b02d345516d51544923a5cd3906e5976f1f74034
FAQ.md
| ... | ... | @@ -1,7 +1,3 @@ |
| 1 | -# Frequently Asked Questions |
|
| 2 | - |
|
| 3 | -[[_TOC_]] |
|
| 4 | - |
|
| 5 | 1 | |
| 6 | 2 | ### How do I connect to DN42? |
| 7 | 3 | |
| ... | ... | @@ -27,7 +23,7 @@ Many users do use a virtual private server (VPS) for connecting to DN42. A VPS i |
| 27 | 23 | The DN42 registry used to be maintained in monotone, but was moved to git following resource and performance |
| 28 | 24 | issues. There may still be references back to monotone in some of the documentation, but the registry location is now: |
| 29 | 25 | |
| 30 | -https://git.dn42.dev/dn42/registry (https://git.dn42/dn42/registry) |
|
| 26 | +[https://git.dn42.dev/dn42/registry](https://git.dn42/dn42/registry) |
|
| 31 | 27 | |
| 32 | 28 | ### Can I use Windows to clone and update the registry ? |
| 33 | 29 |
Home.md
| ... | ... | @@ -4,7 +4,7 @@ dn42 is a big dynamic [VPN](http://en.wikipedia.org/wiki/Virtual_private_network |
| 4 | 4 | |
| 5 | 5 | A number of services are provided on the network: see [internal](/internal/Internal-Services) (only available from within dn42). Also, dn42 is interconnected with other networks, such as [ChaosVPN](http://wiki.hamburg.ccc.de/ChaosVPN) or some [Freifunk](http://en.wikipedia.org/wiki/Freifunk) networks. |
| 6 | 6 | |
| 7 | -Still have questions? We have [[FAQs|FAQ]] listed. |
|
| 7 | +Still have questions? We have [FAQs](/FAQ) listed. |
|
| 8 | 8 | |
| 9 | 9 | ## Why dn42? |
| 10 | 10 | |
| ... | ... | @@ -30,9 +30,9 @@ If your hackerspace is actually using dn42 to provide some services, please let |
| 30 | 30 | |
| 31 | 31 | ## Join or Contact us |
| 32 | 32 | |
| 33 | -dn42 is operated by a group of volunteers. There is no central authority which controls or impersonates the network. Take a look at the [[contact]] page to see how to collaborate or contact us. |
|
| 33 | +dn42 is operated by a group of volunteers. There is no central authority which controls or impersonates the network. Take a look at the [contact](/contact) page to see how to collaborate or contact us. |
|
| 34 | 34 | |
| 35 | -The [[Getting started|howto/Getting-Started]] page helps you to get your first node inside the network. |
|
| 35 | +The [Getting started](/howto/Getting-Started) page helps you to get your first node inside the network. |
|
| 36 | 36 | |
| 37 | 37 | ## External resources about dn42 |
| 38 | 38 |
_Sidebar.md
| ... | ... | @@ -1,49 +1,49 @@ |
| 1 | 1 | <div class='toc-title'>Site Links</div> |
| 2 | 2 | |
| 3 | - * [[Home]] |
|
| 4 | - * [[Getting Started|howto/Getting-Started]] |
|
| 5 | - * [[Registry Authentication|howto/Registry-Authentication]] |
|
| 6 | - * [[Address Space|howto/Address-Space]] |
|
| 7 | - * [[FAQ|/FAQ]] |
|
| 3 | + * [Home](/Home) |
|
| 4 | + * [Getting Started](/howto/Getting-Started) |
|
| 5 | + * [Registry Authentication](/howto/Registry-Authentication) |
|
| 6 | + * [Address Space](/howto/Address-Space) |
|
| 7 | + * [FAQ](/FAQ) |
|
| 8 | 8 | |
| 9 | 9 | * How-To |
| 10 | - * [[Wireguard|howto/wireguard]] |
|
| 11 | - * [[Openvpn|howto/openvpn]] |
|
| 12 | - * [[IPsec With Public Keys|howto/IPsec-with-PublicKeys]] |
|
| 13 | - * [[Tinc|howto/tinc]] |
|
| 14 | - * [[GRE on FreeBSD|howto/GRE-on-FreeBSD]] |
|
| 15 | - * [[GRE on OpenBSD|howto/GRE-on-OpenBSD]] |
|
| 16 | - * [[IPv6 Multicast (PIM-SM)|howto/IPv6-Multicast]] |
|
| 17 | - * [[Bird|howto/Bird]] / [[Bird2|howto/Bird2]] |
|
| 18 | - * [[Quagga|howto/Quagga]] |
|
| 19 | - * [[OpenBGPD|howto/OpenBGPD]] |
|
| 20 | - * [[Mikrotik RouterOS|howto/mikrotik]] |
|
| 21 | - * [[EdgeRouter|howto/EdgeOS-Config]] |
|
| 22 | - * [[Static routes on Windows|howto/Static-routes-on-Windows]] |
|
| 23 | - * [[Universal Network Requirements|howto/networksettings]] |
|
| 24 | - * [[VyOS|howto/vyos]] |
|
| 10 | + * [Wireguard](/howto/wireguard) |
|
| 11 | + * [Openvpn](/howto/openvpn) |
|
| 12 | + * [IPsec With Public Keys](/howto/IPsec-with-PublicKeys) |
|
| 13 | + * [Tinc](/howto/tinc) |
|
| 14 | + * [GRE on FreeBSD](/howto/GRE-on-FreeBSD) |
|
| 15 | + * [GRE on OpenBSD](/howto/GRE-on-OpenBSD) |
|
| 16 | + * [IPv6 Multicast (PIM-SM)](/howto/IPv6-Multicast) |
|
| 17 | + * [Bird](/howto/Bird) / [Bird2](/howto/Bird2) |
|
| 18 | + * [Quagga](/howto/Quagga) |
|
| 19 | + * [OpenBGPD](/howto/OpenBGPD) |
|
| 20 | + * [Mikrotik RouterOS](/howto/mikrotik) |
|
| 21 | + * [EdgeRouter](/howto/EdgeOS-Config) |
|
| 22 | + * [Static routes on Windows](/howto/Static-routes-on-Windows) |
|
| 23 | + * [Universal Network Requirements](/howto/networksettings) |
|
| 24 | + * [VyOS](/howto/vyos) |
|
| 25 | 25 | |
| 26 | 26 | * Services |
| 27 | - * [[IRC|services/IRC]] |
|
| 28 | - * [[Whois registry|services/Whois]] |
|
| 29 | - * [[DNS|services/DNS]] |
|
| 30 | - * [[Public DNS|services/Clearnet-Domains]] |
|
| 31 | - * [[Looking Glasses|services/Looking-Glasses]] |
|
| 32 | - * [[Repository Mirrors|services/Repository-Mirrors]] |
|
| 33 | - * [[Distributed Wiki|services/Distributed-Wiki]] |
|
| 34 | - * [[Certificate Authority|services/Certificate-Authority]] |
|
| 35 | - * [[Route Collector|services/Route-Collector]] |
|
| 27 | + * [IRC](/services/IRC) |
|
| 28 | + * [Whois registry](/services/Whois) |
|
| 29 | + * [DNS](/services/DNS) |
|
| 30 | + * [Public DNS](/services/Clearnet-Domains) |
|
| 31 | + * [Looking Glasses](/services/Looking-Glasses) |
|
| 32 | + * [Repository Mirrors](/services/Repository-Mirrors) |
|
| 33 | + * [Distributed Wiki](/services/Distributed-Wiki) |
|
| 34 | + * [Certificate Authority](/services/Certificate-Authority) |
|
| 35 | + * [Route Collector](/services/Route-Collector) |
|
| 36 | 36 | |
| 37 | 37 | * Internal |
| 38 | - * [[Internal services|internal/Internal-Services]] |
|
| 39 | - * [[Interconnections|internal/Interconnections]] |
|
| 40 | - * [[APIs|internal/APIs]] |
|
| 41 | - * [[Historical services|internal/Historical-Services]] |
|
| 38 | + * [Internal services](/internal/Internal-Services) |
|
| 39 | + * [Interconnections](/internal/Interconnections) |
|
| 40 | + * [APIs](/internal/APIs) |
