Home.md
... ...
@@ -0,0 +1,83 @@
1
+## About dn42
2
+
3
+dn42 is a big dynamic [VPN](http://en.wikipedia.org/wiki/Virtual_private_network), which employs Internet technologies ([BGP](http://en.wikipedia.org/wiki/Bgp), whois database, [DNS](http://en.wikipedia.org/wiki/Domain_Name_System), etc). Participants connect to each other using network tunnels ([GRE](/howto/GRE-on-FreeBSD), [OpenVPN](/howto/openvpn), [Tinc](/howto/tinc), [IPsec](/howto/IPsec-with-PublicKeys)) and exchange routes thanks to the Border Gateway Protocol. Network addresses are assigned in the `172.20.0.0/14` range and private AS numbers are used (see [registry](/services/Whois)) as well as IPv6 addresses from the ULA-Range (`fd00::/8`) - see [FAQ](https://internal.dn42/FAQ#frequently-asked-questions_what-about-ipv6-in-dn42).
4
+
5
+A number of services are provided on the network: see [internal](http://wiki.dn42/internal/Internal-Services) (only available from within dn42). Also, dn42 is interconnected with other networks, such as [ChaosVPN](http://wiki.hamburg.ccc.de/ChaosVPN) or some [Freifunk](http://en.wikipedia.org/wiki/Freifunk) networks.
6
+
7
+Still have questions? We have [[FAQs|FAQ]] listed.
8
+
9
+## Why dn42?
10
+
11
+dn42 can be used to learn networking and to connect private networks, such as hackerspaces or community networks. But above all, experimenting with routing in dn42 is fun!
12
+
13
+### Experiment with routing technology
14
+
15
+Participating in dn42 is primarily useful for learning routing technologies such as BGP, using a reasonably large network (> 1500 AS, > 1700 prefixes).
16
+
17
+Since dn42 is very similar to the Internet, it can be used as a hands-on testing ground for new ideas, or simply to learn real networking stuff that you probably can't do on the Internet (BGP multihoming, transit). The biggest advantage when compared to the Internet: if you break something in the network, you won't have any big network operator yelling angrily at you.
18
+
19
+### Connect hackerspaces
20
+
21
+dn42 is also a great way to connect hacker spaces in a secure way, so that they can provide services to each other.
22
+
23
+Have you ever wanted to SSH on your Raspberry Pi hosted at your local hacker space and had trouble doing so because of NAT? If your hacker space was using dn42, it could have been much easier.
24
+
25
+Nowadays, most end-user networks use [NAT](http://en.wikipedia.org/wiki/Network_address_translation) to squeeze all those nifty computing devices behind a single public IPv4 address. This makes it difficult to provide services directly from a machine behind the NAT. Besides, you might want to provide some services to other hackerspaces, but not to anybody on the Internet.
26
+
27
+dn42 solves this problem. By addressing your network in dn42, your devices can communicate with all other participants in a transparent way, without resorting to this ugly thing called NAT. Of course, this doesn't mean that you have to fully open your network to dn42: similarly to IPv6, you can still use a firewall (but you could, for instance, allow incoming TCP 22 and TCP 80 from dn42 by default).
28
+
29
+If your hackerspace is actually using dn42 to provide some services, please let us know! (on this wiki or on the mailing list). It's very rewarding when the network is actually used for something :)
30
+
31
+## Join or Contact us
32
+
33
+dn42 is operated by a group of volunteers. There is no central authority which controls or impersonates the network. Take a look at the [[contact]] page to see how to collaborate or contact us.
34
+
35
+The [[Getting started|howto/Getting-Started]] page helps you to get your first node inside the network.
36
+
37
+## External resources about dn42
38
+
39
+ * [Wikipedia about dn42](http://en.wikipedia.org/wiki/Decentralized_network_42)
40
+ * [Lecture on 26c3](http://events.ccc.de/congress/2009/Fahrplan/events/3504.en.html)
41
+ * [Lecture on GPN8](http://entropia.de/wiki/GPN8:dn42)
42
+ * [soup.io group](http://dn42.soup.io/)
43
+ * [nobody about dn42](http://nowhere.ws/guides/dn42/)
44
+ * [Lecture on mrmcd0x8](http://web.archive.org/web/20090831211324/http://mrmcd0x8.metarheinmain.de/fahrplan/events/3321.de.html)
45
+ * [dn42-category in hackerspaces.org wiki](https://hackerspaces.org/wiki/Category:DN42)
46
+ * [pentaradio24 – german podcast](https://www.c3d2.de/news/pentaradio24-20150428.html)
47
+ * [dn42 in your browser](http://freerouter.nop.hu/online.html)
48
+
49
+## Participant Groups
50
+
51
+* [SpaceBoyz](http://spaceboyz.net)
52
+* [CCC Aachen](https://aachen.ccc.de)
53
+* [CCC Bremen](http://ccchb.de)
54
+* [CCC Darmstadt](http://darmstadt.ccc.de)
55
+* [CCC Dresden](http://c3d2.de)
56
+* [CCC Düsseldorf](https://www.chaosdorf.de)
57
+* [CCC Munich](https://www.muc.ccc.de)
58
+* [Chaostreff Chemnitz](https://chaoschemnitz.de)
59
+* [/dev/nulll](https://dev.0l.de)
60
+* [freifunk](http://freifunk.net)
61
+* [NoName e.V. Heidelberg](https://www.noname-ev.de)
62
+* [raumzeitlabor/hackerspace rhein-neckar](http://www.raumzeitlabor.de)
63
+* [Cyberpipe](https://www.kiberpipa.org)
64
+* [Hackerspace Brussels (HSB)](http://hackerspace.be)
65
+* [[hsmr] / Hackspace Marburg](https://hsmr.cc)
66
+* [Whitespace (0x20)](http://www.0x20.be)
67
+* [Revelation Space](http://www.revspace.nl)
68
+* [SNE group](https://www.os3.nl)
69
+* [smrsh](http://www.smrsh.net)
70
+* [Hackspace Jena e.V.](https://kraut.space)
71
+* [breizh-entropy](http://breizh-entropy.dn42)
72
+* [Fédération FDN](https://www.ffdn.org)
73
+* [Le LOOP](https://leloop.org/)
74
+* [Hackerspace Bielefeld](https://hackerspace-bielefeld.de)
75
+* [NixNodes](https://nixnodes.net)
76
+
77
+## About this wiki
78
+
79
+This wiki is the main reference about dn42. It is available in read-only mode [from the Internet](https://dn42.net), [tor](http://jsptropkiix3ki5u.onion) and [i2p](http://beb6v2i4jevo72vvnx6segsk4zv3pu3prbwcfuta3bzrcv7boy2q.b32.i2p/) and for editing from within dn42, at [https://wiki.dn42](https://wiki.dn42) - [https](services/Certificate-Authority) required for editing.
80
+
81
+#### DN42 Logo
82
+
83
+An svg of the DN42 Logo is available [here](/dn42.svg).
ROA-slash-RPKI.md
... ...
@@ -1,62 +0,0 @@
1
-[[_TOC_]]
2
-
3
-
4
-## What is ROA?
