From nobody at nowhere.ws Thu Jul 1 10:57:11 2010 From: nobody at nowhere.ws (nobody at nowhere.ws) Date: Thu, 01 Jul 2010 10:57:11 +0200 Subject: [dn42] somerandomnick fix your dns In-Reply-To: References: <4C2A5DFD.3040001@linuxdingsda.de> <4C2AFADC.2010808@linuxdingsda.de> Message-ID: <4C2C5867.8070300@nowhere.ws> On 30.06.2010 14:36, SRN wrote: > tobias at linuxdingsda.de (Tobias Winter) writes: >> if possible handle it like a /24. if the other half of the /25 is >> assigned as well and differ in nameserver records you would have to >> handle it as 255 single ips. > > That sounds like a rather complicated algorithm for an automated zonegen > script to do. I think we may need some hints in the registry (perhaps an > "rdns-zone:" field), if we want this strategy to scale. The current registry format registers DNS Servers for rDNS in the inetnum objects. For smaller ranges than /24 there is already a script available in the registry repo which creates CNAME records according to RFC2317. An Example would be: ---snip--- inetnum: 192.0.2.0 - 192.0.2.63 netname: NET-EXAMPLE-SMALL descr: a small example network country: EU admin-c: EXAMPLE-DN42 tech-d: EXAMPLE-DN42 status: ASSIGNED PI nserver: ns.example.dn42 ---snip--- For this, the following records would be created: 0/26.2.0.192.in-addr.arpa. NS ns.example.dn42. 1.2.0.192.in-addr.arpa. CNAME 1.0/26.2.0.192.in-addr.arpa. 2.2.0.192.in-addr.arpa. CNAME 2.0/26.2.0.192.in-addr.arpa. ... One thing I would be interested in, though: Is there a reason why the RFC does not also set a record like this: 0.2.0.192.in-addr.arpa. CNAME 0.0/26.2.0.192.in-addr.arpa. Regards, Christian From Ivo at UFO-Net.nl Thu Jul 1 13:14:09 2010 From: Ivo at UFO-Net.nl (Ivo Smits) Date: Thu, 01 Jul 2010 13:14:09 +0200 Subject: [dn42] somerandomnick fix your dns In-Reply-To: <4C2C5867.8070300@nowhere.ws> References: <4C2A5DFD.3040001@linuxdingsda.de> <4C2AFADC.2010808@linuxdingsda.de> <4C2C5867.8070300@nowhere.ws> Message-ID: <4C2C7881.5090609@UFO-Net.nl> Op 1-7-2010 10:57, nobody at nowhere.ws schreef: > On 30.06.2010 14:36, SRN wrote: > >> tobias at linuxdingsda.de (Tobias Winter) writes: >> >>> if possible handle it like a /24. if the other half of the /25 is >>> assigned as well and differ in nameserver records you would have to >>> handle it as 255 single ips. >>> I would rather not handle this on the root servers, instead just delegate the /24 zones to other dedicated "smaller-than-/24" nameservers, so we can keep the root zones and export scripts small and simple. > For this, the following records would be created: > > 0/26.2.0.192.in-addr.arpa. NS ns.example.dn42. > 1.2.0.192.in-addr.arpa. CNAME 1.0/26.2.0.192.in-addr.arpa. > 2.2.0.192.in-addr.arpa. CNAME 2.0/26.2.0.192.in-addr.arpa. > ... > > One thing I would be interested in, though: > Is there a reason why the RFC does not also set a record like this: > > 0.2.0.192.in-addr.arpa. CNAME 0.0/26.2.0.192.in-addr.arpa. > Looks like a bug to me. Number 0 definately belongs to that /26 subnet, although not many people may setup a DNS on a network or broadcast address :-P -- Ivo From nobody at nowhere.ws Thu Jul 1 16:39:42 2010 From: nobody at nowhere.ws (nobody at nowhere.ws) Date: Thu, 1 Jul 2010 16:39:42 +0200 Subject: [dn42] thoughts about the registry In-Reply-To: <4C2B46AB.5040107@linuxdingsda.de> References: <4C2B46AB.5040107@linuxdingsda.de> Message-ID: <20100701143942.GA5885@ts2server.com> On Wed, Jun 30, 2010 at 03:29:15PM +0200, Tobias Winter wrote: > the problems with the wiki are that it's a single point of failure > and feeding the data into the dns systems has to be done manually. > - but keep in mind: it actually works well. The wiki has another downside: we have no way to verify the data in it is correct. > the problems with the registry now are that it is very difficult > to handle. it definitely can and will not be used by any not very > technical user. you need a monotone client, need to ask someone to > get you access for your key there is no syntax-checking, there is no > documentation and you have to actually do quite some work to get > _anything_ done. monotone is the right thing to use, i think. it provides > decentralized revision control. but if not EVERYONE can use it, what good > does it do? prior to taking down something working there has to be heavy > thought on what problems you want to solve and for whom you make live > miserable. I don't think monotone is the right way to go. I favor it over git or mercurial in this application as it provides ways to check the authenticity of changes, which is a feature which we will be in need of, imho, if not now then in the future. Monotone provides most features I need and/or consider neccessary, however for usage for the registry it is far too bloated - nobody should have to build boost just to register with dn42. I agree with you if this should be ever used there has to be some kind of automatized syntax and maybe sanity check. > even if a webinterface has it's downsides there is no "we don't > want one because..." allowed. a webinterface is the only way > everybody can contribute to the registry without great pain. > if designed correctly, the webinterface will be as decentralized as we > like it and as usable as a wiki. I don't think a webinterface could provide use with the features we get when using monotone - imho there is simply no way to confirm authenticity if a webinterface is used. Also, for most people in dn42 the (Inter)net does not end at the border of their webbrowser. Imho, if there is a convenient, usable interface which does not require too much work (the current db is not an example ;) ), it will be accepted. To put it in a nutshell, I think the features the monotone-db currently provides us with are sensible and neccessary. However we should try to find a way to implement those features in a portable and less heavy way which also provides a better user interface in respect of usage as a whois-db. Regards, Christian From Ivo at UFO-Net.nl Fri Jul 2 13:39:48 2010 From: Ivo at UFO-Net.nl (Ivo Smits) Date: Fri, 02 Jul 2010 13:39:48 +0200 Subject: [dn42] Helios' DNS server going down Message-ID: <4C2DD004.8080606@UFO-Net.nl> Helios will soon take his DNS server at 172.22.195.2 offline permanently. It is recommended to change your configuration to use another DNS server ASAP, preferably the anycast address should be used, which is 172.22.0.53, and will route your requests to the closest available DNS server. More information about the anycast servers is available on the WIKI DNS page. -- Ivo (on behalf of Helios ;)) From docsteel at docsteel.de Fri Jul 2 14:04:48 2010 From: docsteel at docsteel.de (Docsteel) Date: Fri, 02 Jul 2010 14:04:48 +0200 Subject: [dn42] IPV6 Network Change for AS64770 Message-ID: <4C2DD5E0.8070803@docsteel.de> Hello There is a change for the following IPv6 Network for AS64770: Old: 2a01:198:4da:d42::/64 New: 2a01:4f8:120:4081:d42::/76 I've updated the BGP Filter List in the Wiki today. //Docsteel From nobody at nowhere.ws Fri Jul 2 15:20:05 2010 From: nobody at nowhere.ws (nobody at nowhere.ws) Date: Fri, 02 Jul 2010 15:20:05 +0200 Subject: [dn42] Helios' DNS server going down In-Reply-To: <4C2DD004.8080606@UFO-Net.nl> References: <4C2DD004.8080606@UFO-Net.nl> Message-ID: <4C2DE785.4070706@nowhere.ws> On 02.07.2010 13:39, Ivo Smits wrote: > Helios will soon take his DNS server at 172.22.195.2 offline > permanently. It is recommended to change your configuration to use > another DNS server ASAP, preferably the anycast address should be used, > which is 172.22.0.53, and will route your requests to the closest > available DNS server. More information about the anycast servers is > available on the WIKI DNS page. 172.22.0.53 is no replacement for 172.22.195.2 as those are not authoritative. From tobias at linuxdingsda.de Fri Jul 2 15:31:37 2010 From: tobias at linuxdingsda.de (Tobias Winter) Date: Fri, 02 Jul 2010 15:31:37 +0200 Subject: [dn42] Helios' DNS server going down In-Reply-To: <4C2DE785.4070706@nowhere.ws> References: <4C2DD004.8080606@UFO-Net.nl> <4C2DE785.4070706@nowhere.ws> Message-ID: <4C2DEA39.7010106@linuxdingsda.de> Am 02.07.2010 15:20, schrieb nobody at nowhere.ws: > On 02.07.2010 13:39, Ivo Smits wrote: > >> Helios will soon take his DNS server at 172.22.195.2 offline >> permanently. It is recommended to change your configuration to use >> another DNS server ASAP, preferably the anycast address should be used, >> which is 172.22.0.53, and will route your requests to the closest >> available DNS server. More information about the anycast servers is >> available on the WIKI DNS page. >> > 172.22.0.53 is no replacement for 172.22.195.2 as those are not > authoritative. > the powerdns-setup on my two anycast resolvers will continue to work withouh helios' servers. i could even make them authoritive, however i do not see the point, as it will just work as it is now. - what i do have to do is hack up some automated integration with the registry. but that can easily be resolved by modifying the existing bind-export-script for my needs. From tobias at linuxdingsda.de Fri Jul 2 19:19:33 2010 From: tobias at linuxdingsda.de (Tobias Winter) Date: Fri, 02 Jul 2010 19:19:33 +0200 Subject: [dn42] hotshot, please fix your routing. Message-ID: <4C2E1FA5.4040206@linuxdingsda.de> 18:51:05 < wintix> Astro: from as64822 (172.22.222.1) 18:51:07 -!- Irssi: Pasting 6 lines to #dn42. Press Ctrl-K if you wish to do this or Ctrl-C to cancel. 18:51:08 < wintix> dn42:~# traceroute 172.22.170.53 18:51:08 < wintix> traceroute to 172.22.170.53 (172.22.170.53), 30 hops max, 40 byte packets 1 172.22.255.171 (172.22.255.171) 1.447 ms 1.363 ms 1.314 ms 2 * * * 3 * * * 4 * * * 18:52:21 < r00t> eww 19:03:37 -!- UFO [~Ivo at 172.22.166.1] has joined #dn42 19:03:57 -!- Ivo [~Ivo at 172.22.166.1] has quit [Read error: Connection reset by peer] 19:11:51 < Astro> r00t: ? 