|
| 41 | + * [Historical services](/internal/Historical-Services) |
|
| 42 | 42 | |
| 43 | 43 | * External Tools |
| 44 | - * [[Paste Board|https://paste.dn42.us]] |
|
| 45 | - * [[Git Repositories|https://git.dn42.dev]] |
|
| 44 | + * [Paste Board](/https://paste.dn42.us) |
|
| 45 | + * [Git Repositories](/https://git.dn42.dev) |
|
| 46 | 46 | |
| 47 | 47 | -------------- |
| 48 | 48 | |
| 49 | -[[_TOC_]] |
|
| ... | ... | \ No newline at end of file |
| 0 | +[[_TOC_]] |
contact.md
| ... | ... | @@ -2,7 +2,7 @@ |
| 2 | 2 | |
| 3 | 3 | Members of the dn42 network mostly communicate via IRC or the mailing list. |
| 4 | 4 | |
| 5 | -If you would like to contact an individual network operator, you will find contact information in the [[Whois]] registry. |
|
| 5 | +If you would like to contact an individual network operator, you will find contact information in the [Whois](/Whois) registry. |
|
| 6 | 6 | |
| 7 | 7 | ## Mailing list |
| 8 | 8 | |
| ... | ... | @@ -15,7 +15,7 @@ If you would like to contact an individual network operator, you will find conta |
| 15 | 15 | |
| 16 | 16 | Channel #dn42 in [hackint](http://www.hackint.eu/) |
| 17 | 17 | |
| 18 | -See [[IRC]] too. |
|
| 18 | +See [IRC](/IRC) too. |
|
| 19 | 19 | |
| 20 | 20 | ## Twitter |
| 21 | 21 |
howto/EdgeOS-Config.md
| ... | ... | @@ -11,8 +11,8 @@ This document describes some possibilities for connecting to dn42 using an Ubiqu |
| 11 | 11 | |
| 12 | 12 | ## First Steps |
| 13 | 13 | |
| 14 | -1. Create the required objects in the Registry - see [[Getting started]] |
|
| 15 | -2. Find a peer - ask nicely in [[IRC]]! |
|
| 14 | +1. Create the required objects in the Registry - see [Getting Started](/Getting-Started) |
|
| 15 | +2. Find a peer - ask nicely in [IRC](/IRC)! |
|
| 16 | 16 | 3. Get the following details: |
| 17 | 17 | * Tunnel configuration (OpenVPN, IPsec, QuickTun) |
| 18 | 18 | * AS numbers |
howto/Edgeos-Config-Example-number-2.md
| ... | ... | @@ -14,9 +14,9 @@ Also thanx to drathir for his patience and support |
| 14 | 14 | |
| 15 | 15 | * Basic EdgeOS knowledge is required |
| 16 | 16 | |
| 17 | -1) you need to create all required fields in the registry --> look at [[Getting started]] page |
|
| 17 | +1) you need to create all required fields in the registry --> look at [Getting Started](/Getting-Started) page |
|
| 18 | 18 | |
| 19 | -2) get a peer --> ask nice @ [[IRC]] |
|
| 19 | +2) get a peer --> ask nice @ [IRC](/IRC) |
|
| 20 | 20 | |
| 21 | 21 | 3) You need following data from the peer |
| 22 | 22 |
howto/Getting-Started.md
| ... | ... | @@ -169,6 +169,7 @@ To register an IPv6 prefix, you create an `inet6num` object. dn42 uses the fd00: |
| 169 | 169 | dn42 is interconnected with other networks, like icvpn, which also use the same ULA range so a registration in the dn42 registry can't prevent IPv6 conflicts. A fully random prefix (see [RFC4193](https://tools.ietf.org/html/rfc4193)) is recommended; finding a conflict and needing to renumber your network is no fun. |
| 170 | 170 | |
| 171 | 171 | A few websites can generate random ULA prefixes for you: |
| 172 | + |
|
| 172 | 173 | * [dn42regsrv](https://explorer.burble.com/free#/6) |
| 173 | 174 | * [SimpleDNS](https://simpledns.com/private-ipv6) |
| 174 | 175 | * [Ultratools](https://www.ultratools.com/tools/rangeGenerator) |
| ... | ... | @@ -317,18 +318,18 @@ You can find [configuration examples for Bird here](bird). |
| 317 | 318 | * [Important Network configuration](networksettings) |
| 318 | 319 | |
| 319 | 320 | * VPN/Tunnel: |
| 320 | - * [Wireguard](/howto/wireguard) |
|
| 321 | - * [Openvpn](/howto/openvpn) |
|
| 322 | - * [Tinc](/howto/tinc) |
|
| 323 | - * [IPsec with public key authentication](/howto/IPsec-with-PublicKeys) |
|
| 321 | + * [Wireguard](/howto/wireguard) |
|
| 322 | + * [Openvpn](/howto/openvpn) |
|
| 323 | + * [Tinc](/howto/tinc) |
|
| 324 | + * [IPsec with public key authentication](/howto/IPsec-with-PublicKeys) |
|
| 324 | 325 | * BGP: |
| 325 | - * [Bird](/howto/Bird) |
|
| 326 | - * [Quagga](/howto/Quagga) |
|
| 326 | + * [Bird](/howto/Bird) |
|
| 327 | + * [Quagga](/howto/Quagga) |
|
| 327 | 328 | * Router specific: |
| 328 | - * [dn42 on OpenWRT](OpenWRT) |
|
| 329 | - * [EdgeOS Configuration](EdgeOS-Config-Example) |
|
| 330 | - * [EdgeOS GRE/IPsec Example](EdgeOS-GRE-IPsec-Example) |
|
| 331 | - * [BGP on Extreme Networks Summit 1i](BGP-on-Extreme-Summit1i) |
|
| 329 | + * [dn42 on OpenWRT](OpenWRT) |
|
| 330 | + * [EdgeOS Configuration](EdgeOS-Config-Example) |
|
| 331 | + * [EdgeOS GRE/IPsec Example](EdgeOS-GRE-IPsec-Example) |
|
| 332 | + * [BGP on Extreme Networks Summit 1i](BGP-on-Extreme-Summit1i) |
|
| 332 | 333 | |
| 333 | 334 | # Configure DNS |
| 334 | 335 |
howto/Getting-started.md
| ... | ... | @@ -1,329 +0,0 @@ |
| 1 | -You want to join dn42, but you don't know where to start. This guide gives general guidelines about dn42 and routing in general, but it assumes that you are knowledgeable with routing. |
|
| 2 | - |
|
| 3 | -# Requirements |
|
| 4 | - |
|
| 5 | -- you have at least one router running 24/7. Any Linux or BSD box can be turned into a router. If your home router runs OpenWRT, you might consider using it for dn42. |
|
| 6 | -- your router is able to establish network tunnels over the Internet (Wireguard, GRE, OpenVPN, IPSec, Tinc...). Beware, your network operator might filter this kind of traffic, e.g. in schools or universities. |
|
| 7 | -- you are generally knowledgeable with networking and routing (i.e. you've heard about BGP, IGP, forwarding, and you're willing to configure a BGP router such as Quagga or Bird) |
|
| 8 | - |
|
| 9 | -# Formalities |
|
| 10 | - |
|
| 11 | -Don't worry, it's not as tedious as registering with a RIR ;) |
|
| 12 | - |
|
| 13 | -## Subscribe to the mailing list |
|
| 14 | - |
|
| 15 | -This is important, as it allows to stay up-to-date on best practices, new services, security issues... |
|
| 16 | - |
|
| 17 | -See [Contact](/contact#contact_mailing-list) to subscribe. |
|
| 18 | - |
|
| 19 | -## Fill in the registry |
|
| 20 | - |