5
-
6
-A Route Origination Authorization details which AS is authorised to advertise which originating IP prefixes. A ROA may also include prefix length information.
7
-
8
-## What is RPKI?
9
-
10
-Resource Public Key Infrastructure is basically a framework for securing the routing infrastructure.
11
-It provides a way to connect number resource information to a trust anchor.
12
-
13
-## What is RTR?
14
-
15
-The Resource Public Key Infrastructure (RPKI) to Router Protocol provides a way for a router to access RPKI validation information.
16
-It provides the router with validity information regarding prefix origination:
17
-
18
-* VALID
19
- The route announcement is covered by a ROA and the announcing AS is validated
20
-* INVALID
21
- The route announcement is covered by a ROA and the announcing AS is invalid (possibly hijacking)
22
-* UNKNOWN
23
- There exists no ROA for the route announcement
24
-
25
-## How can I implement ROA on dn42?
26
-
27
-On dn42 we generate ROA information from the dn42 registry.
28
-ROA json/bird files can be generated using [dn42regsrv](https://git.dn42.us/burble/dn42regsrv).
29
-It is also possible to integrate this with a RTR cache server such as [gortr](https://github.com/cloudflare/gortr).
30
-
31
-### dn42regsrv
32
-
33
-You can find a hosted example of dn42regsrv at https://explorer.burble.com/
34
-
35
-Instructions on how to host dn42regsrv yourself can be found on the git repo of [dn42regsrv](https://git.dn42.us/burble/dn42regsrv).
36
-
37
-You can also run dn42regsrv via docker (then available at 127.0.0.1:8042):
38
-
39
- git checkout https://git.dn42.us/burble/dn42regsrv.git .
40
- cd contrib/docker
41
- ./build.sh
42
- docker-compose up -d
43
-
44
-Documentation for the api endpoints can be found here: https://git.dn42.us/burble/dn42regsrv/src/master/API.md
45
-
46
-### gortr
47
-
48
-burble kindly provides ready-to-use files for gortr here:
49
-
50
-https://dn42.burble.com/roa/dn42_roa_46.json
51
-
52
-You can use these to simply run gortr via docker:
53
-
54
- docker run -ti -p 8082:8082 cloudflare/gortr -cache https://dn42.burble.com/roa/dn42_roa_46.json -verify=false -checktime=false -bind :8082
55
-
56
-### This is all to complicated, is there an easy all-in-one package for RTR?
57
-
58
-TODO: Publish docker-compose-yml to git for gortr+dn42regsrv
59
-
60
-### How do I integrate RTR with my BGP implementation
61
-
62
-You have to consult the documentation of your implementation for that. We will provide configuration examples on the specific pages.
... ...
\ No newline at end of file
Static-routes-on-Windows.md
... ...
@@ -1,63 +0,0 @@
1
-Modern versions of Windows do not support OSPF and manually adding static routes every time after a reboot is annoying. Below is a batch script you can edit and run to help make adding routes easier. This script assumes that your BGP router and Windows computer are on the same LAN.
2
-
3
-```
4
-@echo off
5
-REM fill in YOUR network information
6
-REM right click and RUN AS ADMIN
7
-
8
-REM our entire private network address space
9
-set networkv4=172.20.0.0
10
-set networkv4mask=255.252.0.0
11
-set networkv6=fd00::/8
12
-
13
-REM our IPv4 subnet info
14
-set subnetv4=172.20.184.240
15
-set subnetv4mask=255.255.255.248
16
-set gateway4=172.20.184.241
17
-
18
-REM our IPv6 subnet info
19
-set subnetv6=fd43:6d1:3ee2::/48
20
-set gateway6=fd43:6d1:3ee2:1000::1
21
-
22
-REM our address for this machine
23
-set yournetaddr=172.20.184.242
24
-set yournetaddr6=fd43:6d1:3ee2:1000::2/128
25
-
26
-REM add IPs
27
-REM if different change wlan0 to YOUR interface name
28
-REM first line here is for my LAN. Ignore it.
29
-netsh interface ipv4 add address "wlan0" 192.168.2.254 255.255.255.0
30
-netsh interface ipv4 add address "wlan0" %yournetaddr% %subnetv4mask%
31
-netsh interface ipv6 add address "wlan0" %yournetaddr6%
32
-
33
-REM add IPv4 routes
34
-route -4 add %subnetv4% mask %subnetv4mask% %gateway4%
35
-route -4 add %networkv4% mask %networkv4mask% %gateway4%
36
-
37
-REM add IPv6 routes
38
-route -6 add %gateway6% ::
39
-route -6 add %subnetv6% %gateway6%
40
-REM this last route wasn't working without manually filling in the info.
41
-REM I don't know why.. Broken line commented out.
42
-REM route -6 add %networkv6% %gateway6%
43
-route -6 add fd00::/8 fd43:6d1:3ee2:1000::1
44
-
45
-echo Press enter to check your IPv4 routing table
46
-echo Do not forget to add static routes to this computer on your BGP router!
47
-echo Example: "root@router:~# ip route add 172.20.184.242 dev wlan0"
48
-echo Example: "root@router:~# ip route add fd43:6d1:3ee2:1000::2/128 dev wlan0"
49
-pause
50
-cls
51
-route -4 print
52
-echo Press enter to check your IPv6 routing table
53
-pause
54
-cls
55
-route -6 print
56
-echo Press enter to try to ping gateway
57
-pause
58
-cls
59
-ping %gateway4%
60
-pause
61
-ping %gateway6%
62
-pause
63
-```
... ...
\ No newline at end of file
_Sidebar.md
... ...
