network.cz/) instance that anyone can peer with, it imports all routes whilst exporting none and provides a number of interfaces for querying the route data. |
|
6 | + |
|
7 | +Data from the GRC is used to generate some of the DN42 Maps (see the [[Internal Services|/internal/Internal-Services]] page). |
|
8 | + |
|
9 | +## Peering with the collector |
|
10 | + |
|
11 | +The collector uses the dynamic peering capability in Bird2 to allow anyone to peer with it without any new server side configuration being required. The collector relies on users peering with it across the network so the more peers the better and the more comprehensive the collector data will be. |
|
12 | + |
|
13 | +||Details| |
|
14 | +|:--|:--| |
|
15 | +| ASN | AS4242422602 | |
|
16 | +| Hostname | collector.dn42 | |
|
17 | +| IPv4 Address | 172.20.129.4 | |
|
18 | +| IPv6 Address | fd42:4242:2601:ac12::1 | |
|
19 | + |
|
20 | +### BGP Configuration |
|
21 | + |
|
22 | + - Unlike normal DN42 peerings, you must enable multihop to peer with the collector |
|
23 | + - The collector supports Multiprotocol BGP, so you don't need to configure separate IPv4 and IPv6 sessions |
|
24 | + - Please enable the Add Paths BGP extension to export all available routes |
|
25 | + |
|
26 | +Example bird2 config: |
|
27 | + |
|
28 | +```text |
|
29 | +protocol bgp ROUTE_COLLECTOR |
|
30 | +{ |
|
31 | + local as ***YOUR_ASN***; |
|
32 | + neighbor fd42:4242:2601:ac12::1 as 4242422602; |
|
33 | + |
|
34 | + # enable multihop as the collector is not locally connected |
|
35 | + multihop; |
|
36 | + |
|
37 | + ipv4 { |
|
38 | + # export all available paths to the collector |
|
39 | + add paths tx; |
|
40 | + |
|
41 | + # import/export filters |
|
42 | + import none; |
|
43 | + export filter { |
|
44 | + # export all valid routes |
|
45 | + if ( is_valid_network() && source ~ [ RTS_STATIC, RTS_BGP ] ) |
|
46 | + then { |
|
47 | + accept; |
|
48 | + } |
|
49 | + reject; |
|
50 | + }; |
|
51 | + }; |
|
52 | + |
|
53 | + ipv6 { |
|
54 | + # export all available paths to the collector |
|
55 | + add paths tx; |
|
56 | + |
|
57 | + # import/export filters |
|
58 | + import none; |
|
59 | + export filter { |
|
60 | + # export all valid routes |
|
61 | + if ( is_valid_network_v6() && source ~ [ RTS_STATIC, RTS_BGP ] ) |
|
62 | + then { |
|
63 | + accept; |
|
64 | + } |
|
65 | + reject; |
|
66 | + }; |
|
67 | + }; |
|
68 | +} |
|
69 | +``` |
|
70 | + |
|
71 | + |
|
72 | +## Querying the collector |
|
73 | + |
|
74 | +### Looking Glass |
|
75 | + |
|
76 | +The collector runs a looking glass based on [bird-lg-go](https://github.com/xddxdd/bird-lg-go). |
|
77 | + |
|
78 | + - [https://lg.collector.dn42/](https://lg.collector.dn42/) |
|
79 | + |
|
80 | +### MRT Dumps |
|
81 | + |
|
82 | +[MRT Dumps](https://tools.ietf.org/html/rfc6396) are produced by the collector every 10 minutes. Bird produces MRT dumps corresponding to tables, so two separate dumps are created, one for IPv4 (master4) and one for IPv6 (master6). The 10 minutes dumps are available for one week before being reduced down to one a day. |
|
83 | + |
|
84 | + - [https://mrt.collector.dn42](https://mrt.collector.dn42) |
|
85 | + |
|
86 | +The latest dumps can always be found at the following URLs: |
|
87 | + |
|
88 | + - [https://mrt.collector.dn42/master4_latest.mrt.bz2](https://mrt.collector.dn42/master4_latest.mrt.bz2) |
|
89 | + - [https://mrt.collector.dn42/master6_latest.mrt.bz2](https://mrt.collector.dn42/master6_latest.mrt.bz2) |
|
90 | + |
|
91 | +### Prometheus Metrics |
|
92 | + |
|
93 | +The collector runs [bird_exporter](https://github.com/czerwonk/bird_exporter) and prometheus style metrics are available at the following URL: |
|
94 | + |
|
95 | + - [http://collector.dn42:9324/metrics](http://collector.dn42:9324/metrics) |
|
96 | + |
|
97 | +### SSH Interface |
|
98 | + |
|
99 | +The collector bird instance can be queried directly using a birdc shell. |
|
100 | + |
|
101 | + - ssh [email protected] |
|
102 | + |
|
103 | +```sh |
|
104 | +$ ssh [email protected] |
|
105 | +------------------------------------ |
|
106 | +* DN42 Global Route Collector * |