|
| 21 | -You must create several objects in the DN42 registry: <https://git.dn42.dev/dn42/registry> |
|
| 22 | - |
|
| 23 | -The registry is a git repository, so objects are created by forking the main repository, making your changes and then submitting a pull request for review. See the [git documentation](https://git-scm.com/book/en/v2/Git-Basics-Working-with-Remotes) and guides on [github](https://help.github.com/en/github/using-git) for how to use git to work with remote repositories. |
|
| 24 | - |
|
| 25 | -When submitting your pull request, please squash your commits. It makes the request easier to read and simplifies the change history. See this [StackOverflow question](https://stackoverflow.com/questions/5189560/squash-my-last-x-commits-together-using-git) for a simple guide on how to do this. |
|
| 26 | - |
|
| 27 | -Remember to add authentication to your `mntner` object, and [sign your commit](/howto/Registry-Authentication) |
|
| 28 | - |
|
| 29 | -The registry includes a number of scripts to help check your request: |
|
| 30 | - |
|
| 31 | - - `fmt-my-stuff <FOO>-MNT`: automatically fixes minor formatting errors |
|
| 32 | - - `check-my-stuff <FOO>-MNT`: validates your objects against the registry schema |
|
| 33 | - - `check-pol origin/master <FOO>-MNT`: checks for policy violations |
|
| 34 | - |
|
| 35 | -The registry maintainers run all three scripts against each request, so please run these yourself first to check for simple errors. |
|
| 36 | - |
|
| 37 | -Do browse through the registry and look at the [pull request queue](https://git.dn42.dev/dn42/registry/pulls) to see examples, understand how the process works and see the types of questions asked by the registry maintainers. |
|
| 38 | - |
|
| 39 | -*Whilst it is possible to use the web interface to edit files, you are encouraged to clone your repo locally and use the command line git tools. It's easy to do and learning how to use git is a skill worth knowing. Using the web interface creates a large number of commits and prevents you from checking your changes with the registry scripts* |
|
| 40 | - |
|
| 41 | ---- |
|
| 42 | - |
|
| 43 | -This example assumes that your name is `<FOO>`, part of an organisation called `<FOO-ORG>` (for instance, your hackerspace). *Organisation objects are not required if your are registering as an individual*. Obviously, these should be replaced by the appropriate values in all examples below. |
|
| 44 | - |
|
| 45 | -We will create several types of objects: |
|
| 46 | - - **maintainer** objects, which are authenticated so that only you can edit your own objects |
|
| 47 | - - **person** objects, which describe people or organisations and provide contact information |
|
| 48 | - - and **resource** objects (AS number, IP subnet, DNS zone, etc). |
|
| 49 | - |
|
| 50 | -All objects are simple text files in the specific subfolders, but the files do have a particular format. The files should use spaces and not tabs, and the attribute values must start on the 20th column. |
|
| 51 | - |
|
| 52 | -### Create a maintainer object |
|
| 53 | - |
|
| 54 | -Create a `mntner` object in `data/mntner/` named `<FOO>-MNT`. It will be used to edit all the objects that are under your responsibility. |
|
| 55 | - |
|
| 56 | -- use `<FOO>-MNT` as `mnt-by`, otherwise, you won't be able to edit your maintainer object. |
|
| 57 | -- Add an 'auth' attribute so that changes to your objects can be verified. |
|
| 58 | - |
|
| 59 | -The `auth` attribute is used to verify changes to your object. There is a separate page on [registry authentication](/howto/Registry-Authentication) which details what to include in your mntner object, how to sign and verify your commits. |
|
| 60 | - |
|
| 61 | -Common authentication methods are: |
|
| 62 | - - PGP Key: `auth: pgp-fingerprint <pgp-fingerprint>` |
|
| 63 | - - SSH Key: `auth: ssh-{rsa,ed25519} <key>` |
|
| 64 | - |
|
| 65 | -Example: data/mntner/FOO-MNT |
|
| 66 | -``` |
|
| 67 | -mntner: FOO-MNT |
|
| 68 | -admin-c: FOO-DN42 |
|
| 69 | -tech-c: FOO-DN42 |
|
| 70 | -mnt-by: FOO-MNT |
|
| 71 | -auth: pgp-fingerprint 0123456789ABCDEF0123456789ABCDEF01234567 |
|
| 72 | -source: DN42 |
|
| 73 | -``` |
|
| 74 | - |
|
| 75 | -### Create person objects |
|
| 76 | - |
|
| 77 | -Create a `person` object in `data/person/` for **yourself** (not your organisation/hackerspace/whatever). |
|
| 78 | - |
|
| 79 | -- use something like `<FOO>-DN42` as `nic-hdl`, it should end with `-DN42`. |
|
| 80 | -- the `person` field is more freeform, you may use your nickname or even real name here. |
|
| 81 | -- provide an email. |
|
| 82 | -- you may provide additional ways of contacting you, using one or more `contact` field. For instance `xmpp:[email protected]`, `irc:luke42@hackint`, `twitter: TheGreatLuke`. |
|
| 83 | -- you may wish to add other fields, such as `pgp-fingerprint`, `remarks`, and so on. |
|
| 84 | -- don't forget to set `mnt-by` to `<FOO>-MNT`. |
|
| 85 | - |
|
| 86 | -Example: data/person/FOO-DN42 |
|
| 87 | -``` |
|
| 88 | -person: John Doe |
|
| 89 | -contact: [email protected] |
|
| 90 | -nic-hdl: FOO-DN42 |
|
| 91 | -mnt-by: FOO-MNT |
|
| 92 | -source: DN42 |
|
| 93 | -``` |
|
| 94 | - |
|
| 95 | ---- |
|
| 96 | - |
|
| 97 | -*(Optional)* |
|
| 98 | -**Organisations are not required if you are joining dn42 as an individual** |
|
| 99 | - |
|
| 100 | -If you intend to register resources for an organisation (e.g. your hackerspace), you must also create an `organisation` object for your organisation: |
|
| 101 | - |
|
| 102 | -- `organisation` is of the form `<ORG-FOO>`. |
|
| 103 | -- `org-name` should be the name of your organisation. |
|
| 104 | -- `e-mail` should be a contact address for your organisation, or maybe a mailing list (but people should be able to send email without subscribing). |
|
| 105 | -- `admin-c`, `tech-c`, and `abuse-c` may point to `person` objects responsible for the respective role in your organisation. |
|
| 106 | -- you may provide a website (`www` field). |
|