@@ -1,40 +1,39 @@
1 1
<div class='toc-title'>Site Links</div>
2 2
3 3
* [[Home]]
4
- * [[Getting started]]
5
- * [[Registry Authentication]]
6
- * [[Address Space]]
7
- * [[FAQ]]
4
+ * [[Getting Started|howto/Getting-Started]]
5
+ * [[Registry Authentication|howto/Registry-Authentication]]
6
+ * [[Address Space|howto/Address-Space]]
7
+ * [[FAQ|/FAQ]]
8 8
9
-* [[How-to|/pages/howto/]]
10
- * [[Wireguard|wireguard]]
11
- * [[Openvpn|openvpn]]
12
- * [[IPsec With Public Keys|IPsec with PublicKeys]]
13
- * [[Tinc|tinc]]
14
- * [[GRE on FreeBSD|gre-on-freebsd]]
15
- * [[Bird|Bird]] / [[Bird2|Bird2]]
16
- * [[Quagga|Quagga]]
17
- * [[OpenBGPD|OpenBGPD]]
18
- * [[Mikrotik RouterOS|mikrotik]]
19
- * [[EdgeRouter|EdgeOS Config]]
20
- * [[Static routes on Windows]]
21
- * [[Universal Network Requirements|networksettings]]
22
- * [[VyOS|vyos]]
9
+* How-To
10
+ * [[Wireguard|howto/wireguard]]
11
+ * [[Openvpn|howto/openvpn]]
12
+ * [[IPsec With Public Keys|howto/IPsec-with-PublicKeys]]
13
+ * [[Tinc|howto/tinc]]
14
+ * [[GRE on FreeBSD|howto/GRE-on-FreeBSD]]
15
+ * [[Bird|howto/Bird]] / [[Bird2|howto/Bird2]]
16
+ * [[Quagga|howto/Quagga]]
17
+ * [[OpenBGPD|howto/OpenBGPD]]
18
+ * [[Mikrotik RouterOS|howto/mikrotik]]
19
+ * [[EdgeRouter|howto/EdgeOS-Config]]
20
+ * [[Static routes on Windows|howto/Static-routes-on-Windows]]
21
+ * [[Universal Network Requirements|howto/networksettings]]
22
+ * [[VyOS|howto/vyos]]
23 23
24
-* [[Services|/pages/services/]]
25
- * [[IRC]]
26
- * [[Whois registry|Whois]]
27
- * [[DNS]]
28
- * [[Looking Glasses]]
29
- * [[Exchanges]]
30
- * [[Repository Mirrors]]
31
- * [[Distributed Wiki|Distributed-Wiki]]
32
- * [[Certificate Authority|Certificate-Authority]]
24
+* Services
25
+ * [[IRC|services/IRC]]
26
+ * [[Whois registry|services/Whois]]
27
+ * [[DNS|services/DNS]]
28
+ * [[Looking Glasses|services/Looking-Glasses]]
29
+ * [[Repository Mirrors|services/Repository-Mirrors]]
30
+ * [[Distributed Wiki|services/Distributed-Wiki]]
31
+ * [[Certificate Authority|services/Certificate-Authority]]
33 32
34
-* [[Internal|/pages/internal/]]
35
- * [[Internal services|Internal-services]]
36
- * [[APIs|APIs]]
37
- * [[Historical services|Historical-Services]]
33
+* Internal
34
+ * [[Internal services|internal/Internal-Services]]
35
+ * [[APIs|internal/APIs]]
36
+ * [[Historical services|internal/Historical-Services]]
38 37
39 38
* External Tools
40 39
* [[Paste Board|https://paste.dn42.us]]
custom.css
... ...
@@ -1,21 +1,53 @@
1
-#sidebar-content {
2
- padding: 0 !important;
3
-}
4 1
5 2
#sidebar-content ul {
6
- margin: 0 !important;
3
+ margin: 0 !important;
4
+}
5
+
6
+#sidebar-content li+li {
7
+ margin: 0;
8
+}
9
+
10
+#sidebar-content .markdown-body {
11
+ padding: 0 !important;
7 12
}
8 13
9 14
#wiki-body .markdown-body {
10
- padding: 0 !important;
15
+ padding: 0 !important;
16
+}
17
+
18
+.Box {
19
+ background-color: #f7f7f7;
20
+ -webkit-border-radius: 0.5em;
21
+ border-radius: 0.5em;
22
+ border: 1px solid #ddd;
23
+}
24
+
25
+.toc {
26
+ background-color: #f7f7f7;
27
+}
28
+
29
+#sidebar-content {
30
+ padding: 7px !important;
31
+}
32
+
33
+#wiki-sidebar .Box {
34
+ margin-left: 3%;
35
+}
36
+
37
+#footer-content {
38
+ margin-top: 1.5em;
39
+}
40
+
41
+#wiki-header #header-content {
42
+ background-color: #f7f7f7;
43
+ -webkit-border-radius: 0.5em;
44
+ border-radius: 0.5em;
45
+ border: 1px solid #ddd;
46
+ margin-bottom: 1.5em;
11 47
}
12 48
13
-@media all and (max-width: 600px) {
14
- #wiki-sidebar, #wiki-body, #wiki-footer,
15
- .has-sidebar #wiki-body,
16
- .has-sidebar #wiki-sidebar,
17
- .has-sidebar #wiki-footer { clear:both; width:initial; float:none; }
18
- #wiki-body { margin-right: 0; }
19
- #wiki-content { margin: 0 10pt}
49
+#header-content img {
50
+ background-color: #f7f7f7;
51
+ padding: 5px;
20 52
}
21 53
home.md
... ...
@@ -1,83 +0,0 @@
1
-## About dn42
2
-
3
-dn42 is a big dynamic [VPN](http://en.wikipedia.org/wiki/Virtual_private_network), which employs Internet technologies ([BGP](http://en.wikipedia.org/wiki/Bgp), whois database, [DNS](http://en.wikipedia.org/wiki/Domain_Name_System), etc). Participants connect to each other using network tunnels ([GRE](/howto/GRE-on-FreeBSD), [OpenVPN](/howto/openvpn), [Tinc](/howto/tinc), [IPsec](/howto/IPsec-with-PublicKeys)) and exchange routes thanks to the Border Gateway Protocol. Network addresses are assigned in the `172.20.0.0/14` range and private AS numbers are used (see [registry](/services/Whois)) as well as IPv6 addresses from the ULA-Range (`fd00::/8`) - see [FAQ](https://internal.dn42/FAQ#frequently-asked-questions_what-about-ipv6-in-dn42).
4
-
5
-A number of services are provided on the network: see [internal](http://wiki.dn42/internal/Internal-Services) (only available from within dn42). Also, dn42 is interconnected with other networks, such as [ChaosVPN](http://wiki.hamburg.ccc.de/ChaosVPN) or some [Freifunk](http://en.wikipedia.org/wiki/Freifunk) networks.
6
-
7
-Still have questions? We have [[FAQs|FAQ]] listed.
8
-
9
-## Why dn42?
10
-
11
-dn42 can be used to learn networking and to connect private networks, such as hackerspaces or community networks. But above all, experimenting with routing in dn42 is fun!
12
-
13
-### Experiment with routing technology
14
-
15
-Participating in dn42 is primarily useful for learning routing technologies such as BGP, using a reasonably large network (> 1500 AS, > 1700 prefixes).
16
-
17
-Since dn42 is very similar to the Internet, it can be used as a hands-on testing ground for new ideas, or simply to learn real networking stuff that you probably can't do on the Internet (BGP multihoming, transit). The biggest advantage when compared to the Internet: if you break something in the network, you won't have any big network operator yelling angrily at you.
18
-
19
-### Connect hackerspaces
20
-
21
-dn42 is also a great way to connect hacker spaces in a secure way, so that they can provide services to each other.
22
-
23
-Have you ever wanted to SSH on your Raspberry Pi hosted at your local hacker space and had trouble doing so because of NAT? If your hacker space was using dn42, it could have been much easier.
24
-
25
-Nowadays, most end-user networks use [NAT](http://en.wikipedia.org/wiki/Network_address_translation) to squeeze all those nifty computing devices behind a single public IPv4 address. This makes it difficult to provide services directly from a machine behind the NAT. Besides, you might want to provide some services to other hackerspaces, but not to anybody on the Internet.
26
-
27
-dn42 solves this problem. By addressing your network in dn42, your devices can communicate with all other participants in a transparent way, without resorting to this ugly thing called NAT. Of course, this doesn't mean that you have to fully open your network to dn42: similarly to IPv6, you can still use a firewall (but you could, for instance, allow incoming TCP 22 and TCP 80 from dn42 by default).
