From tobias.fiebig at wouldyoubuythis.net Sat Jan 2 20:26:26 2010 From: tobias.fiebig at wouldyoubuythis.net (Tobias Fiebig) Date: Sat, 2 Jan 2010 20:26:26 +0100 Subject: [dn42] Remote IP Change for AS64632 Message-ID: <20100102192625.GA7188@mail.wouldyoubuythis.net> Dear DN42, please change the openvpn-remote-settings for your openvpn-tunnels to AS64632. 85.10.218.187 becomes bgp.wouldyoubuythis.net 85.10.218.188 becomes bgp2.wouldyoubuythis.net The following peering-AS are concerned with this problem: AS64608 AS64616 AS64626 AS64641 AS64657 AS64658 AS64659 AS64662 AS64664 AS64666 AS64822 AS64823 AS64825 AS64828 AS64692 AS64680 With best regards, Tobias From tobias.fiebig at wouldyoubuythis.net Sat Jan 2 21:32:00 2010 From: tobias.fiebig at wouldyoubuythis.net (Tobias Fiebig) Date: Sat, 2 Jan 2010 21:32:00 +0100 Subject: [dn42] Remote IP Change for AS64632 In-Reply-To: <20100102192625.GA7188@mail.wouldyoubuythis.net> References: <20100102192625.GA7188@mail.wouldyoubuythis.net> Message-ID: <20100102203159.GA7274@mail.wouldyoubuythis.net> Hi, > 85.10.218.187 becomes bgp.wouldyoubuythis.net > 85.10.218.188 becomes bgp2.wouldyoubuythis.net As i got some questions concerning this: 85.10.218.187 is the old ip of bgp.wouldyoubuythis.net, 85.10.218.188 is the old ip of bgp2.wouldyoubuythis.net. so: if your CURRENT remote-setting looks like this: remote 85.10.218.187 change it to: remote bgp.wouldyoubuythis.net if you CURRENT remote-setting looks like this: remote 85.10.218.188 change it to: remote bgp2.wouldyoubuythis.net if your CURRENT remote-setting looks like this: remote bgp.wouldyoubuythis.net or this: remote bgp2.wouldyoubuythis.net You don't have to do anything! With best regards, Tobias From hostmaster at taunusstein.net Sat Jan 2 23:00:40 2010 From: hostmaster at taunusstein.net (Christian Felsing) Date: Sat, 02 Jan 2010 23:00:40 +0100 Subject: [dn42] Neu hier Message-ID: <4B3FC208.4040309@taunusstein.net> Hallo, ich bin neu hier und w?rde gerne bei dem Projekt mitmachen. Wer vergibt eigentlich die Netze, oder kann man sich einfach einen freien Netzblock (http://dn42.net/trac/wiki/IPv4Topologie) nehmen ? * A computer that runs 24/7 and want to be or is a router. ==> W?ren 2 Server, mit "ausreichender" Anbindung * GRE or SIT for tunnel ==> GRE w?rde ich bevorzugen * quagga (preferably 0.99.x) or OpenBGPD as routingsuite for BGP ==> Evtl. w?re da noch ein etwas angestaubter Cisco Cat6509 mit Routing Engine1. Auf den o.g. Servern l?uft bereits Quagga. * A internet connection ==> Klar, sonst klappt das mit den Tunnel nicht so ;-) * Netnumber o Your AS number is: 64600+n o Your own network is: 172.22.n.0/24 ==> n=? * one or two first tunnel peers ==> Gibt es da auch so einen *CIX oder peert da jeder mit Jedem ? Werden bei BGP Route Reflectors oder Confederations bevorzugt ? Viele Gr??e Christian From jchome at jc-ix.net Sat Jan 2 23:28:20 2010 From: jchome at jc-ix.net (Frederic Jaeckel) Date: Sat, 2 Jan 2010 23:28:20 +0100 Subject: [dn42] Neu hier In-Reply-To: <4B3FC208.4040309@taunusstein.net> References: <4B3FC208.4040309@taunusstein.net> Message-ID: <20100102232820.48e82531@jc-ix.net> Moin moin, On Sat, 02 Jan 2010 23:00:40 +0100 Christian Felsing wrote: > Hallo, > > ich bin neu hier und w?rde gerne bei dem Projekt mitmachen. Wer > vergibt eigentlich die Netze, oder kann man sich einfach einen freien > Netzblock (http://dn42.net/trac/wiki/IPv4Topologie) nehmen ? Generell kannst du dir einfach ein Netz nehmen.. preferable aus 172.22.0.0/16.. Es sollte im Wiki als unused angegeben sein und dein Nick danach dann mit "building" oder so drin stehen. Eine registry wird grad aufgebaut, daher ist das Wiki die Datenbasis. > * quagga (preferably 0.99.x) or OpenBGPD as routingsuite for BGP > ==> Evtl. w?re da noch ein etwas angestaubter Cisco Cat6509 mit > Routing Engine1. Auf den o.g. Servern l?uft bereits Quagga. Quagga sollte es tun.. da es momentan auf ~70 prefixes rauslaeuft, waer die 6509 vollkommen oversized.. traffice laeuft momentan auch nicht auf >20KB/s raus, es sei denn du hast nun einen unschlagbar coolen service entdeckt, den du bereitstellen