| 107 | -- don't forget to set `mnt-by` to `<FOO>-MNT`, since you're managing this object on behalf of your organisation. |
|
| 108 | - |
|
| 109 | -Example: data/organisation/ORG-EXAMPLE |
|
| 110 | -``` |
|
| 111 | -organisation: ORG-FOO |
|
| 112 | -org-name: Foo Organisation |
|
| 113 | -admin-c: FOO-DN42 |
|
| 114 | -tech-c: FOO-DN42 |
|
| 115 | -mnt-by: FOO-MNT |
|
| 116 | -source: DN42 |
|
| 117 | -``` |
|
| 118 | - |
|
| 119 | -### Guidelines for future objects |
|
| 120 | - |
|
| 121 | -From now on, you should use: |
|
| 122 | - |
|
| 123 | -- `admin-c: <FOO>-DN42` and `tech-c: <FOO>-DN42` for your own resources. |
|
| 124 | -- `admin-c: <FOO>-DN42`, `tech-c: <FOO>-DN42` and `org: <ORG-FOO>` for the resources of your organisation. |
|
| 125 | -- `mnt-by: <FOO>-MNT` for all objects, so that you can edit them later. |
|
| 126 | - |
|
| 127 | -This applies to AS numbers, network prefixes, routes, DNS records... |
|
| 128 | - |
|
| 129 | -### Register an AS number |
|
| 130 | - |
|
| 131 | -To register an AS number, simply create an `aut-num` object in `data/aut-num/`. |
|
| 132 | -`as-name` should be a name for your AS. |
|
| 133 | - |
|
| 134 | -Your AS number can be chosen arbitrarily in the dn42 ASN space, see the [as-block objects](https://git.dn42.dev/dn42/registry/src/master/data/as-block) in the registry. |
|
| 135 | - |
|
| 136 | -**You should allocate your AS number in the 4242420000-4242423999 range** |
|
| 137 | - |
|
| 138 | -For a list of currently assigned AS numbers browse the registry data/aut-num/ directory or [online](https://explorer.burble.com/#/aut-num/). |
|
| 139 | - |
|
| 140 | -If you intend to use an ASN outside of the native dn42 ranges, please check that it doesn't clash with the [Freifunk AS-Numbers] (http://wiki.freifunk.net/AS-Nummern) or other networks (ChaosVPN, etc). For a list of ASN currently announced in dn42, see [this map](http://nixnodes.net/dn42/graph/). |
|
| 141 | - |
|
| 142 | -If unsure, ask on the mailing list or IRC. |
|
| 143 | - |
|
| 144 | -Example: data/aut-num/AS4242423999 |
|
| 145 | -``` |
|
| 146 | -aut-num: AS4242423999 |
|
| 147 | -as-name: AS for FOO Network |
|
| 148 | -admin-c: FOO-DN42 |
|
| 149 | -tech-c: FOO-DN42 |
|
| 150 | -mnt-by: FOO-MNT |
|
| 151 | -source: DN42 |
|
| 152 | -``` |
|
| 153 | - |
|
| 154 | -### Register a network prefix |
|
| 155 | - |
|
| 156 | -#### IPv6 |
|
| 157 | - |
|
| 158 | -To register an IPv6 prefix, you create an `inet6num` object. dn42 uses the fd00::/8 ([ULA](https://tools.ietf.org/html/rfc4193)) range. A single /48 allocation is typical and will likely provide more than enough room for all devices you will ever connect. |
|
| 159 | - |
|
| 160 | -dn42 is interconnected with other networks, like icvpn, which also use the same ULA range so a registration in the dn42 registry can't prevent IPv6 conflicts. A fully random prefix (see [RFC4193](https://tools.ietf.org/html/rfc4193)) is recommended; finding a conflict and needing to renumber your network is no fun. |
|
| 161 | - |
|
| 162 | -A few websites can generate random ULA prefixes for you: |
|
| 163 | -* [SimpleDNS](https://simpledns.com/private-ipv6) |
|
| 164 | -* [Ultratools](https://www.ultratools.com/tools/rangeGenerator) |
|
| 165 | - |
|
| 166 | -or a small script is available: [ulagen.py](https://git.dn42.dev/netravnen/dn42-repo-utils/src/master/ulagen.py) |
|
| 167 | - |
|
| 168 | -example: data/inet6num/fd35:4992:6a6d::_48 |
|
| 169 | -``` |
|
| 170 | -inet6num: fd35:4992:6a6d:0000:0000:0000:0000:0000 - fd35:4992:6a6d:ffff:ffff:ffff:ffff:ffff |
|
| 171 | -cidr: fd35:4992:6a6d::/48 |
|
| 172 | -netname: FOO-NETWORK |
|
| 173 | -descr: Network of FOO |
|
| 174 | -country: XD |
|
| 175 | -admin-c: FOO-DN42 |
|
| 176 | -tech-c: FOO-DN42 |
|
| 177 | -mnt-by: FOO-MNT |
|
| 178 | -status: ASSIGNED |
|
| 179 | -source: DN42 |
|
| 180 | -``` |
|
| 181 | - |
|
| 182 | -#### IPv4 (Legacy) |
|
| 183 | - |
|
| 184 | -If you also want to register an IPv4 network prefix, simply create an `inetnum` object. |
|
| 185 | - |
|
| 186 | -You may choose your network prefix in one of the currently open netblocks. You can get a list of unassigned subnets on the following site, please mind the allocation guideline below. |
|
| 187 | - |
|
| 188 | - * [Open Netblocks](https://dn42.us/peers/free) |
|
| 189 | - |
|
| 190 | -Check the registry (data/inetnum) to make sure no-one else has allocated the same prefix. There are some IP ranges that are not open for assignments or are reserved for specific uses, so you should also check that the parent block has an 'open' policy. A quick and simple way to see the block policies is to run `grep "^policy" data/inetnum/*`. |
|
| 191 | - |
|
| 192 | -| Size | Comment | |
|
| 193 | -|-----:|:-------------------------| |
|
| 194 | -| /29 | starter pack | |
|
| 195 | -| /28 | usually enough | |
|
| 196 | -| **/27** | **default allocation** | |
|
| 197 | -| /26 | usually enough | |
|
| 198 | -| /25 | still a lot of IPs! | |
|
| 199 | -| /24 | are you an organization? | |
|
| 200 | - |
|
| 201 | -The current guideline is to allocate a /27 or smaller by default, keeping space for up to a /26 if possible. Don't allocate more than a /25 worth of addresses and please **think before you allocate**. |
|
| 202 | - |
|
| 203 | -dn42 typically uses point-to-point addressing in VPN tunnels making transit network unnecessary, a single IP address per host should be sufficient. If you are going to have 2-3 servers, a /28 is plenty; same will go for most home-networks. dn42 is not the public internet, but our IPv4-space is valuable too! |
|
| 204 | - |
|
| 205 | -If you need a /24 or larger, please ask in the IRC chan or on the mailing list and expect to provide justification. You should also ensure the range you've requested is in a suitable block. |
|
| 206 | - |
|
| 207 | -**Note:** Reverse DNS works with _any_ prefix length, as long as your [recursive nameserver](/services/DNS) supports [RFC 2317](https://www.ietf.org/rfc/rfc2317.txt). Don't go for a /24 _just to have RDNS_. |
|
| 208 | - |
|
| 209 | -example: data/inetnum/172.20.150.0_27 |
|
| 210 | -``` |