28
-
29
-If your hackerspace is actually using dn42 to provide some services, please let us know! (on this wiki or on the mailing list). It's very rewarding when the network is actually used for something :)
30
-
31
-## Join or Contact us
32
-
33
-dn42 is operated by a group of volunteers. There is no central authority which controls or impersonates the network. Take a look at the [[contact]] page to see how to collaborate or contact us.
34
-
35
-The [[Getting started]] page helps you to get your first node inside the network.
36
-
37
-## External resources about dn42
38
-
39
- * [Wikipedia about dn42](http://en.wikipedia.org/wiki/Decentralized_network_42)
40
- * [Lecture on 26c3](http://events.ccc.de/congress/2009/Fahrplan/events/3504.en.html)
41
- * [Lecture on GPN8](http://entropia.de/wiki/GPN8:dn42)
42
- * [soup.io group](http://dn42.soup.io/)
43
- * [nobody about dn42](http://nowhere.ws/guides/dn42/)
44
- * [Lecture on mrmcd0x8](http://web.archive.org/web/20090831211324/http://mrmcd0x8.metarheinmain.de/fahrplan/events/3321.de.html)
45
- * [dn42-category in hackerspaces.org wiki](https://hackerspaces.org/wiki/Category:DN42)
46
- * [pentaradio24 – german podcast](https://www.c3d2.de/news/pentaradio24-20150428.html)
47
- * [dn42 in your browser](http://freerouter.nop.hu/online.html)
48
-
49
-## Participant Groups
50
-
51
-* [SpaceBoyz](http://spaceboyz.net)
52
-* [CCC Aachen](https://aachen.ccc.de)
53
-* [CCC Bremen](http://ccchb.de)
54
-* [CCC Darmstadt](http://darmstadt.ccc.de)
55
-* [CCC Dresden](http://c3d2.de)
56
-* [CCC Düsseldorf](https://www.chaosdorf.de)
57
-* [CCC Munich](https://www.muc.ccc.de)
58
-* [Chaostreff Chemnitz](https://chaoschemnitz.de)
59
-* [/dev/nulll](https://dev.0l.de)
60
-* [freifunk](http://freifunk.net)
61
-* [NoName e.V. Heidelberg](https://www.noname-ev.de)
62
-* [raumzeitlabor/hackerspace rhein-neckar](http://www.raumzeitlabor.de)
63
-* [Cyberpipe](https://www.kiberpipa.org)
64
-* [Hackerspace Brussels (HSB)](http://hackerspace.be)
65
-* [[hsmr] / Hackspace Marburg](https://hsmr.cc)
66
-* [Whitespace (0x20)](http://www.0x20.be)
67
-* [Revelation Space](http://www.revspace.nl)
68
-* [SNE group](https://www.os3.nl)
69
-* [smrsh](http://www.smrsh.net)
70
-* [Hackspace Jena e.V.](https://kraut.space)
71
-* [breizh-entropy](http://breizh-entropy.dn42)
72
-* [Fédération FDN](https://www.ffdn.org)
73
-* [Le LOOP](https://leloop.org/)
74
-* [Hackerspace Bielefeld](https://hackerspace-bielefeld.de)
75
-* [NixNodes](https://nixnodes.net)
76
-
77
-## About this wiki
78
-
79
-This wiki is the main reference about dn42. It is available in read-only mode [from the Internet](https://dn42.net), [tor](http://jsptropkiix3ki5u.onion) and [i2p](http://beb6v2i4jevo72vvnx6segsk4zv3pu3prbwcfuta3bzrcv7boy2q.b32.i2p/) and for editing from within dn42, at [https://wiki.dn42](https://wiki.dn42) - [https](services/Certificate-Authority) required for editing.
80
-
81
-#### DN42 Logo
82
-
83
-An svg of the DN42 Logo is available [here](/dn42.svg).
howto/Getting-Started.md
... ...
@@ -0,0 +1,329 @@
1
+You want to join dn42, but you don't know where to start. This guide gives general guidelines about dn42 and routing in general, but it assumes that you are knowledgeable with routing.
2
+
3
+# Requirements
4
+
5
+- you have at least one router running 24/7. Any Linux or BSD box can be turned into a router. If your home router runs OpenWRT, you might consider using it for dn42.
6
+- your router is able to establish network tunnels over the Internet (Wireguard, GRE, OpenVPN, IPSec, Tinc...). Beware, your network operator might filter this kind of traffic, e.g. in schools or universities.
7
+- you are generally knowledgeable with networking and routing (i.e. you've heard about BGP, IGP, forwarding, and you're willing to configure a BGP router such as Quagga or Bird)
8
+
9
+# Formalities
10
+
11
+Don't worry, it's not as tedious as registering with a RIR ;)
12
+
13
+## Subscribe to the mailing list
14
+
15
+This is important, as it allows to stay up-to-date on best practices, new services, security issues...
16
+
17
+See [Contact](/contact#contact_mailing-list) to subscribe.
18
+
19
+## Fill in the registry
20
+
21
+You must create several objects in the DN42 registry: <https://git.dn42.us/dn42/registry>
22
+
23
+The registry is a git repository, so objects are created by forking the main repository, making your changes and then submitting a pull request for review. See the [git documentation](https://git-scm.com/book/en/v2/Git-Basics-Working-with-Remotes) and guides on [github](https://help.github.com/en/github/using-git) for how to use git to work with remote repositories.
24
+
25
+When submitting your pull request, please squash your commits. It makes the request easier to read and simplifies the change history. See this [StackOverflow question](https://stackoverflow.com/questions/5189560/squash-my-last-x-commits-together-using-git) for a simple guide on how to do this.
26
+
27
+Remember to add authentication to your `mntner` object, and [sign your commit](/howto/Registry-Authentication)
28
+
29
+The registry includes a number of scripts to help check your request:
30
+
31
+ - `fmt-my-stuff <FOO>-MNT`: automatically fixes minor formatting errors
32
+ - `check-my-stuff <FOO>-MNT`: validates your objects against the registry schema
33
+ - `check-pol origin/master <FOO>-MNT`: checks for policy violations
34
+
35
+The registry maintainers run all three scripts against each request, so please run these yourself first to check for simple errors.
36
+
37
+Do browse through the registry and look at the [pull request queue](https://git.dn42.us/dn42/registry/pulls) to see examples, understand how the process works and see the types of questions asked by the registry maintainers.
38
+
39
+*Whilst it is possible to use the web interface to edit files, you are encouraged to clone your repo locally and use the command line git tools. It's easy to do and learning how to use git is a skill worth knowing. Using the web interface creates a large number of commits and prevents you from checking your changes with the registry scripts*
40
+
41
+---
42
+
43
+This example assumes that your name is `<FOO>`, part of an organisation called `<FOO-ORG>` (for instance, your hackerspace). *Organisation objects are not required if your are registering as an individual*. Obviously, these should be replaced by the appropriate values in all examples below.
44
+
45
+We will create several types of objects:
46
+ - **maintainer** objects, which are authenticated so that only you can edit your own objects
47
+ - **person** objects, which describe people or organisations and provide contact information
48
+ - and **resource** objects (AS number, IP subnet, DNS zone, etc).