moechtest. :) Ansonsten rechtfertigt der Stromverbrauch der cisco nichtmal ansatzweise dem Traffic des dn42. ;)) Wenn du natuerlich andere Leute gern mal testen lassen wollen wuerdest, wie ein 6509 sich anfuehlt, bist du gern angehalten das hier zu announcen. :) > * A internet connection > ==> Klar, sonst klappt das mit den Tunnel nicht so ;-) > * Netnumber > o Your AS number is: 64600+n > o Your own network is: 172.22.n.0/24 > ==> n=? Das ergibt sich aus dem Netz das du dir ausgesucht hast. Falls du 172.22.142.0/25 nehmen solltes, waere dein AS 64600+142 = 64742 > ==> Gibt es da auch so einen *CIX oder peert da jeder mit Jedem ? > Werden bei BGP Route Reflectors oder Confederations bevorzugt ? Es gibt ein paar, die geben ein wenig mehr Transit als andere, bevorzugt Leute mit dickeren Leitungen als DSL oder 10Mbit und in der Regel sollte es auch reichen mit denen zu peeren. Um das Routing interessanter zu machen, ist es natuerlich auch moeglich mit allen anderen zu peeren. ;) Bei uns wird gar nichts bevorzugt, du kannst peeren womit du moechtest, mit wem du moechtest, wann du moechtest. Stoert jemanden etwas, meldet derjenige sich bei dir schon, depeered dich oder filtert dich. :) Fuer mehr infos, gern nachfragen.. fuer ein erstes Peering stell ich mich gern zur Verfuegung.. einfach mal im jabber MUC nachfragen oder mich offlist kontaktieren (am liebsten mit PGPKey 0xF5A02314) Gruss, Frederic 'jchome' Jaeckel -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: not available URL: From hostmaster at taunusstein.net Sun Jan 3 08:29:30 2010 From: hostmaster at taunusstein.net (Christian Felsing) Date: Sun, 03 Jan 2010 08:29:30 +0100 Subject: [dn42] Neu hier In-Reply-To: <20100102232820.48e82531@jc-ix.net> References: <4B3FC208.4040309@taunusstein.net> <20100102232820.48e82531@jc-ix.net> Message-ID: <4B40475A.2010504@taunusstein.net> Hi, vielen Dank f?r die ausf?hrliche Info. Zun?chst wird es also erstmal ein normaler Server werden. Die Struktur der verwendeten IPv6 ist mir noch nicht so ganz klar geworden, w?rde etwas dagegen sprechen, einfach meine alte Join Allocation 3ffe:400:9a0::/48 zu verwenden ? Falls Bedarf besteht, kann ich den alten Cat6509 wieder in Betrieb nehmen, falls jemand Rackspace frei hat, k?nnte man ja einen DN42Cix damit aufbauen ;-) Viele Gr??e Christian Frederic Jaeckel schrieb: > Quagga sollte es tun.. da es momentan auf ~70 prefixes rauslaeuft, waer > die 6509 vollkommen oversized.. traffice laeuft momentan auch nicht From hostmaster at taunusstein.net Sun Jan 3 08:30:46 2010 From: hostmaster at taunusstein.net (Christian Felsing) Date: Sun, 03 Jan 2010 08:30:46 +0100 Subject: [dn42] Peering-Request Message-ID: <4B4047A6.2070905@taunusstein.net> Hallo, ich war mal so frei, mir das Netz 172.22.142.0/25 zu nehmen sowie das AS64742, im Wiki habe ich das gleich auch mal so eingetragen. IPv6 kommt noch... BGP ist vorbereitet: router bgp 64742 view dn42 und Peergroup ist eingerichtet. Viele Gr??e Christian From tobias at linuxdingsda.de Sun Jan 3 13:52:00 2010 From: tobias at linuxdingsda.de (Tobias Winter) Date: Sun, 03 Jan 2010 13:52:00 +0100 Subject: [dn42] Remote IP Change for AS64632 In-Reply-To: <20100102192625.GA7188@mail.wouldyoubuythis.net> References: <20100102192625.GA7188@mail.wouldyoubuythis.net> Message-ID: <4B4092F0.8000901@linuxdingsda.de> done. -- wintix -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 261 bytes Desc: OpenPGP digital signature URL: From sherkenh at uos.de Sun Jan 3 23:40:59 2010 From: sherkenh at uos.de (Simon Herkenhoff) Date: Sun, 3 Jan 2010 23:40:59 +0100 Subject: [dn42] Remote IP Change for AS64632 In-Reply-To: <2529_1262460463_o02JRf1a003052_20100102192625.GA7188@mail.wouldyoubuythis.net> References: <2529_1262460463_o02JRf1a003052_20100102192625.GA7188@mail.wouldyoubuythis.net> Message-ID: <20100103224059.GH1817@parsec9> > AS64664 done. -- _ | sherkenh at uos.de ASCII ribbon campaign ( ) | simon herkenhoff - against HTML email X | http://parsec9.org & vCards / \ | From equinox at diac24.net Mon Jan 4 07:03:34 2010 From: equinox at diac24.net (David L.) Date: Mon, 04 Jan 2010 07:03:34 +0100 Subject: [dn42] Neu hier In-Reply-To: <4B40475A.2010504@taunusstein.net> References: <4B3FC208.4040309@taunusstein.net> <20100102232820.48e82531@jc-ix.net> <4B40475A.2010504@taunusstein.net> Message-ID: <1262585014.8390.11.camel@arkology.n2.diac24.net> Am Sonntag, den 03.01.2010, 08:29 +0100 schrieb Christian Felsing: > Die Struktur der verwendeten IPv6 ist mir noch nicht so ganz klar > geworden, w?rde etwas dagegen sprechen, einfach meine alte Join > Allocation 3ffe:400:9a0::/48 zu verwenden ? Hm. Ja, es spricht dagegen dass das IPv6-routing im dn42 nicht einheitlich ist; die akzeptierten Prefixes variieren sehr stark von AS zu AS. Im besonderen verlassen IPv6-Pakete auch wenn das Ziel im dn42 liegt doch gerne mal das dn42 und nehmen den Umweg ?ber das In6ternet. Es ist am sinnvollsten wenn du entweder bei irgendeinem Tunnelprovider (HEnet, SixXS) ein Pr?fix registrierst oder du wartest bis wir f?r dn42 eine RIPE-Allokation haben (ist in Arbeit). > Falls Bedarf besteht, kann ich den alten Cat6509 wieder in Betrieb > nehmen, falls jemand Rackspace frei hat, k?nnte man ja einen DN42Cix > damit aufbauen ;-) Das w?re cool, aber wir br?uchten dann Verbindungen zu diesem Rack ;) Zu Route Reflector / Confederations: keine der beiden Techniken ist im dn42 anwendbar. Route Reflectoren sind f?r iBGP only; Confederations bauen ein "eiBGP" auf welches interessante Eigenschaften hat [unmodified nexthops] und die f?r dn42 nicht sinnvoll sind. Was man br?uchte w?re ein AEGP (Autodiscovering/Automatic Exterior Gateway Protocol), aber das gibt es afaik nicht. (hehe... LLMBGP... link-local multicast border gateway protocol *tr?um*) -equi -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part URL: From hostmaster at taunusstein.net Mon Jan 4 12:24:08 2010 From: hostmaster at taunusstein.net (Christian Felsing) Date: Mon, 04 Jan 2010 12:24:08 +0100 Subject: [dn42] Neu hier In-Reply-To: <1262585014.8390.11.camel@arkology.n2.diac24.net> References: <4B3FC208.4040309@taunusstein.net> <20100102232820.48e82531@jc-ix.net> <4B40475A.2010504@taunusstein.net> <1262585014.8390.11.camel@arkology.n2.diac24.net> Message-ID: <4B41CFD8.7070806@taunusstein.net> David L. schrieb: > Es ist am sinnvollsten wenn du entweder bei irgendeinem Tunnelprovider > (HEnet, SixXS) ein Pr?fix registrierst oder du wartest bis wir f?r dn42 > eine RIPE-Allokation haben (ist in Arbeit). Dann warte ich mit IPv6 in dn42 noch so lange, bis ein eigenes RIPE Netz da ist. Ich m?chte mein eigenes IPv6 Routing nicht mit den dn42 Netzen vermischen, dn42 l?uft bei mir in einem eigenen VRF. > Das w?re cool, aber wir br?uchten dann Verbindungen zu diesem Rack ;) Das Rack m?sste bei einem ISP mit besagter Verbindung sein. In diesem Fall w?rde ich das Teil als "dn42CIX" zur Verf?gung stellen... > Was man br?uchte w?re ein AEGP (Autodiscovering/Automatic Exterior > Gateway Protocol), aber das gibt es afaik nicht. (hehe... LLMBGP... > link-local multicast border gateway protocol *tr?um*) Ist schon klar, aber ich meinte das eher im Zusammenhang mit "best practises" in dn42, falls einer mehrere Nodes hat, aber nur ein AS f?hrt, was IMHO in diesem Fall durchaus sinnvoll ist. Sollte sich jemand finden, der mit mir ein initial Peering machen will, dann m?chte ich nach erfolgreicher Inbetriebnahme des ersten Nodes noch weitere Nodes einbinden. Diese Nodes sollen im gleichen AS sein sein. Viele Gr??e und ein gutes neues Jahr 2010 Christian From fabian at datensalat.eu Mon Jan 4 13:19:57 2010 From: fabian at datensalat.eu (Fabian Fingerle) Date: Mon, 4 Jan 2010 13:19:57 +0100 Subject: [dn42] Remote IP Change for AS64632 In-Reply-To: <20100102192625.GA7188@mail.wouldyoubuythis.net> References: <20100102192625.GA7188@mail.wouldyoubuythis.net> Message-ID: <201001041320.01531.fabian@datensalat.eu> Hi, Am Samstag 02 Januar 2010 20:26:26 schrieb Tobias Fiebig: > please change the openvpn-remote-settings for your openvpn-tunnels > to AS64632. > The following peering-AS are concerned with this problem: > AS64608 done; Yours Fabian 'otih' -------------- n?chster Teil -------------- Ein Dateianhang mit Bin?rdaten wurde abgetrennt... Dateiname : nicht