|
| 211 | -inetnum: 172.20.150.0 - 172.20.150.31 |
|
| 212 | -cidr: 172.20.150.0/27 |
|
| 213 | -netname: FOO-NETWORK |
|
| 214 | -admin-c: FOO-DN42 |
|
| 215 | -tech-c: FOO-DN42 |
|
| 216 | -mnt-by: FOO-MNT |
|
| 217 | -status: ASSIGNED |
|
| 218 | -source: DN42 |
|
| 219 | -``` |
|
| 220 | - |
|
| 221 | -#### Create route objects |
|
| 222 | - |
|
| 223 | -If you plan to announce your prefixes in dn42, which you probably want in most cases, you will also need to create a `route6` object for ipv6 prefixes and a `route` object for ipv4 prefixes. This information is used for Route Origin Authorization (ROA) checks. If you skip this step, your network will probably get filtered by most major peers. Checking ROA will prevent (accidental) hijacking of other people's prefixes. |
|
| 224 | - |
|
| 225 | -example: data/route6/fd35:4992:6a6d::_48 |
|
| 226 | -``` |
|
| 227 | -route6: fd35:4992:6a6d::/48 |
|
| 228 | -origin: AS4242423999 |
|
| 229 | -max-length: 48 |
|
| 230 | -mnt-by: FOO-MNT |
|
| 231 | -source: DN42 |
|
| 232 | -``` |
|
| 233 | - |
|
| 234 | -example data/route/172.20.150.0_27: |
|
| 235 | -``` |
|
| 236 | -route: 172.20.150.0/27 |
|
| 237 | -origin: AS4242423999 |
|
| 238 | -mnt-by: FOO-MNT |
|
| 239 | -source: DN42 |
|
| 240 | -``` |
|
| 241 | - |
|
| 242 | -#### DNS and Domain Registration |
|
| 243 | - |
|
| 244 | -*(Optional)* |
|
| 245 | -To register a domain name, create a `dns` object in the data/dns directory. |
|
| 246 | - |
|
| 247 | -example: data/dns/foo.dn42 |
|
| 248 | -``` |
|
| 249 | -domain: foo.dn42 |
|
| 250 | -admin-c: FOO-DN42 |
|
| 251 | -tech-c: FOO-DN42 |
|
| 252 | -mnt-by: FOO-MNT |
|
| 253 | -nserver: ns1.foo.dn42 172.20.150.1 |
|
| 254 | -nserver: ns1.foo.dn42 fd35:4992:6a6d:53::1 |
|
| 255 | -nserver: ns2.foo.dn42 172.20.150.2 |
|
| 256 | -nserver: ns2.foo.dn42 fd35:4992:6a6d:53::2 |
|
| 257 | -source: DN42 |
|
| 258 | -``` |
|
| 259 | - |
|
| 260 | -You can also add DNSSEC delegations using `ds-rdata` attributes to your domain: |
|
| 261 | - |
|
| 262 | -``` |
|
| 263 | -ds-rdata: 61857 13 2 bd35e3efe3325d2029fb652e01604a48b677cc2f44226eeabee54b456c67680c |
|
| 264 | -``` |
|
| 265 | - |
|
| 266 | -For reverse DNS, add `nserver` attributes to you inet{,6}num objects: |
|
| 267 | - |
|
| 268 | -``` |
|
| 269 | -inet6num: fd35:4992:6a6d:0000:0000:0000:0000:0000 - fd35:4992:6a6d:ffff:ffff:ffff:ffff:ffff |
|
| 270 | -cidr: fd35:4992:6a6d::/48 |
|
| 271 | -netname: FOO-NETWORK |
|
| 272 | -descr: Network of FOO |
|
| 273 | -country: XD |
|
| 274 | -admin-c: FOO-DN42 |
|
| 275 | -tech-c: FOO-DN42 |
|
| 276 | -mnt-by: FOO-MNT |
|
| 277 | -status: ASSIGNED |
|
| 278 | -nserver: ns1.foo.dn42 |
|
| 279 | -nserver: ns2.foo.dn42 |
|
| 280 | -source: DN42 |
|
| 281 | -``` |
|
| 282 | - |
|
| 283 | -# Get some peers |
|
| 284 | - |
|
| 285 | -In dn42, there is no real distinction between peering and transit: in most cases, everybody serves as an upstream provider to all its peers. Note that if you have very slow connectivity to the Internet, you may want to avoid providing transit between your peers, which can be done by filtering or prepending your ASN. For the sake of sane routing, try to peer with people on the same continent to avoid inefficient routing, <50ms is a good rule of thumb. You can also look into Bird communities if you are using Bird to mark the latency for the [link](/howto/Bird-communities). |
|
| 286 | - |
|
| 287 | -You can use the peerfinder to help you find potential peers close to you: https://dn42.us/peers |
|
| 288 | - |
|
| 289 | -You can then contact them on IRC or by email. In case you're really at loss, you can also ask for peers on the mailing list. |
|
| 290 | - |
|
| 291 | -## Establishing tunnels |
|
| 292 | - |
|
| 293 | -Unless your dn42 peers are on the same network, you must establish tunnels. Choose anything you like: Wireguard, OpenVPN, GRE, GRE + IPSec, IPIP, Tinc, ... |
|
| 294 | - |
|
| 295 | -There is some documentation in this wiki, like [gre-plus-ipsec](GRE-plus-IPsec). |
|
| 296 | - |
|
| 297 | -## Running a routing daemon |
|
| 298 | - |
|
| 299 | -You need a routing daemon to speak BGP with your peers. People usually run Quagga or Bird, but you may use anything (OpenBGPD, XORP, somebody even used an old [hardware router](bgp-on-extreme-summit1i) ). See the relevant [FAQ entry](/FAQ#frequently-asked-questions_what-bgp-daemon-should-i-use). |
|
| 300 | - |
|
| 301 | -You can find [configuration examples for Bird here](bird). |
|
| 302 | - |
|
| 303 | -## Configuration Examples |
|
| 304 | - |
|
| 305 | -* [Important Network configuration](networksettings) |
|
| 306 | - |
|
| 307 | -* VPN/Tunnel: |
|
| 308 | - * [Wireguard](/howto/wireguard) |
|
| 309 | - * [Openvpn](/howto/openvpn) |
|
| 310 | - * [Tinc](/howto/tinc) |
|
| 311 | - * [IPsec with public key authentication](/howto/IPsec-with-PublicKeys) |
|
| 312 | -* BGP: |
|
| 313 | - * [Bird](/howto/Bird) |
|
| 314 | - * [Quagga](/howto/Quagga) |
|
| 315 | -* Router specific: |
|
| 316 | - * [dn42 on OpenWRT](OpenWRT) |
|
| 317 | - * [EdgeOS Configuration](EdgeOS-Config-Example) |
|
| 318 | - * [EdgeOS GRE/IPsec Example](EdgeOS-GRE-IPsec-Example) |
|
| 319 | - * [BGP on Extreme Networks Summit 1i](BGP-on-Extreme-Summit1i) |
|
| 320 | - |
|
| 321 | -# Configure DNS |
|
| 322 | - |
|
| 323 | -See [Services DNS](/Services/DNS). |
|
| 324 | - |
|
| 325 | -# Use and provide services |
|
| 326 | - |
|
| 327 | -See [internal](/internal/Internal-Services) for internal services. |
|
| 328 | - |
|
| 329 | -Don't hesitate to provide interesting services, but *please*, document them on the wiki! Otherwise, nobody will use them because nobody can guess they even exist. |
howto/OpenWRT.md
| ... | ... | @@ -80,4 +80,4 @@ You have to use this patch: https://dev.openwrt.org/changeset/35484 (monkeypatch |
| 80 | 80 | |
| 81 | 81 | ## DNS |
| 82 | 82 | |
| 83 | -See [[DNS Configuration|/services/dns/Configuration]]. This will use the anycast dn42 DNS server to resolve `dn42` and relevant reverse domains. |
|
| ... | ... | \ No newline at end of file |