49
+
50
+All objects are simple text files in the specific subfolders, but the files do have a particular format. The files should use spaces and not tabs, and the attribute values must start on the 20th column.
51
+
52
+### Create a maintainer object
53
+
54
+Create a `mntner` object in `data/mntner/` named `<FOO>-MNT`. It will be used to edit all the objects that are under your responsibility.
55
+
56
+- use `<FOO>-MNT` as `mnt-by`, otherwise, you won't be able to edit your maintainer object.
57
+- Add an 'auth' attribute so that changes to your objects can be verified.
58
+
59
+The `auth` attribute is used to verify changes to your object. There is a separate page on [registry authentication](/howto/Registry-Authentication) which details what to include in your mntner object, how to sign and verify your commits.
60
+
61
+Common authentication methods are:
62
+ - PGP Key: `auth: pgp-fingerprint <pgp-fingerprint>`
63
+ - SSH Key: `auth: ssh-{rsa,ed25519} <key>`
64
+
65
+Example: data/mntner/FOO-MNT
66
+```
67
+mntner: FOO-MNT
68
+admin-c: FOO-DN42
69
+tech-c: FOO-DN42
70
+mnt-by: FOO-MNT
71
+auth: pgp-fingerprint 0123456789ABCDEF0123456789ABCDEF01234567
72
+source: DN42
73
+```
74
+
75
+### Create person objects
76
+
77
+Create a `person` object in `data/person/` for **yourself** (not your organisation/hackerspace/whatever).
78
+
79
+- use something like `<FOO>-DN42` as `nic-hdl`, it should end with `-DN42`.
80
+- the `person` field is more freeform, you may use your nickname or even real name here.
81
+- provide an email.
82
+- you may provide additional ways of contacting you, using one or more `contact` field. For instance `xmpp:[email protected]`, `irc:luke42@hackint`, `twitter: TheGreatLuke`.
83
+- you may wish to add other fields, such as `pgp-fingerprint`, `remarks`, and so on.
84
+- don't forget to set `mnt-by` to `<FOO>-MNT`.
85
+
86
+Example: data/person/FOO-DN42
87
+```
88
+person: John Doe
89
90
+nic-hdl: FOO-DN42
91
+mnt-by: FOO-MNT
92
+source: DN42
93
+```
94
+
95
+---
96
+
97
+*(Optional)*
98
+**Organisations are not required if you are joining dn42 as an individual**
99
+
100
+If you intend to register resources for an organisation (e.g. your hackerspace), you must also create an `organisation` object for your organisation:
101
+
102
+- `organisation` is of the form `<ORG-FOO>`.
103
+- `org-name` should be the name of your organisation.
104
+- `e-mail` should be a contact address for your organisation, or maybe a mailing list (but people should be able to send email without subscribing).
105
+- `admin-c`, `tech-c`, and `abuse-c` may point to `person` objects responsible for the respective role in your organisation.
106
+- you may provide a website (`www` field).
107
+- don't forget to set `mnt-by` to `<FOO>-MNT`, since you're managing this object on behalf of your organisation.
108
+
109
+Example: data/organisation/ORG-EXAMPLE
110
+```
111
+organisation: ORG-FOO
112
+org-name: Foo Organisation
113
+admin-c: FOO-DN42
114
+tech-c: FOO-DN42
115
+mnt-by: FOO-MNT
116
+source: DN42
117
+```
118
+
119
+### Guidelines for future objects
120
+
121
+From now on, you should use:
122
+
123
+- `admin-c: <FOO>-DN42` and `tech-c: <FOO>-DN42` for your own resources.
124
+- `admin-c: <FOO>-DN42`, `tech-c: <FOO>-DN42` and `org: <ORG-FOO>` for the resources of your organisation.
125
+- `mnt-by: <FOO>-MNT` for all objects, so that you can edit them later.
126
+
127
+This applies to AS numbers, network prefixes, routes, DNS records...
128
+
129
+### Register an AS number
130
+
131
+To register an AS number, simply create an `aut-num` object in `data/aut-num/`.
132
+`as-name` should be a name for your AS.
133
+
134
+Your AS number can be chosen arbitrarily in the dn42 ASN space, see the [as-block objects](https://git.dn42.us/dn42/registry/src/master/data/as-block) in the registry.
135
+
136
+**You should allocate your AS number in the 4242420000-4242423999 range**
137
+
138
+For a list of currently assigned AS numbers browse the registry data/aut-num/ directory or [online](https://explorer.burble.com/#/aut-num/).
139
+
140
+If you intend to use an ASN outside of the native dn42 ranges, please check that it doesn't clash with the [Freifunk AS-Numbers] (http://wiki.freifunk.net/AS-Nummern) or other networks (ChaosVPN, etc). For a list of ASN currently announced in dn42, see [this map](http://nixnodes.net/dn42/graph/).
141
+
142
+If unsure, ask on the mailing list or IRC.
143
+
144
+Example: data/aut-num/AS4242423999
145
+```
146
+aut-num: AS4242423999
147
+as-name: AS for FOO Network
148
+admin-c: FOO-DN42
149
+tech-c: FOO-DN42
150
+mnt-by: FOO-MNT
151
+source: DN42
152
+```
153
+
154
+### Register a network prefix
155
+
156
+#### IPv6
157
+
158
+To register an IPv6 prefix, you create an `inet6num` object. dn42 uses the fd00::/8 ([ULA](https://tools.ietf.org/html/rfc4193)) range. A single /48 allocation is typical and will likely provide more than enough room for all devices you will ever connect.
159
+
160
+dn42 is interconnected with other networks, like icvpn, which also use the same ULA range so a registration in the dn42 registry can't prevent IPv6 conflicts. A fully random prefix (see [RFC4193](https://tools.ietf.org/html/rfc4193)) is recommended; finding a conflict and needing to renumber your network is no fun.
161
+
162
+A few websites can generate random ULA prefixes for you:
163
+* [SimpleDNS](https://simpledns.com/private-ipv6)
164
+* [Ultratools](https://www.ultratools.com/tools/rangeGenerator)
165
+
166
+or a small script is available: [ulagen.py](https://git.dn42.us/netravnen/dn42-repo-utils/src/master/ulagen.py)
167
+
168
+example: data/inet6num/fd35:4992:6a6d::_48
169
+```
170
+inet6num: fd35:4992:6a6d:0000:0000:0000:0000:0000 - fd35:4992:6a6d:ffff:ffff:ffff:ffff:ffff
171
+cidr: fd35:4992:6a6d::/48
172
+netname: FOO-NETWORK
173
+descr: Network of FOO
174
+country: XD
175
+admin-c: FOO-DN42
176
+tech-c: FOO-DN42
177
+mnt-by: FOO-MNT
178
+status: ASSIGNED
179
+source: DN42
180
+```
181
+
182
+#### IPv4 (Legacy)
183
+
184
+If you also want to register an IPv4 network prefix, simply create an `inetnum` object.
185
+
186
+You may choose your network prefix in one of the currently open netblocks. You can get a list of unassigned subnets on the following site, please mind the allocation guideline below.