19:12:16 < Astro> traceroute to 172.22.170.53 (172.22.170.53), 30 hops max, 60 byte packets 1 172.22.255.18 24.321 ms 24.125 ms 24.096 ms 2 * * * 19:12:39 < Astro> 172.22.170.0/24 via 172.22.255.18 dev dc58 proto zebra 19:13:03 < Astro> #58 is hotshot (L3 DUS) 19:13:44 < Astro> remote gw.ceits.de 19:15:47 < wintix> hotshot: fix your routing! :D 19:16:30 < UFO> :) 19:18:35 < Astro> wintix: mailing list? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 262 bytes Desc: OpenPGP digital signature URL: From crest at cyb0rg.org Sat Jul 3 01:00:26 2010 From: crest at cyb0rg.org (Crest) Date: Sat, 03 Jul 2010 01:00:26 +0200 Subject: [dn42] Helios' DNS server going down In-Reply-To: <4C2DEA39.7010106@linuxdingsda.de> References: <4C2DD004.8080606@UFO-Net.nl> <4C2DE785.4070706@nowhere.ws> <4C2DEA39.7010106@linuxdingsda.de> Message-ID: <4C2E6F8A.1020400@cyb0rg.org> Tobias Winter schrieb: > Am 02.07.2010 15:20, schrieb nobody at nowhere.ws: >> 172.22.0.53 is no replacement for 172.22.195.2 as those are not >> authoritative. I deployed a BIND at 172.22.228.6 generating zonefiles every 15 minutes from the registry. Yes it's authorive. Yes it's a public resolver. Yes it's under the same IPv4 address so sue me. Tobias Winter schrieb: > the powerdns-setup on my two anycast resolvers will continue to work > withouh helios' servers. i could even make them authoritive, however i > do not see the point, as it will just work as it is now. - what i do > have to do is hack up some automated integration with the registry. but > that can easily be resolved by modifying the existing bind-export-script > for my needs. The scripts utils/zonegen.rb and utils/ptrgen.rb generate more or less acceptable zonefiles for forward and reverse DNS (e.g. ptrgen.rb doesn't generate a SOA entry). RFC2317 support is broken. I glued them together in utils/crest/*. From astro at spaceboyz.net Sat Jul 3 11:36:34 2010 From: astro at spaceboyz.net (Astro) Date: Sat, 3 Jul 2010 11:36:34 +0200 Subject: [dn42] Helios' DNS server going down In-Reply-To: <4C2DEA39.7010106@linuxdingsda.de> References: <4C2DD004.8080606@UFO-Net.nl> <4C2DE785.4070706@nowhere.ws> <4C2DEA39.7010106@linuxdingsda.de> Message-ID: <20100703093634.GH6165@chronos.sin> Tobias Winter wrote: > [...] i could even make them authoritive, however i do not see the > point, as it will just work as it is now. [...] The point is: many people run their own DNS caches and hence want to cache for themselves instead of forwarding to other caches. PDNS may be that configurable but others aren't. If this situation won't get resolved I'm going to generate my own zonefile from the whois data and serve it authoritatively. From tobias at linuxdingsda.de Sat Jul 3 16:07:37 2010 From: tobias at linuxdingsda.de (Tobias Winter) Date: Sat, 03 Jul 2010 16:07:37 +0200 Subject: [dn42] Helios' DNS server going down In-Reply-To: <20100703093634.GH6165@chronos.sin> References: <4C2DD004.8080606@UFO-Net.nl> <4C2DE785.4070706@nowhere.ws> <4C2DEA39.7010106@linuxdingsda.de> <20100703093634.GH6165@chronos.sin> Message-ID: <4C2F4429.4020903@linuxdingsda.de> Am 03.07.2010 11:36, schrieb Astro: > Tobias Winter wrote: > >> [...] i could even make them authoritive, however i do not see the >> point, as it will just work as it is now. [...] >> > The point is: many people run their own DNS caches and hence want to > cache for themselves instead of forwarding to other caches. PDNS may be > that configurable but others aren't. > I do not see why you can't do that now or why you will only be able to do that if I return