| 0 | +See [DNS Configuration](/services/dns/Configuration). This will use the anycast dn42 DNS server to resolve `dn42` and relevant reverse domains. |
|
| ... | ... | \ No newline at end of file |
howto/ROA-slash-RPKI.md
| ... | ... | @@ -1,5 +1,3 @@ |
| 1 | -[[_TOC_]] |
|
| 2 | - |
|
| 3 | 1 | |
| 4 | 2 | ## What is ROA? |
| 5 | 3 |
internal/Internal-Services.md
| ... | ... | @@ -6,12 +6,12 @@ You are asked to show some creativity in terms of network usage and content. ;) |
| 6 | 6 | |
| 7 | 7 | ## CA |
| 8 | 8 | |
| 9 | -xuu is maintaining an [[certificate authority|/services/Certificate-Authority]] for internal services. |
|
| 9 | +xuu is maintaining an [certificate authority](/services/Certificate-Authority) for internal services. |
|
| 10 | 10 | |
| 11 | 11 | zotan is maintaining an (experimental, but working) [ACME server](https://acme.dn42) (with accompanying CA), compatible with any LetsEncrypt client like Certbot, Dehydrated or Caddy. |
| 12 | 12 | |
| 13 | 13 | ## Network-related |
| 14 | - * See [[Looking Glasses|/services/Looking-Glasses]] for more network diagnostic tools |
|
| 14 | + * See [Looking Glasses](/services/Looking-Glasses) for more network diagnostic tools |
|
| 15 | 15 | * Realtime network map: [map.dn42](http://map.dn42/) (DN42) or [map42.0x7f.cc](https://map42.0x7f.cc) (IANA) _(Note: This is a direct copy of nixnodes map with some fixes and new functions since original map is no longer get maintained. This map is currently using MRT dump from GRC as source. We will pull new dumps from GRC every 15 minutes.)_ |
| 16 | 16 | * Network Information Service: [info.nia.dn42](http://info.nia.dn42) (DN42) or [bgp42.strexp.net](https://bgp42.strexp.net) (IANA). Main functions including _network information_, _network map (from map.dn42, require WebGL)_, _network ranking (based on centrality)_, _ROA alerting_ and _path finder_. |
| 17 | 17 | * Yet Another WIP network map: [map.jerry.dn42](https://map.jerry.dn42/) (via DN42) or [map.meson.cc](https://map.meson.cc) (via clearnet) _(uses MRT dump as source, updated every 30 minutes.)_ |
| ... | ... | @@ -101,7 +101,7 @@ Some [Advanced Direct Connect](https://en.wikipedia.org/wiki/Advanced_Direct_Con |
| 101 | 101 | |
| 102 | 102 | ### Tor |
| 103 | 103 | |
| 104 | -Entry points to the Tor network are available on dn42. See [[Tor|internal/services/Tor]] for more details. |
|
| 104 | +Entry points to the Tor network are available on dn42. See [Tor](/internal/services/Tor) for more details. |
|
| 105 | 105 | |
| 106 | 106 | ### Telegram |
| 107 | 107 |
services/DNS.md
| ... | ... | @@ -48,22 +48,22 @@ search dn42 |
| 48 | 48 | |
| 49 | 49 | There are multiple top level domains (TLDs) associated with DN42, its affiliated networks and for reverse DNS that must |
| 50 | 50 | be configured in order to run your own resolver. The registry is the authoritative source of active TLDs, but see also |
| 51 | -this page [[dns/External-DNS|/services/dns/External-DNS]] in the wiki. |
|
| 51 | +this page [dns/External-DNS](/services/dns/External-DNS) in the wiki. |
|
| 52 | 52 | |
| 53 | 53 | ### Split horizon DNS |
| 54 | 54 | |
| 55 | 55 | In this configuration, you run your own, caching resolver but forward DN42 related queries (with recursion bit set) |
| 56 | -to the anycast service. Example configurations for different recursor implementations are included in the [[dns/Configuration|/services/dns/Configuration]] page. |
|
| 56 | +to the anycast service. Example configurations for different recursor implementations are included in the [dns/Configuration](/services/dns/Configuration) page. |
|
| 57 | 57 | |
| 58 | 58 | ### Full recursion |
| 59 | 59 | |
| 60 | 60 | Authoritative DNS for DN42 is provided by the *.delegation-servers.dn42 servers, see the DNS architecture here |
| 61 | -[[New DNS|New-DNS]] Delegations servers have full support for DNSSEC. |
|
| 61 | +[New DNS](/New-DNS) Delegations servers have full support for DNSSEC. |
|
| 62 | 62 | |
| 63 | 63 | ## Further Information |
| 64 | 64 | |
| 65 | -* [[dns/Configuration|/services/dns/Configuration]] - Forwarder configuration examples |
|
| 66 | -* [[New DNS|New-DNS]] - current architecture |
|
| 67 | -* [[dns/External-DNS|/services/dns/External-DNS]] - external DNS zones from interconnected networks |
|
| 68 | -* [[Old Hierarchical DNS|Old-Hierarchical-DNS]] - deprecated |
|
| 69 | -* [[Original DNS (deprecated)|Original-DNS-(deprecated)]] - deprecated |
|
| 65 | +* [dns/Configuration](/services/dns/Configuration) - Forwarder configuration examples |
|
| 66 | +* [New DNS](/New-DNS) - current architecture |
|
| 67 | +* [dns/External-DNS](/services/dns/External-DNS) - external DNS zones from interconnected networks |
|
| 68 | +* [Old Hierarchical DNS](/Old-Hierarchical-DNS) - deprecated |
|
| 69 | +* [Original DNS (deprecated)](/Original-DNS-(deprecated)) - deprecated |
services/Distributed-Wiki.md
| ... | ... | @@ -1,5 +1,5 @@ |
| 1 | 1 | The idea is to deploy mirrors across dn42 using [anycast](https://en.wikipedia.org/wiki/Anycast) addressing (BGP), thus providing redundancy, load-balancing and improved access times to the wiki. Sites are powered by [gollum](https://github.com/gollum/gollum) which has no native SSL support, so Nginx acts as a reverse proxy and handles the encryption. |
| 2 | -The local webserver is monitored with a simple [[shell script|Distributed-Wiki#exabgp_watchdog-script]] working [[in conjunction|Distributed-Wiki#exabgp]] with [ExaBGP](https://github.com/Exa-Networks/exabgp), announcing/withdrawing the assigned route if the service is up/down. |
|
| 2 | +The local webserver is monitored with a simple [shell script](/Distributed-Wiki#exabgp_watchdog-script) working [in conjunction](/Distributed-Wiki#exabgp) with [ExaBGP](https://github.com/Exa-Networks/exabgp), announcing/withdrawing the assigned route if the service is up/down. |
|
| 3 | 3 | |
| 4 | 4 | ## Prerequisites |
| 5 | 5 |
services/New-DNS.md
| ... | ... | @@ -1,10 +1,10 @@ |
| 1 | -After frequent issues with the [[Old Hierarchical DNS|Old-Hierarchical-DNS]] system in early 2018, work has started to build a new and more reliable DNS system. The main goals are: |