187
+
188
+ * [Open Netblocks](https://dn42.us/peers/free)
189
+
190
+Check the registry (data/inetnum) to make sure no-one else has allocated the same prefix. There are some IP ranges that are not open for assignments or are reserved for specific uses, so you should also check that the parent block has an 'open' policy. A quick and simple way to see the block policies is to run `grep "^policy" data/inetnum/*`.
191
+
192
+| Size | Comment |
193
+|-----:|:-------------------------|
194
+| /29 | starter pack |
195
+| /28 | usually enough |
196
+| **/27** | **default allocation** |
197
+| /26 | usually enough |
198
+| /25 | still a lot of IPs! |
199
+| /24 | are you an organization? |
200
+
201
+The current guideline is to allocate a /27 or smaller by default, keeping space for up to a /26 if possible. Don't allocate more than a /25 worth of addresses and please **think before you allocate**.
202
+
203
+dn42 typically uses point-to-point addressing in VPN tunnels making transit network unnecessary, a single IP address per host should be sufficient. If you are going to have 2-3 servers, a /28 is plenty; same will go for most home-networks. dn42 is not the public internet, but our IPv4-space is valuable too!
204
+
205
+If you need a /24 or larger, please ask in the IRC chan or on the mailing list and expect to provide justification. You should also ensure the range you've requested is in a suitable block.
206
+
207
+**Note:** Reverse DNS works with _any_ prefix length, as long as your [recursive nameserver](/services/DNS) supports [RFC 2317](https://www.ietf.org/rfc/rfc2317.txt). Don't go for a /24 _just to have RDNS_.
208
+
209
+example: data/inetnum/172.20.150.0_27
210
+```
211
+inetnum: 172.20.150.0 - 172.20.150.31
212
+cidr: 172.20.150.0/27
213
+netname: FOO-NETWORK
214
+admin-c: FOO-DN42
215
+tech-c: FOO-DN42
216
+mnt-by: FOO-MNT
217
+status: ASSIGNED
218
+source: DN42
219
+```
220
+
221
+#### Create route objects
222
+
223
+If you plan to announce your prefixes in dn42, which you probably want in most cases, you will also need to create a `route6` object for ipv6 prefixes and a `route` object for ipv4 prefixes. This information is used for Route Origin Authorization (ROA) checks. If you skip this step, your network will probably get filtered by most major peers. Checking ROA will prevent (accidental) hijacking of other people's prefixes.
224
+
225
+example: data/route6/fd35:4992:6a6d::_48
226
+```
227
+route6: fd35:4992:6a6d::/48
228
+origin: AS4242423999
229
+max-length: 48
230
+mnt-by: FOO-MNT
231
+source: DN42
232
+```
233
+
234
+example data/route/172.20.150.0_27:
235
+```
236
+route: 172.20.150.0/27
237
+origin: AS4242423999
238
+mnt-by: FOO-MNT
239
+source: DN42
240
+```
241
+
242
+#### DNS and Domain Registration
243
+
244
+*(Optional)*
245
+To register a domain name, create a `dns` object in the data/dns directory.
246
+
247
+example: data/dns/foo.dn42
248
+```
249
+domain: foo.dn42
250
+admin-c: FOO-DN42
251
+tech-c: FOO-DN42
252
+mnt-by: FOO-MNT
253
+nserver: ns1.foo.dn42 172.20.150.1
254
+nserver: ns1.foo.dn42 fd35:4992:6a6d:53::1
255
+nserver: ns2.foo.dn42 172.20.150.2
256
+nserver: ns2.foo.dn42 fd35:4992:6a6d:53::2
257
+source: DN42
258
+```
259
+
260
+You can also add DNSSEC delegations using `ds-rdata` attributes to your domain:
261
+
262
+```
263
+ds-rdata: 61857 13 2 bd35e3efe3325d2029fb652e01604a48b677cc2f44226eeabee54b456c67680c
264
+```
265
+
266
+For reverse DNS, add `nserver` attributes to you inet{,6}num objects:
267
+
268
+```
269
+inet6num: fd35:4992:6a6d:0000:0000:0000:0000:0000 - fd35:4992:6a6d:ffff:ffff:ffff:ffff:ffff
270
+cidr: fd35:4992:6a6d::/48
271
+netname: FOO-NETWORK
272
+descr: Network of FOO
273
+country: XD
274
+admin-c: FOO-DN42
275
+tech-c: FOO-DN42
276
+mnt-by: FOO-MNT
277
+status: ASSIGNED
278
+nserver: ns1.foo.dn42
279
+nserver: ns2.foo.dn42
280
+source: DN42
281
+```
282
+
283
+# Get some peers
284
+
285
+In dn42, there is no real distinction between peering and transit: in most cases, everybody serves as an upstream provider to all its peers. Note that if you have very slow connectivity to the Internet, you may want to avoid providing transit between your peers, which can be done by filtering or prepending your ASN. For the sake of sane routing, try to peer with people on the same continent to avoid inefficient routing, <50ms is a good rule of thumb. You can also look into Bird communities if you are using Bird to mark the latency for the [link](/howto/Bird-communities).
286
+
287
+You can use the peerfinder to help you find potential peers close to you: https://dn42.us/peers
288
+
289
+You can then contact them on IRC or by email. In case you're really at loss, you can also ask for peers on the mailing list.
290
+
291
+## Establishing tunnels
292
+
293
+Unless your dn42 peers are on the same network, you must establish tunnels. Choose anything you like: Wireguard, OpenVPN, GRE, GRE + IPSec, IPIP, Tinc, ...
294
+
295
+There is some documentation in this wiki, like [gre-plus-ipsec](GRE-plus-IPsec).
296
+
297
+## Running a routing daemon
298
+
299
+You need a routing daemon to speak BGP with your peers. People usually run Quagga or Bird, but you may use anything (OpenBGPD, XORP, somebody even used an old [hardware router](bgp-on-extreme-summit1i) ). See the relevant [FAQ entry](/FAQ#frequently-asked-questions_what-bgp-daemon-should-i-use).
300
+
301
+You can find [configuration examples for Bird here](bird).
302
+
303
+## Configuration Examples
304
+
305
+* [Important Network configuration](networksettings)
306
+
307
+* VPN/Tunnel:
308
+ * [Wireguard](/howto/wireguard)
309
+ * [Openvpn](/howto/openvpn)
310
+ * [Tinc](/howto/tinc)
311
+ * [IPsec with public key authentication](/howto/IPsec-with-PublicKeys)
312
+* BGP:
313
+ * [Bird](/howto/Bird)
314
+ * [Quagga](/howto/Quagga)
315
+* Router specific:
316
+ * [dn42 on OpenWRT](OpenWRT)
317
+ * [EdgeOS Configuration](EdgeOS-Config-Example)
318
+ * [EdgeOS GRE/IPsec Example](EdgeOS-GRE-IPsec-Example)
319
+ * [BGP on Extreme Networks Summit 1i](BGP-on-Extreme-Summit1i)
320
+
321
+# Configure DNS
322
+
323
+See [Services DNS](/Services/DNS).
324
+
325
+# Use and provide services
326
+
327
+See [internal](/internal/Internal-Services) for internal services.