verf?gbar Dateityp : application/pgp-signature Dateigr??e : 198 bytes Beschreibung: This is a digitally signed message part. URL : From tobias at linuxdingsda.de Mon Jan 4 17:57:47 2010 From: tobias at linuxdingsda.de (Tobias Winter) Date: Mon, 04 Jan 2010 17:57:47 +0100 Subject: [dn42] Neu hier In-Reply-To: <4B3FC208.4040309@taunusstein.net> References: <4B3FC208.4040309@taunusstein.net> Message-ID: <4B421E0B.7020409@linuxdingsda.de> Solltest du noch einen initial-peer brauchen, hit me in jabber. wintix at jabber.ccc.de -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 261 bytes Desc: OpenPGP digital signature URL: From argv at 1o111.de Mon Jan 4 20:05:54 2010 From: argv at 1o111.de (argv) Date: Mon, 04 Jan 2010 20:05:54 +0100 Subject: [dn42] AS64651 REQ BGP-filter update for 83.133.178.0/23 Message-ID: Moin dn42, we want to peer the kapsel network (83.133.178.0/23) directly. Best regards, argv From tobias.fiebig at wouldyoubuythis.net Mon Jan 4 20:18:14 2010 From: tobias.fiebig at wouldyoubuythis.net (Tobias Fiebig) Date: Mon, 4 Jan 2010 20:18:14 +0100 Subject: [dn42] AS64651 REQ BGP-filter update for 83.133.178.0/23 In-Reply-To: References: Message-ID: <20100104191814.GA5161@mail.wouldyoubuythis.net> Moin, > we want to peer the kapsel network (83.133.178.0/23) directly. Update done, req. direct peering. With best regards, Tobias From hostmaster at taunusstein.net Tue Jan 5 15:41:28 2010 From: hostmaster at taunusstein.net (Christian Felsing) Date: Tue, 05 Jan 2010 15:41:28 +0100 Subject: [dn42] Neu hier In-Reply-To: <4B421E0B.7020409@linuxdingsda.de> References: <4B3FC208.4040309@taunusstein.net> <4B421E0B.7020409@linuxdingsda.de> Message-ID: <4B434F98.3070902@taunusstein.net> ein erstes Peering brauche ich noch.. Viele Gr??e Christian Tobias Winter schrieb: > Solltest du noch einen initial-peer brauchen, hit me in jabber. > wintix at jabber.ccc.de > > > > ------------------------------------------------------------------------ > > _______________________________________________ > dn42 mailing list > dn42 at lists.spaceboyz.net > http://lists.spaceboyz.net/mailman/listinfo/dn42 From schrodinger at konundrum.org Tue Jan 5 16:06:19 2010 From: schrodinger at konundrum.org (Schrodinger) Date: Tue, 5 Jan 2010 15:06:19 +0000 Subject: [dn42] 26c3 Plans Message-ID: <20100105150619.GA69494@purplehaze.kerna.ie> Hi, If somebody doesn't mind could they send me an English summary of what happened at 26c3, what was agreed on, who is doing what and any work left out standing for someone else to take responsibility for or help with. I've done as much translating as I can but I'm definitely mixing up words. Cheers, Conor. -- +---------------------------------------------------------------+ It was a new day yesterday, but it's an old day now. ICQ: 112562229 GPG: http://www.konundrum.org/schro.asc -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 196 bytes Desc: not available URL: From tobias at linuxdingsda.de Tue Jan 5 16:07:19 2010 From: tobias at linuxdingsda.de (Tobias Winter) Date: Tue, 05 Jan 2010 16:07:19 +0100 Subject: [dn42] Neu hier In-Reply-To: <4B434F98.3070902@taunusstein.net> References: <4B3FC208.4040309@taunusstein.net> <4B421E0B.7020409@linuxdingsda.de> <4B434F98.3070902@taunusstein.net> Message-ID: <4B4355A7.3020904@linuxdingsda.de> naja, dann. auf, jabber. :) ich glaube du wolltest mich vorhin mal adden, ich wusste aber nix damit anzufangen. erst anschreiben, dann adden ist die sinnvollere reihenfolge ;) Christian Felsing wrote: > ein erstes Peering brauche ich noch.. > > Viele Gr??e > Christian > > Tobias Winter schrieb: >> Solltest du noch einen initial-peer brauchen, hit me in jabber. >> wintix at jabber.ccc.de >> >> >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> dn42 mailing list >> dn42 at lists.spaceboyz.net >> http://lists.spaceboyz.net/mailman/listinfo/dn42 > > > _______________________________________________ > dn42 mailing list > dn42 at lists.spaceboyz.net > http://lists.spaceboyz.net/mailman/listinfo/dn42 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 260 bytes Desc: OpenPGP digital signature URL: From schrodinger