|
107 | +------------------------------------ |
|
108 | +* http://collector.dn42/ |
|
109 | + |
|
110 | +This service provides a bird2 shell |
|
111 | +for querying the route collector |
|
112 | + |
|
113 | +Be nice, access is logged and |
|
114 | +abuse will not be tolerated |
|
115 | +------------------------------------ |
|
116 | +BIRD burble-2.0.8-210322-1-ge6133456 ready. |
|
117 | +Access restricted |
|
118 | +bird> show route count |
|
119 | +bird> 297441 of 297441 routes for 502 networks in table master4 |
|
120 | +286007 of 286007 routes for 427 networks in table master6 |
|
121 | +1437 of 1437 routes for 1437 networks in table dn42_roa4 |
|
122 | +1231 of 1231 routes for 1231 networks in table dn42_roa6 |
|
123 | +Total: 586116 of 586116 routes for 3597 networks in 4 tables |
|
124 | +bird> |
|
125 | + |
|
126 | +``` |
|
127 | + |
services/Whois.md
... | ... | @@ -62,7 +62,7 @@ See the page on [Registry Authentication](howto/Registry-Authentication) |
62 | 62 | # DNS interface |
63 | 63 | |
64 | 64 | There is also a DNS-based interface to query AS information from the registry. The DNS zone is `asn.dn42`. |
65 | -A mirror is hosted at `asn.grmml.dn42`. |
|
65 | +Mirrors are hosted at `asn.grmml.dn42` and `asn.lorkep.dn42`. |
|
66 | 66 | |
67 | 67 | Example: |
68 | 68 |
services/dns/Configuration.md
... | ... | @@ -47,7 +47,7 @@ zone "23.172.in-addr.arpa" { |
47 | 47 | zone "d.f.ip6.arpa" { |
48 | 48 | type forward; |
49 | 49 | forwarders { 172.20.0.53; fd42:d42:d42:54::1; }; |
50 | -} |
|
50 | +}; |
|
51 | 51 | ``` |
52 | 52 | |
53 | 53 | **Note**: With DNSSEC enabled, bind might refuse to accept query results from the dn42 zone: `validating dn42/SOA: got insecure response; parent indicates it should be secure`. |
... | ... | @@ -92,7 +92,7 @@ Add this to /etc/powerdns/recursor.conf (at least in Debian and CentOS), the **f |
92 | 92 | |
93 | 93 | ``` |
94 | 94 | dont-query=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, ::1/128, fe80::/10 |
95 | -forward-zones-recurse=dn42=172.20.0.53,hack=172.20.0.53,ffhh=172.20.0.53,ffac=172.20.0.53,020=172.20.0.53,adm=172.20.0.53,ffa=172.20.0.53,ffhb=172.20.0.53,ffc=172.20.0.53,ffda=172.20.0.53,ffdh=172.20.0.53,ff3l=172.20.0.53,fffl=172.20.0.53,ffffm=172.20.0.53,fffr=172.20.0.53,fffd=172.20.0.53,ffgl=172.20.0.53,fflln=172.20.0.53,ffbcd=172.20.0.53,ffbgl=172.20.0.53,ffgoe=172.20.0.53,ffgt=172.20.0.53,ffh=172.20.0.53,helgo=172.20.0.53,ffhef=172.20.0.53,ffj=172.20.0.53,ffka=172.20.0.53,ffki=172.20.0.53,ffhl=172.20.0.53,fflux=172.20.0.53,ffms=172.20.0.53,mueritz=172.20.0.53,ffnord=172.20.0.53,ffnw=172.20.0.53,ffoh=172.20.0.53,ffpb=172.20.0.53,ffpi=172.20.0.53,ffrade=172.20.0.53,ffrgb=172.20.0.53,ffrg=172.20.0.53,rzl=172.20.0.53,ffsaar=172.20.0.53,fftr=172.20.0.53,fftdf=172.20.0.53,ffwk=172.20.0.53,ffgro=172.20.0.53,ffwk=172.20.0.53,ffwp=172.20.0.53,ffw=172.20.0.53,20.172.in-addr.arpa=172.20.0.53,22.172.in-addr.arpa=172.20.0.53,23.172.in-addr.arpa=172.20.0.53,31.172.in-addr.arpa=172.20.0.53,c.f.ip6.arpa=172.20.0.53 |
|
95 | +forward-zones-recurse=dn42=172.20.0.53,hack=172.20.0.53,ffhh=172.20.0.53,ffac=172.20.0.53,020=172.20.0.53,adm=172.20.0.53,ffa=172.20.0.53,ffhb=172.20.0.53,ffc=172.20.0.53,ffda=172.20.0.53,ffdh=172.20.0.53,ff3l=172.20.0.53,fffl=172.20.0.53,ffffm=172.20.0.53,fffr=172.20.0.53,fffd=172.20.0.53,ffgl=172.20.0.53,fflln=172.20.0.53,ffbcd=172.20.0.53,ffbgl=172.20.0.53,ffgoe=172.20.0.53,ffgt=172.20.0.53,ffh=172.20.0.53,helgo=172.20.0.53,ffhef=172.20.0.53,ffj=172.20.0.53,ffka=172.20.0.53,ffki=172.20.0.53,ffhl=172.20.0.53,fflux=172.20.0.53,ffms=172.20.0.53,mueritz=172.20.0.53,ffnord=172.20.0.53,ffnw=172.20.0.53,ffoh=172.20.0.53,ffpb=172.20.0.53,ffpi=172.20.0.53,ffrade=172.20.0.53,ffrgb=172.20.0.53,ffrg=172.20.0.53,rzl=172.20.0.53,ffsaar=172.20.0.53,fftr=172.20.0.53,fftdf=172.20.0.53,ffwk=172.20.0.53,ffgro=172.20.0.53,ffwk=172.20.0.53,ffwp=172.20.0.53,ffw=172.20.0.53,20.172.in-addr.arpa=172.20.0.53,21.172.in-addr.arpa=172.20.0.53,22.172.in-addr.arpa=172.20.0.53,23.172.in-addr.arpa=172.20.0.53,31.172.in-addr.arpa=172.20.0.53,c.f.ip6.arpa=172.20.0.53 |
|
96 | 96 | ``` |
97 | 97 | |
98 | 98 | ## MaraDNS |