328
+
329
+Don't hesitate to provide interesting services, but *please*, document them on the wiki! Otherwise, nobody will use them because nobody can guess they even exist.
howto/ROA-slash-RPKI.md
... ...
@@ -0,0 +1,62 @@
1
+[[_TOC_]]
2
+
3
+
4
+## What is ROA?
5
+
6
+A Route Origination Authorization details which AS is authorised to advertise which originating IP prefixes. A ROA may also include prefix length information.
7
+
8
+## What is RPKI?
9
+
10
+Resource Public Key Infrastructure is basically a framework for securing the routing infrastructure.
11
+It provides a way to connect number resource information to a trust anchor.
12
+
13
+## What is RTR?
14
+
15
+The Resource Public Key Infrastructure (RPKI) to Router Protocol provides a way for a router to access RPKI validation information.
16
+It provides the router with validity information regarding prefix origination:
17
+
18
+* VALID
19
+ The route announcement is covered by a ROA and the announcing AS is validated
20
+* INVALID
21
+ The route announcement is covered by a ROA and the announcing AS is invalid (possibly hijacking)
22
+* UNKNOWN
23
+ There exists no ROA for the route announcement
24
+
25
+## How can I implement ROA on dn42?
26
+
27
+On dn42 we generate ROA information from the dn42 registry.
28
+ROA json/bird files can be generated using [dn42regsrv](https://git.dn42.us/burble/dn42regsrv).
29
+It is also possible to integrate this with a RTR cache server such as [gortr](https://github.com/cloudflare/gortr).
30
+
31
+### dn42regsrv
32
+
33
+You can find a hosted example of dn42regsrv at https://explorer.burble.com/
34
+
35
+Instructions on how to host dn42regsrv yourself can be found on the git repo of [dn42regsrv](https://git.dn42.us/burble/dn42regsrv).
36
+
37
+You can also run dn42regsrv via docker (then available at 127.0.0.1:8042):
38
+
39
+ git checkout https://git.dn42.us/burble/dn42regsrv.git .
40
+ cd contrib/docker
41
+ ./build.sh
42
+ docker-compose up -d
43
+
44
+Documentation for the api endpoints can be found here: https://git.dn42.us/burble/dn42regsrv/src/master/API.md
45
+
46
+### gortr
47
+
48
+burble kindly provides ready-to-use files for gortr here:
49
+
50
+https://dn42.burble.com/roa/dn42_roa_46.json
51
+
52
+You can use these to simply run gortr via docker:
53
+
54
+ docker run -ti -p 8082:8082 cloudflare/gortr -cache https://dn42.burble.com/roa/dn42_roa_46.json -verify=false -checktime=false -bind :8082
55
+
56
+### This is all to complicated, is there an easy all-in-one package for RTR?
57
+
58
+TODO: Publish docker-compose-yml to git for gortr+dn42regsrv
59
+
60
+### How do I integrate RTR with my BGP implementation
61
+
62
+You have to consult the documentation of your implementation for that. We will provide configuration examples on the specific pages.
... ...
\ No newline at end of file
howto/Static-routes-on-Windows.md
... ...
@@ -0,0 +1,63 @@
1
+Modern versions of Windows do not support OSPF and manually adding static routes every time after a reboot is annoying. Below is a batch script you can edit and run to help make adding routes easier. This script assumes that your BGP router and Windows computer are on the same LAN.
2
+
3
+```
4
+@echo off
5
+REM fill in YOUR network information
6
+REM right click and RUN AS ADMIN
7
+
8
+REM our entire private network address space
9
+set networkv4=172.20.0.0
10
+set networkv4mask=255.252.0.0
11
+set networkv6=fd00::/8
12
+
13
+REM our IPv4 subnet info
14
+set subnetv4=172.20.184.240
15
+set subnetv4mask=255.255.255.248
16
+set gateway4=172.20.184.241
17
+
18
+REM our IPv6 subnet info
19
+set subnetv6=fd43:6d1:3ee2::/48
20
+set gateway6=fd43:6d1:3ee2:1000::1
21
+
22
+REM our address for this machine
23
+set yournetaddr=172.20.184.242
24
+set yournetaddr6=fd43:6d1:3ee2:1000::2/128
25
+
26
+REM add IPs
27
+REM if different change wlan0 to YOUR interface name
28
+REM first line here is for my LAN. Ignore it.
29
+netsh interface ipv4 add address "wlan0" 192.168.2.254 255.255.255.0
30
+netsh interface ipv4 add address "wlan0" %yournetaddr% %subnetv4mask%
31
+netsh interface ipv6 add address "wlan0" %yournetaddr6%
32
+
33
+REM add IPv4 routes
34
+route -4 add %subnetv4% mask %subnetv4mask% %gateway4%
35
+route -4 add %networkv4% mask %networkv4mask% %gateway4%
36
+
37
+REM add IPv6 routes
38
+route -6 add %gateway6% ::
39
+route -6 add %subnetv6% %gateway6%
40
+REM this last route wasn't working without manually filling in the info.
41
+REM I don't know why.. Broken line commented out.
42
+REM route -6 add %networkv6% %gateway6%
43
+route -6 add fd00::/8 fd43:6d1:3ee2:1000::1
44
+
45
+echo Press enter to check your IPv4 routing table
46
+echo Do not forget to add static routes to this computer on your BGP router!
47
+echo Example: "root@router:~# ip route add 172.20.184.242 dev wlan0"
48
+echo Example: "root@router:~# ip route add fd43:6d1:3ee2:1000::2/128 dev wlan0"
49
+pause
50
+cls
51
+route -4 print
52
+echo Press enter to check your IPv6 routing table
53
+pause
54
+cls
55
+route -6 print
56
+echo Press enter to try to ping gateway
57
+pause
58
+cls
59
+ping %gateway4%
60
+pause
61
+ping %gateway6%
62
+pause
63
+```
... ...
\ No newline at end of file
internal/Internal-Services.md
... ...
@@ -6,12 +6,12 @@ You are asked to show some creativity in terms of network usage and content. ;)
6 6
7 7
## CA
8 8
9
-xuu is maintaining an [[certificate authority]] for internal services.
9
+xuu is maintaining an [[certificate authority|/services/Certificate-Authority]] for internal services.
10 10
11 11
zotan is maintaining an (experimental, but working) [ACME server](https://acme.dn42) (with accompanying CA), compatible with any LetsEncrypt client like Certbot, Dehydrated or Caddy.
12 12
13 13
## Network-related
14
- * See [[Looking Glasses]] for more network diagnostic tools
14
+ * See [[Looking Glasses|/services/Looking-Glasses]] for more network diagnostic tools
15 15
* Realtime network map: [map.dn42](http://map.dn42/) (via DN42) or [map42.0x7f.cc](https://map42.0x7f.cc) (via clearnet) _(Note: This is a direct copy of nixnodes map with some fixes and new functions since original map is no longer get maintained. This map uses the GRC as source, so it would be more comprehensive than original one. Data refreshes every 20~30 minutes.)_
16 16
* Nixnodes original Map of the network: [map.nixnodes.net](http://map.nixnodes.net)
17 17
* DN42 IP address lookup tool: [dn42.g-load.eu/ip](https://dn42.g-load.eu/ip/)
services/DNS.md
... ...