at konundrum.org Tue Jan 5 22:48:57 2010 From: schrodinger at konundrum.org (Schrodinger) Date: Tue, 5 Jan 2010 21:48:57 +0000 Subject: [dn42] Wiki Message-ID: <20100105214857.GA11413@defiant.hyperion.xnet> Can whoever admins the wiki (dn42.net) get back to me. I reset the password to my account, thanks whisky, and after resetting it I can no longer login. It is this problem here: http://trac-hacks.org/ticket/3233 I need to update the wiki to show that I plan to use 172.22.253.0/25 as a transfer-net. I am currently peering with AS 64822 and AS 64822 using the start of this transfer net. Thanks, Conor. -- +---------------------------------------------------------------+ It was a new day yesterday, but it's an old day now. MSN: schro5 at hotmail.com ICQ: 112562229 GPG: http://www.konundrum.org/schro.asc -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 195 bytes Desc: not available URL: From alief at inet0.net Wed Jan 6 17:12:57 2010 From: alief at inet0.net (Alief Nugraha) Date: Wed, 6 Jan 2010 23:12:57 +0700 Subject: [dn42] How to join dn42 net Message-ID: <9948ac751001060812h19c4d27akf2024f49e55f8a4f@mail.gmail.com> Hi all, I'm a university student/researcher from Indonesia. Currently my university has STM-1 link to TEIN3 research and education network. What's the requirement to join dn42 network? How can i find my "initial peer"? Thanks for your attention. From alief at inet0.net Wed Jan 6 17:14:50 2010 From: alief at inet0.net (Alief Nugraha) Date: Wed, 6 Jan 2010 23:14:50 +0700 Subject: [dn42] 26c3 Plans In-Reply-To: <20100105150619.GA69494@purplehaze.kerna.ie> References: <20100105150619.GA69494@purplehaze.kerna.ie> Message-ID: <9948ac751001060814qd9643cnb7ede9043abb49d9@mail.gmail.com> On Tue, Jan 5, 2010 at 10:06 PM, Schrodinger wrote: > Hi, > > If somebody doesn't mind could they send me an English summary of what > happened at 26c3, what was agreed on, who is doing what and any work left > out standing for someone else to take responsibility for or help with. > > I've done as much translating as I can but I'm definitely mixing up > words. > AFAIK, you can download the presentation here: http://events.ccc.de/congress/2009/Fahrplan/events/3504.en.html From tobias at linuxdingsda.de Wed Jan 6 17:24:56 2010 From: tobias at linuxdingsda.de (Tobias Winter) Date: Wed, 06 Jan 2010 17:24:56 +0100 Subject: [dn42] How to join dn42 net In-Reply-To: <9948ac751001060812h19c4d27akf2024f49e55f8a4f@mail.gmail.com> References: <9948ac751001060812h19c4d27akf2024f49e55f8a4f@mail.gmail.com> Message-ID: <4B44B958.5080808@linuxdingsda.de> Hi, > I'm a university student/researcher from Indonesia. Currently my > university has STM-1 link to TEIN3 research and education network. > What's the requirement to join dn42 network? How can i find my "initial peer"? There are by design no requirements other than internet connectivity and one or two initial peerings. I (AS64822 and AS64823) will gladly offer you peering. Just contact me via jabber at wintix at jabber.ccc.de and I will guide you through the initial steps. Also, join the jabber multi user chat at dn42 at conference.cyb0rg.org as there are quite some people hanging out who are deeply involved in the dn42 network. - Of course there is also the benefit of getting answers quite fast and finding additional peers is also quite simple. -- wintix -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 261 bytes Desc: OpenPGP digital signature URL: From tobias at linuxdingsda.de Fri Jan 8 15:41:25 2010 From: tobias at linuxdingsda.de (Tobias Winter) Date: Fri, 08 Jan 2010 15:41:25 +0100 Subject: [dn42] Anycast DNS experiment. DEFILTER REQUEST. Message-ID: <4B474415.7000403@linuxdingsda.de> Dear fellow dn42 participants, we are currently trying to set up a working dns infrastructure to gather some experience in running a decentralised dn42-hacker-proof dns infrastructure. When the registry[tm] will be there, the plan is to basically get the - by then hopefully existing - dns setup to honor the registry and adopt it accordingly. At the moment the list of dns zones is maintained in the wiki in a low-tech kind of way. Have a