authoritative answers. The only difference in my opinion is, that if I were to return NS records, your local dns cache/resolver would ask the foreign server itself despite using the answer my server would have provided. Or did I miss something? > If this situation won't get resolved I'm going to generate my own > zonefile from the whois data and serve it authoritatively. > No one hinders you from doing and/or implementing something that works for you and nor can and/or will I force anyone to use a service I provide. -- wintix From astro at spaceboyz.net Sat Jul 3 12:35:43 2010 From: astro at spaceboyz.net (Astro) Date: Sat, 3 Jul 2010 12:35:43 +0200 Subject: [dn42] Helios' DNS server going down In-Reply-To: <4C2F4429.4020903@linuxdingsda.de> References: <4C2DD004.8080606@UFO-Net.nl> <4C2DE785.4070706@nowhere.ws> <4C2DEA39.7010106@linuxdingsda.de> <20100703093634.GH6165@chronos.sin> <4C2F4429.4020903@linuxdingsda.de> Message-ID: <20100703103543.GI6165@chronos.sin> Tobias Winter wrote: > No one hinders you from doing and/or implementing something that works > for you and nor can and/or will I force anyone to use a service I provide. Don't get angry because I utter feedback. From tobias at linuxdingsda.de Sat Jul 3 16:55:11 2010 From: tobias at linuxdingsda.de (Tobias Winter) Date: Sat, 03 Jul 2010 16:55:11 +0200 Subject: [dn42] Helios' DNS server going down In-Reply-To: <20100703103543.GI6165@chronos.sin> References: <4C2DD004.8080606@UFO-Net.nl> <4C2DE785.4070706@nowhere.ws> <4C2DEA39.7010106@linuxdingsda.de> <20100703093634.GH6165@chronos.sin> <4C2F4429.4020903@linuxdingsda.de> <20100703103543.GI6165@chronos.sin> Message-ID: <4C2F4F4F.7060707@linuxdingsda.de> Am 03.07.2010 12:35, schrieb Astro: > Tobias Winter wrote: > >> No one hinders you from doing and/or implementing something that works >> for you and nor can and/or will I force anyone to use a service I provide. >> > Don't get angry because I utter feedback. > Wasn't intended to sound angry, sorry. I will likely change my DNS setup but in order to do that, i have to hack up mysql-sync-scripts, as my pdns-server uses a mysql backend. From chris at rootkit.de Sat Jul 3 20:10:09 2010 From: chris at rootkit.de (Christian Esser) Date: Sat, 03 Jul 2010 20:10:09 +0200 Subject: [dn42] hotshot, please fix your routing. => routed to blackhole.docsteel.de In-Reply-To: <4C2E1FA5.4040206@linuxdingsda.de> References: <4C2E1FA5.4040206@linuxdingsda.de> Message-ID: <4C2F7D01.4000609@rootkit.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/02/2010 07:19 PM, Tobias Winter wrote: > 18:51:05 < wintix> Astro: from as64822 (172.22.222.1) > 18:51:07 -!- Irssi: Pasting 6 lines to #dn42. Press Ctrl-K if you wish > to do this or Ctrl-C to cancel. > 18:51:08 < wintix> dn42:~# traceroute 172.22.170.53 > 18:51:08 < wintix> traceroute to 172.22.170.53 (172.22.170.53), 30 hops > max, 40 byte packets 1 172.22.255.171 > (172.22.255.171) 1.447 ms 1.363 ms 1.314 ms 2 * * > * 3 * * * 4 * * * > 18:52:21 < r00t> eww > 19:03:37 -!- UFO [~Ivo at 172.22.166.1] has joined #dn42 > 19:03:57 -!