|
| 1 | +After frequent issues with the [Old Hierarchical DNS](/Old-Hierarchical-DNS) system in early 2018, work has started to build a new and more reliable DNS system. The main goals are: |
|
| 2 | 2 | * Reliability and Consistency to avoid debugging very obscure issues that are also hard to reproduce. |
| 3 | 3 | * Low maintenance burden on operators. |
| 4 | 4 | * Proper DNSSEC support for everything. |
| 5 | 5 | |
| 6 | 6 | # End Users |
| 7 | -It is **strongly recommended** to run your own resolver for security and privacy reasons. Setting it up and maintaining it should be easy, see [[services/dns/Configuration|services/dns/Configuration]]. |
|
| 7 | +It is **strongly recommended** to run your own resolver for security and privacy reasons. Setting it up and maintaining it should be easy, see [services/dns/Configuration](/services/dns/Configuration). |
|
| 8 | 8 | |
| 9 | 9 | If running your own resolver is not possible or undesirable, you can choose one or more instances from [dns/recursive-servers.dn42 in the registry](https://git.dn42.us/dn42/registry/src/master/data/dns/recursive-servers.dn42). Please make sure you fully understand the consequences and fully trust these operators. |
| 10 | 10 | |
| ... | ... | @@ -25,9 +25,9 @@ These are simple authoritative servers for the dn42 zone, rDNS and a few DNS inf |
| 25 | 25 | These instances do not serve any clients. They poll the registry regularly and rebuild and resign (DNSSEC) the zones as needed. If any zone changes, all *.delegation-servers.dn42 instances are notified ([RFC1996](https://tools.ietf.org/html/rfc1996)) which then load the new zone data over AXFR ([RFC5936](https://tools.ietf.org/html/rfc5936)). The pool of masters is intentionally kept very small because of its much higher coordination needs and also the lacking support of a multi-master mode in many authoritative server implementations. The masters are only reachable over dedicated IPv6 assignments which are set up in a way that any master operator can hijack the address of a problematic master without having to wait for its operator to fix something. |
| 26 | 26 | |
| 27 | 27 | # Running your own instances |
| 28 | -* If you want to run your own instances, make sure you are subscribed to the [[mailinglist|/contact]]. It is also strongly recommended to join #dn42-dns@hackint. All changes are announced to the mailinglist but IRC makes debugging sessions much easier. |
|
| 28 | +* If you want to run your own instances, make sure you are subscribed to the [mailinglist](/contact). It is also strongly recommended to join #dn42-dns@hackint. All changes are announced to the mailinglist but IRC makes debugging sessions much easier. |
|
| 29 | 29 | * Choose the implementation(s) you want to use. It should support at least AXFR+NOTIFY (*.delegation-servers.dn42) or DNSSEC (*.recursive-servers.dn42). |
| 30 | -* Check if [[TODO|TODO]] already has configuration snippets for your implementation. |
|
| 30 | +* Check if [TODO](/TODO) already has configuration snippets for your implementation. |
|
| 31 | 31 | * If yes, download it from there and include it in the main configuration. |
| 32 | 32 | * If not, then join us in #dn42-dns@hackint so we can add it together. |
| 33 | 33 | * Verify that everything works: |
| ... | ... | @@ -47,6 +47,6 @@ The set of valid KSKs can be found in the registry. |
| 47 | 47 | |
| 48 | 48 | # See also |
| 49 | 49 | |
| 50 | -* [[DNS Quick Start|DNS]] |
|
| 51 | -* [[Old Hierarchical DNS|Old-Hierarchical-DNS]] |
|
| 52 | -* [[Original DNS (deprecated)|Original-DNS-(deprecated)]] |
|
| ... | ... | \ No newline at end of file |
| 0 | +* [DNS Quick Start](/DNS) |
|
| 1 | +* [Old Hierarchical DNS](/Old-Hierarchical-DNS) |
|
| 2 | +* [Original DNS (deprecated)](/Original-DNS-(deprecated)) |
|
| ... | ... | \ No newline at end of file |
services/Old-Hierarchical-DNS.md
| ... | ... | @@ -1,4 +1,4 @@ |
| 1 | -This information is now **deprecated**. Please check [[New DNS]] for the current architecture. |
|
| 1 | +This information is now **deprecated**. Please check [New DNS](/New DNS) for the current architecture. |
|
| 2 | 2 | |
| 3 | 3 | *** |
| 4 | 4 |
services/Original-DNS-(deprecated).md
| ... | ... | @@ -1,11 +1,11 @@ |
| 1 | 1 | # Original DNS (deprecated) |
| 2 | -This information is now **deprecated**. Please check [[New DNS]] for the current architecture. |
|
| 2 | +This information is now **deprecated**. Please check [New DNS](/New DNS) for the current architecture. |
|
| 3 | 3 | |
| 4 | 4 | *** |
| 5 | 5 | |
| 6 | 6 | *(tl;dr)* We have a TLD for dn42, which is `.dn42`. The anycast resolver for `.dn42` runs on `172.20.0.53` and `fd42:d42:d42:54::1`. |
| 7 | 7 | |
| 8 | -**DNS is build from [[whois database|services/Whois]]. So please edit your DNS-records there.** |
|
| 8 | +**DNS is build from [whois database](/services/Whois). So please edit your DNS-records there.** |
|
| 9 | 9 | |
| 10 | 10 | ## Using the DNS service |
| 11 | 11 | |
| ... | ... | @@ -19,11 +19,11 @@ To do this, just use `172.20.0.53` or `fd42:d42:d42:54::1` as your resolver, for |
| 19 | 19 | |
| 20 | 20 | ### Forwarding `.dn42` queries to the anycast resolver |
| 21 | 21 | |
| 22 | -If you run your own resolver (`unbound`, `dnsmasq`, `bind`), you can configure it to forward dn42 queries to the anycast DNS resolver. See [[DNS forwarder configuration|services/dns/Configuration]]. |
|
| 22 | +If you run your own resolver (`unbound`, `dnsmasq`, `bind`), you can configure it to forward dn42 queries to the anycast DNS resolver. See [DNS forwarder configuration](/services/dns/Configuration). |
|
| 23 | 23 | |
| 24 | 24 | ### Recursive resolver |
| 25 | 25 | |
| 26 | -You may also want to configure your resolver to recursively resolve dn42 domains. For this, you need to find authoritative DNS servers for the `dn42` zone (and for the reverse zones). See [[services/dns/Recursive DNS resolver]]. |
|