look at: http://dn42.net/trac/wiki/DNS For the ANYCAST DNS server we got an allocation of 172.22.0.53/32, so please update your filter lists accordingly and give it a try. The servers should provide 22.172.in-addr.arpa as well as .dn42 You can e.g. try resolving 172.22.222.1 or gw.crest.dn42 An example defiltering prefix-list entry would be: ip prefix-list vpn-in seq 11 permit 172.22.0.53/32 If you would like to take part in the DNS experiment/project, please add your zones to the wiki and allow some time to get it adopted to the dns servers. For that you need a dns server. For running your own anycast dns-server, please joing the jabber multi user conference at dn42 at conference.cyb0rg.org or the irc channel in hackint for debugging and coordinating purposes. I will sum up the technical point of view in the evening, however if you have any questions, feel free to ask them here or - again - join the jabber conference which makes for more real-time discussions. Please note, the preferred language for irc and jabber - heck even the mailinglist should be English, as we are attracting more and more English-only-speakers. -- wintix -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 261 bytes Desc: OpenPGP digital signature URL: From jchome at jc-ix.net Fri Jan 8 21:44:21 2010 From: jchome at jc-ix.net (Frederic Jaeckel) Date: Fri, 8 Jan 2010 21:44:21 +0100 Subject: [dn42] AS64651 REQ BGP-filter update for 83.133.178.0/23 In-Reply-To: References: Message-ID: <20100108214421.05485159@jc-ix.net> On Mon, 04 Jan 2010 20:05:54 +0100 argv wrote: > we want to peer the kapsel network (83.133.178.0/23) directly. updated filter. regards, jc -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: not available URL: From alexander at klink.name Sat Jan 9 12:57:52 2010 From: alexander at klink.name (Alexander Klink) Date: Sat, 9 Jan 2010 12:57:52 +0100 Subject: [dn42] quick and dirty whois server Message-ID: <20100109115738.GB22131@summer.dach-wg.de> Hi everyone, Having listened to the darknet talk at 26C3, I heard the complaints about not having a whois server and having to look up IP addresses in the Wiki. I've hacked together a quick whois server that solves this problem by bridging the Wiki to whois. I've since learned that there will be (is?) a ?real? one which takes its data from the upcoming registry. FWIW, I am running it now because I assume it can be helpful until the registry is implemented. You can use it at 172.22.150.2, it eats anything that is parseable by Ruby's NetAddr::CIDR (so basically, IP addresses and ranges in various formats). If you're interested, the source is at http://git.alech.de/?p=dn42_whois.git Cheers, alech -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: From tobias at linuxdingsda.de Sat Jan 9 14:48:25 2010 From: tobias at linuxdingsda.de (Tobias Winter) Date: Sat, 09 Jan 2010 14:48:25 +0100 Subject: [dn42] quick and dirty whois server In-Reply-To: <20100109115738.GB22131@summer.dach-wg.de> References: <20100109115738.GB22131@summer.dach-wg.de> Message-ID: <4B488929.9020403@linuxdingsda.de> Hey there, that is truly awesome! I was getting tired of constantly having to look into the wiki to see to whom the range or ip in question belonged, etc. > I've hacked together a quick whois server that solves this problem by > bridging the Wiki to whois. I've since learned that there will be (is?) > a ?real? one which takes its data from the upcoming registry. Have a talk with jchome. As far as I know, he is building the registry database and I am sure stuff like yours is needed. E.g. I do know for a fact that we need something to create bind9 and powerdns-recursor configs out of the registry. I have no idea about bind9 but the stuff needed for the powerdns-recursor is quite simple. My atm runing config for the forwarding-zones looks like that: http://np.cyb0rg.org/?g=5e5723 > > FWIW, I am running it now because I assume it can be helpful until the > registry is implemented. That is great. > > You can use it at 172.22.150.2, it eats anything that is parseable by > Ruby's NetAddr::CIDR (so basically, IP addresses and ranges in various > formats). Works like a charm :) > > If you're interested, the source is at > http://git.alech.de/?p=dn42_whois.git Once again, thank you! -- wintix -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 261 bytes Desc: OpenPGP digital signature URL: From astro at spaceboyz.net Sun Jan 10 20:06:10 2010 From: astro at spaceboyz.net (Astro) Date: Sun, 10 Jan 2010 20:06:10 +0100 Subject: [dn42] Should anycast.dns.dn42 send authoritative replies? Message-ID: <20100110190610.GE2960@chronos.sin> First off, thanks for bringing up the dn42. DNS zone. That has been the missing part for a long time. I spent this afternoon adding it to my caches and learned a bit more about DNS. The 172.22.0.53 anycast DNS server would be very handy for small configuration. However, I like running my own recursor and bind as well as unbound require authoritative replies for a stub zone. Now I have to put in the three nameservers for the TLD and reverse zones and maintain that list.[1] DNS isn't very insightful to me, I must have missed the discussion on MUC: why can't the anycast servers reply with the authoritative bit set? Thanks for clarifying this, Astro [1] http://dn42.net/trac/wiki/DNS%20Configuration From tobias at linuxdingsda.de Sun Jan 10 22:33:52 2010 From: tobias at linuxdingsda.de (Tobias Winter) Date: Sun, 10 Jan 2010 22:33:52 +0100 Subject: [dn42] Should anycast.dns.dn42 send authoritative replies? In-Reply-To: <20100110190610.GE2960@chronos.sin> References: <20100110190610.GE2960@chronos.sin> Message-ID: <4B4A47C0.5090309@linuxdingsda.de> Astro wrote: > First off, thanks for bringing up the dn42. DNS zone. That has been the > missing part for a long time. It will get even greater if we start interacting with the registry to come. > > I spent this afternoon adding it to my caches and learned a bit more > about DNS. The 172.22.0.53 anycast DNS server would be very handy for > small configuration. However, I like running my own recursor and bind as > well as unbound require authoritative replies for a stub zone. Now I > have to put in the three nameservers for the TLD and reverse zones and > maintain that list.[1] I'm sure with the registry it will be easier to maintain own recursors and/or servers. > > DNS isn't very insightful to me, I must have missed the discussion on > MUC: why can't the anycast servers reply with the authoritative bit set? They can and they do, if they are slaves to helios' server. If a server is - like my powerdns setup - not a slave to helios' server but instead maintains it's own forwarding (not forward) list according to the wiki, it won't return an authoritive answer for zones it doesn't have by itself. You won't e.g. get authoritive answers for dig dn42 SOA @172.22.0.53 (at least if you end up on one of my servers) but you will get an athoritive answer for e.g. dig gw.crest.dn42 SOA @172.22.0.53 (forwarded by pdns-recursor to crest' server) dig wlan.wintix.dn42 SOA @172.22.0.53 (locally present) dig wiki.dn42 SOA @172.22.0.53 (forwarded to helios' server) I've had enough (really) of that anycast-authoritive-discussion. Either use it or don't. But it really works well for me and other people. -- wintix -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 261 bytes Desc: OpenPGP digital signature URL: From astro at spaceboyz.net Sun Jan 10 23:32:45 2010 From: astro at spaceboyz.net (Astro) Date: Sun, 10 Jan 2010 23:32:45 +0100 Subject: [dn42] Should anycast.dns.dn42 send authoritative replies? In-Reply-To: <4B4A47C0.5090309@linuxdingsda.de> References: <20100110190610.GE2960@chronos.sin> <4B4A47C0.5090309@linuxdingsda.de> Message-ID: <20100110223244.GF2960@chronos.sin> Tobias Winter wrote: > I've had enough (really) of that anycast-authoritive-discussion. Either > use it or don't. But it really works well for me and other people. If there was enough discussion, would anyone mind pasting the log for me? From jchome at jc-ix.net Mon Jan 11 06:20:12 2010 From: jchome at jc-ix.net (Frederic Jaeckel) Date: Mon, 11 Jan 2010 06:20:12 +0100 Subject: [dn42] Should anycast.dns.dn42 send authoritative replies? In-Reply-To: <20100110223244.GF2960@chronos.sin> References: <20100110190610.GE2960@chronos.sin> <4B4A47C0.5090309@linuxdingsda.de> <20100110223244.GF2960@chronos.sin> Message-ID: <20100111062012.6f5d33d3@jc-ix.net> On Sun, 10 Jan 2010 23:32:45 +0100 Astro wrote: > Tobias Winter wrote: > > I've had enough (really) of that anycast-authoritive-discussion. > > Either use it or don't. But it really works well for me and other > > people. > > If there was enough discussion, would anyone mind pasting the log for > me? In fact I think there should be a discussion on _THIS_ maulinglist, because MUC discussions aren't valid, because not everybody could have attended it, since it wasn't announced at a fixed time. Please be aware, that this is a community project and everyones speach will be heard. regards, Frederic 'jchome' Jaeckel -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: not available URL: From tobias at linuxdingsda.de Mon Jan 11 11:02:18 2010 From: tobias at linuxdingsda.de (Tobias Winter) Date: Mon, 11 Jan 2010 11:02:18 +0100 Subject: [dn42] Should anycast.dns.dn42 send authoritative replies? In-Reply-To: <20100111062012.6f5d33d3@jc-ix.net> References: <20100110190610.GE2960@chronos.sin> <4B4A47C0.5090309@linuxdingsda.de> <20100110223244.GF2960@chronos.sin> <20100111062012.6f5d33d3@jc-ix.net> Message-ID: <4B4AF72A.80906@linuxdingsda.de> Frederic Jaeckel wrote: > On Sun, 10 Jan 2010 23:32:45 +0100 > Astro wrote: >> Tobias Winter wrote: > Please be aware, that this is a community project and everyones speach > will be heard. That is - of course - true, i just stated, that i personally had enough. -- wintix -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 260 bytes Desc: OpenPGP digital signature URL: From tobias.fiebig at wouldyoubuythis.net Sat Jan 16 14:58:13 2010 From: tobias.fiebig at wouldyoubuythis.net (Tobias Fiebig) Date: Sat, 16 Jan 2010 14:58:13 +0100 Subject: [dn42] ctf-net ahead Message-ID: <20100116135811.GA25127@mail.wouldyoubuythis.net> Hi dn42@, please have phun with 172.22.71.0/24 -> free to hack ;-) i'm currently running some testcases on a vm-server providing the testvms in that subnet. whoever owns most of the boxes will get a virtual cookie. With best regards, tobias From leon at leonweber.de Sun Jan 17 16:30:35 2010 From: leon at leonweber.de (Leon Weber) Date: Sun, 17 Jan 2010 16:30:35 +0100 Subject: [dn42] Announcing 85.25.246.16/28 Message-ID: <20100117153035.GV29846@zaphod.leonweber.de> Hi, I recently (re-)joined dn42 and I'd like to announce my ipv4 and v6 prefixes 85.25.246.16/28 and 2a01:1f8:1:4::/64 - so it would be great if you could defilter these on your routers (or just pick the template from ). Leon -- Leon Weber, leon at leonweber.de 0x8E04D7FC leon at jabber.ccc.de -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available URL: From jchome at jc-ix.net Mon Jan 18 10:44:52 2010 From: jchome at jc-ix.net (Frederic Jaeckel) Date: Mon, 18 Jan 2010 10:44:52 +0100 Subject: [dn42] AND AGAIN. Message-ID: <20100118104452.48aab823jchome@jc-ix.net@jc-ix.net> DONT WRITE NETWORKS IN http://dn42.net/trac/wiki/BGP_Filter IF YOU HAVEN'T ANNOUNCED IT ON THIS ML! ! ichdasich ip prefix-list vpn-in seq 45 permit 188.40.152.0/24 ge 26 le 28 ! morpheus ip prefix-list vpn-in seq 47 permit 188.40.227.0/24 Thanks. jc (the mgmt) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: not available URL: From fabian at datensalat.eu Sun Jan 24 16:14:29 2010 From: fabian at datensalat.eu (Fabian Fingerle) Date: Sun, 24 Jan 2010 16:14:29 +0100 Subject: [dn42] AS64608 Message-ID: <201001241614.33156.fabian@datensalat.eu> Hi, today we changed a lot of things in AS64608 and hope everything works properly. If you have problems, please first check if dn42.fabian.datensalat.eu resolves to 78.46.32.82 and your openvpn config looks like this: remote dn42.fabian.datensalat.eu Contact me, if the problem still exists in some hours/days/.... Yours 'otih' -------------- n?chster Teil -------------- Ein Dateianhang mit Bin?rdaten wurde abgetrennt... Dateiname : nicht verf?gbar Dateityp : application/pgp-signature Dateigr??e : 198 bytes Beschreibung: This is a digitally signed message part. URL :