@@ -46,22 +46,22 @@ search dn42
46 46
47 47
There are multiple top level domains (TLDs) associated with DN42, its affiliated networks and for reverse DNS that must
48 48
be configured in order to run your own resolver. The registry is the authoritative source of active TLDs, but see also
49
-this page [[dns/External-DNS|External-DNS]] in the wiki.
49
+this page [[dns/External-DNS|/services/dns/External-DNS]] in the wiki.
50 50
51 51
### Split horizon DNS
52 52
53 53
In this configuration, you run your own, caching resolver but forward DN42 related queries (with recursion bit set)
54
-to the anycast service. Example configurations for different recursor implementations are included in the [[dns/Configuration|Configuration]] page.
54
+to the anycast service. Example configurations for different recursor implementations are included in the [[dns/Configuration|/services/dns/Configuration]] page.
55 55
56 56
### Full recursion
57 57
58 58
Authoritative DNS for DN42 is provided by the *.delegation-servers.dn42 servers, see the DNS architecture here
59
-[[New DNS]] Delegations servers have full support for DNSSEC.
59
+[[New DNS|New-DNS]] Delegations servers have full support for DNSSEC.
60 60
61 61
## Further Information
62 62
63
-* [[dns/Configuration|Configuration]] - Forwarder configuration examples
64
-* [[New DNS]] - current architecture
65
-* [[dns/External-DNS|External-DNS]] - external DNS zones from interconnected networks
66
-* [[Old Hierarchical DNS]] - deprecated
67
-* [[Original DNS (deprecated)]] - deprecated
63
+* [[dns/Configuration|/services/dns/Configuration]] - Forwarder configuration examples
64
+* [[New DNS|New-DNS]] - current architecture
65
+* [[dns/External-DNS|/services/dns/External-DNS]] - external DNS zones from interconnected networks
66
+* [[Old Hierarchical DNS|Old-Hierarchical-DNS]] - deprecated
67
+* [[Original DNS (deprecated)|Original-DNS-(deprecated)]] - deprecated
services/Exchanges.md
... ...
@@ -1,8 +1,12 @@
1 1
In the real world two organizations have to lay cables to one another when they want to peer. This is why IXPs (Internet Exchange Points) or IXes (Internet Exchanges) for short exist. Instead of laying cables to one another, organizations lay cables to an exchange instead. This allows them to peer with hundreds of other companies.
2 2
3
-A few people provide exchanges on DN42.
3
+In DN42 this is less relevant as links between peers are using 'cheap' VPNs.
4
+
5
+---
6
+
7
+A few people have provided exchanges previously on DN42, however they created single
8
+points of failure and are no longer operating
4 9
5
-The following exchanges are available:
6 10
* Amsterdam (OpenVPN) - NL Zuid (marlinc) - [https://nl-zuid.dn42/](https://nl-zuid.dn42/)
7 11
* Los Angeles (OpenVPN) - tombii - [https://nl-zuid.dn42/](https://nl-zuid.dn42/)
8 12
* New York (OpenVPN) - tombii - [https://nl-zuid.dn42/](https://nl-zuid.dn42/)
services/New-DNS.md
... ...
@@ -1,10 +1,10 @@
1
-After frequent issues with the [[Old Hierarchical DNS]] system in early 2018, work has started to build a new and more reliable DNS system. The main goals are:
1
+After frequent issues with the [[Old Hierarchical DNS|Old-Hierarchical-DNS]] system in early 2018, work has started to build a new and more reliable DNS system. The main goals are:
2 2
* Reliability and Consistency to avoid debugging very obscure issues that are also hard to reproduce.
3 3
* Low maintenance burden on operators.
4 4
* Proper DNSSEC support for everything.
5 5
6 6
# End Users
7
-It is **strongly recommended** to run your own resolver for security and privacy reasons. Setting it up and maintaining it should be easy, see [[dns/Configuration|Configuration]].
7
+It is **strongly recommended** to run your own resolver for security and privacy reasons. Setting it up and maintaining it should be easy, see [[dns/Configuration|dns/Configuration]].
8 8
9 9
If running your own resolver is not possible or undesirable, you can choose one or more instances from [dns/recursive-servers.dn42 in the registry](https://git.dn42.us/dn42/registry/src/master/data/dns/recursive-servers.dn42). Please make sure you fully understand the consequences and fully trust these operators.
10 10
... ...
@@ -25,7 +25,7 @@ These are simple authoritative servers for the dn42 zone, rDNS and a few DNS inf
25 25
These instances do not serve any clients. They poll the registry regularly and rebuild and resign (DNSSEC) the zones as needed. If any zone changes, all *.delegation-servers.dn42 instances are notified ([RFC1996](https://tools.ietf.org/html/rfc1996)) which then load the new zone data over AXFR ([RFC5936](https://tools.ietf.org/html/rfc5936)). The pool of masters is intentionally kept very small because of its much higher coordination needs and also the lacking support of a multi-master mode in many authoritative server implementations. The masters are only reachable over dedicated IPv6 assignments which are set up in a way that any master operator can hijack the address of a problematic master without having to wait for its operator to fix something.
26 26
27 27
# Running your own instances
28
-* If you want to run your own instances, make sure you are subscribed to the [[mailinglist|contact]]. It is also strongly recommended to join #dn42-dns@hackint. All changes are announced to the mailinglist but IRC makes debugging sessions much easier.
28
+* If you want to run your own instances, make sure you are subscribed to the [[mailinglist|/contact]]. It is also strongly recommended to join #dn42-dns@hackint. All changes are announced to the mailinglist but IRC makes debugging sessions much easier.
29 29
* Choose the implementation(s) you want to use. It should support at least AXFR+NOTIFY (*.delegation-servers.dn42) or DNSSEC (*.recursive-servers.dn42).
30 30
* Check if [[TODO|TODO]] already has configuration snippets for your implementation.
31 31
* If yes, download it from there and include it in the main configuration.
... ...
@@ -47,5 +47,6 @@ The set of valid KSKs can be found in the registry.
47 47
48 48
# See also
49 49
50
-* [[Old Hierarchical DNS]]
51
-* [[Original DNS (deprecated)]]
... ...
\ No newline at end of file
0
+* [[DNS Quick Start|DNS]]
1
+* [[Old Hierarchical DNS|Old-Hierarchical-DNS]]
2
+* [[Original DNS (deprecated)|Original-DNS-(deprecated)]]
... ...
\ No newline at end of file
services/Whois.md
... ...
@@ -67,7 +67,7 @@ The idea comes from the guys at cymru.com, who provide this service for the Inte
67 67
68 68
# Software
69 69
70
- * [[lglass]] is a python implementation for working with the registry. It features a whois server, tools to manipulate the data (DNS zone generation, etc).
70
+ * [[lglass|internal/lglass]] is a python implementation for working with the registry. It features a whois server, tools to manipulate the data (DNS zone generation, etc).
71 71
* [whois42d](https://github.com/dn42/whois42d) written in golang, lightweight/fast, whois server with support for all registry objects, type filtering and systemd socket activation.
72 72
73 73
# Whois daemons