| 26 | +You may also want to configure your resolver to recursively resolve dn42 domains. For this, you need to find authoritative DNS servers for the `dn42` zone (and for the reverse zones). See [services/dns/Recursive DNS resolver](/services/dns/Recursive DNS resolver). |
|
| 27 | 27 | |
| 28 | 28 | ### Building the dn42 zones from the registry |
| 29 | 29 | |
| ... | ... | @@ -31,16 +31,16 @@ Finally, you may want to host your own authoritative DNS server for the `dn42` z |
| 31 | 31 | |
| 32 | 32 | ## Register a `.dn42` domain name |
| 33 | 33 | |
| 34 | -The root zone for `dn42.` is built from the [[whois registry|services/Whois]]. If you want to register a domain name, you need to add it to the registry (of course, you also need one or two authoritative nameservers). |
|
| 34 | +The root zone for `dn42.` is built from the [whois registry](/services/Whois). If you want to register a domain name, you need to add it to the registry (of course, you also need one or two authoritative nameservers). |
|
| 35 | 35 | |
| 36 | 36 | ## DNS services for other networks |
| 37 | 37 | |
| 38 | -Other networks are interconnected with dn42 (ChaosVPN, Freifunk, etc). Some of them also provide DNS service, you can configure your resolver to use it. See [[External DNS]]. |
|
| 38 | +Other networks are interconnected with dn42 (ChaosVPN, Freifunk, etc). Some of them also provide DNS service, you can configure your resolver to use it. See [External DNS](/External DNS). |
|
| 39 | 39 | |
| 40 | 40 | ## Providing DNS services |
| 41 | 41 | |
| 42 | -See [[Providing Anycast DNS]]. |
|
| 42 | +See [Providing Anycast DNS](/Providing Anycast DNS). |
|
| 43 | 43 | |
| 44 | -## [[Old Hierarchical DNS]] |
|
| 44 | +## [Old Hierarchical DNS](/Old Hierarchical DNS) |
|
| 45 | 45 | |
| 46 | 46 | This is a new effort to build a DNS system that mirrors how DNS was designed to work in clearnet. |
| ... | ... | \ No newline at end of file |
services/Route-Collector.md
| ... | ... | @@ -4,7 +4,7 @@ The Global Route Collector (GRC) provides a real time view of routing and peerin |
| 4 | 4 | |
| 5 | 5 | Technically the GRC is a [bird](https://bird.network.cz/) instance that anyone can peer with, it imports all routes whilst exporting none and provides a number of interfaces for querying the route data. |
| 6 | 6 | |
| 7 | -Data from the GRC is used to generate some of the DN42 Maps (see the [[Internal Services|/internal/Internal-Services]] page). |
|
| 7 | +Data from the GRC is used to generate some of the DN42 Maps (see the [Internal Services](/internal/Internal-Services) page). |
|
| 8 | 8 | |
| 9 | 9 | ## Peering with the collector |
| 10 | 10 |
services/Whois.md
| ... | ... | @@ -32,7 +32,7 @@ Note that currently, most AS are using one of the legacy ASN range (and will pro |
| 32 | 32 | |
| 33 | 33 | ## DNS zones |
| 34 | 34 | |
| 35 | -dn42 uses the `dn42.` TLD, which is not present in the root DNS zone of the ICANN-net. For details, see [[DNS]]. |
|
| 35 | +dn42 uses the `dn42.` TLD, which is not present in the root DNS zone of the ICANN-net. For details, see [DNS](/DNS). |
|
| 36 | 36 | |
| 37 | 37 | Note that other TLDs should also be usable from dn42, most notably from Freifunk and ChaosVPN. A tentative list is available at [External DNS](/services/dns/External-DNS). |
| 38 | 38 | |
| ... | ... | @@ -75,7 +75,7 @@ The idea comes from the guys at cymru.com, who provide this service for the Inte |
| 75 | 75 | |
| 76 | 76 | # Software |
| 77 | 77 | |
| 78 | - * [[lglass|internal/lglass]] is a python implementation for working with the registry. It features a whois server, tools to manipulate the data (DNS zone generation, etc). |
|
| 78 | + * [lglass](/internal/lglass) is a python implementation for working with the registry. It features a whois server, tools to manipulate the data (DNS zone generation, etc). |
|
| 79 | 79 | * [whois42d](https://github.com/dn42/whois42d) written in golang, lightweight/fast, whois server with support for all registry objects, type filtering and systemd socket activation. |
| 80 | 80 | |
| 81 | 81 | # Whois daemons |
services/dns/External-DNS.md
| ... | ... | @@ -31,4 +31,4 @@ NeoNetwork zone files can be found here: https://github.com/NeoCloud/NeoNetwork/ |
| 31 | 31 | |
| 32 | 32 | ## Configuration |
| 33 | 33 | |
| 34 | -See [[DNS forwarding configuration|/services/dns/Configuration]]. |
|
| ... | ... | \ No newline at end of file |
| 0 | +See [DNS forwarding configuration](/services/dns/Configuration). |
|
| ... | ... | \ No newline at end of file |
services/dns/Providing-Anycast-DNS.md
| ... | ... | @@ -10,7 +10,7 @@ Configuration requirements for all members of the anycast group are: |
| 10 | 10 | * listen on a unicast IP too for testing/debugging reasons |
| 11 | 11 | * with bind, please use ```minimal-responses yes;``` (goes into ```options```/```view```) |
| 12 | 12 | |
| 13 | -It is _really_ good to hang around in [[IRC]] to get things sorted out, if something doesn't work. Letting some people test your DNS behavior before joining the anycast-group is considered best practice - better safe than sorry. |
|
| 13 | +It is _really_ good to hang around in [IRC](/IRC) to get things sorted out, if something doesn't work. Letting some people test your DNS behavior before joining the anycast-group is considered best practice - better safe than sorry. |
|
| 14 | 14 | |
| 15 | 15 | * **IP:** 172.23.0.53 |
| 16 | 16 | * **Announciation Subnet:** 172.23.0.53/32 |
services/dns/Recursive-DNS-resolver.md
| ... | ... | @@ -1,6 +1,6 @@ |
| 1 | 1 | If you want to run your own recursive DNS server, you must find upstream servers that are authoritative for the dn42 zones. |
| 2 | 2 | |
| 3 | -You may use some servers listed in the [[table of anycast servers|Providing-Anycast-DNS#Persons-providing-anycast-DNS]], or just use `172.22.119.160` and `172.22.119.163` (ns{1,2}.fritz.dn42). |
|
| 3 | +You may use some servers listed in the [table of anycast servers](/Providing-Anycast-DNS#Persons-providing-anycast-DNS), or just use `172.22.119.160` and `172.22.119.163` (ns{1,2}.fritz.dn42). |
|
| 4 | 4 | |
| 5 | 5 | ## Configuration |
| 6 | 6 |