- Ivo [~Ivo at 172.22.166.1] has quit [Read error: Connection > reset by peer] > 19:11:51 < Astro> r00t: ? > 19:12:16 < Astro> traceroute to 172.22.170.53 (172.22.170.53), 30 hops > max, 60 byte packets 1 172.22.255.18 24.321 ms > 24.125 ms 24.096 ms 2 * * * > 19:12:39 < Astro> 172.22.170.0/24 via 172.22.255.18 dev dc58 proto zebra > 19:13:03 < Astro> #58 is hotshot (L3 DUS) > 19:13:44 < Astro> remote gw.ceits.de > 19:15:47 < wintix> hotshot: fix your routing! :D > 19:16:30 < UFO> :) > 19:18:35 < Astro> wintix: mailing list? AS64770: BGP state = Established, up for 1d00h13m Jul 2 18:50:53 ACCEPT:IN=tun13 OUT=tun17 SRC=172.22.255.170 DST=172.22.170.53 LEN=68 TOS=0x00 PREC=0x00 TTL=8 ID=13337 PROTO=UDP SPT=37081 DPT=33461 LEN=48 ACCEPT:IN=tun13 OUT=tun17 SRC=172.22.255.170 DST=172.22.170.53 LEN=68 TOS=0x00 PREC=0x00 TTL=9 ID=13342 PROTO=UDP SPT=55409 DPT=33466 LEN=48 Sun Apr 25 21:48:46 2010 Initialization Sequence Completed Sun Apr 25 21:52:35 2010 read UDPv4 [ECONNREFUSED]: Connection refused (code=111) Tue May 4 13:25:02 2010 read UDPv4 [ECONNREFUSED]: Connection refused (code=111) Thu May 6 14:10:12 2010 read UDPv4 [EHOSTUNREACH]: No route to host (code=113) Mon May 24 22:19:13 2010 read UDPv4 [ECONNREFUSED]: Connection refused (code=111) Thu Jun 3 12:13:45 2010 read UDPv4 [EHOSTUNREACH]: No route to host (code=113) Sun Jun 13 15:11:26 2010 read UDPv4 [ECONNREFUSED]: Connection refused (code=111) Wed Jun 30 20:16:54 2010 read UDPv4 [ECONNREFUSED]: Connection refused (code=111) ... Wed Jun 30 20:20:11 2010 read UDPv4 [ECONNREFUSED]: Connection refused (code=111) Fri Jul 2 11:59:30 2010 read UDPv4 [ECONNREFUSED]: Connection refused (code=111) Fri Jul 2 11:59:33 2010 read UDPv4 [ECONNREFUSED]: Connection refused (code=111) Fri Jul 2 12:09:39 2010 read UDPv4 [EHOSTUNREACH]: No route to host (code=113) ... Fri Jul 2 12:20:18 2010 read UDPv4 [EHOSTUNREACH]: No route to host (code=113) Fri Jul 2 18:54:09 2010 read UDPv4 [ECONNREFUSED]: Connection refused (code=111) Fri Jul 2 18:54:12 2010 read UDPv4 [ECONNREFUSED]: Connection refused (code=111) Fri Jul 2 18:54:18 2010 read UDPv4 [ECONNREFUSED]: Connection refused (code=111) Fri Jul 2 18:54:30 2010 read UDPv4 [ECONNREFUSED]: Connection refused (code=111) docsteel? ;) - --- hotshot -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwvfP0ACgkQCX+ObqMIYTTfiwCgt1adtPmYFj97XJOfbh3Ue7rQ +kcAoOTVx83LXjwJs/hBhufP2dcOjKTm =fQsz -----END PGP SIGNATURE----- From nick at srn.dn42 Sun Jul 4 05:46:41 2010 From: nick at srn.dn42 (SRN) Date: Sun, 4 Jul 2010 03:46:41 +0000 (UTC) Subject: [dn42] Helios' DNS server going down References: <4C2DD004.8080606@UFO-Net.nl> Message-ID: Ivo at UFO-Net.nl (Ivo Smits) writes: >Helios will soon take his DNS server at 172.22.195.2 offline >permanently. It is recommended to change your configuration to use >another DNS server ASAP, preferably the anycast address should be used, >which is 172.22.0.53, and will route your requests to the closest >available DNS server. More information about the anycast servers is >available on the WIKI DNS page. Guys, if you need an authoritative-only .dn42 TLD nameserver, you can use mine at 172.22.131.88, the first (and still the best) registry-backed nameserver. From tobias at linuxdingsda.de Sun Jul 4 09:16:06 2010 From: tobias at linuxdingsda.de (Tobias Winter) Date: Sun, 04 Jul 2010 09:16:06 +0200 Subject: [dn42] Helios' DNS server going down In-Reply-To: References: <4C2DD004.8080606@UFO-Net.nl> Message-ID: <4C303536.3000106@linuxdingsda.de> Am 04.07.2010 05:46, schrieb SRN: > Ivo at UFO-Net.nl (Ivo Smits) writes: > > >> Helios will soon take his DNS server at 172.22.195.2 offline >> permanently. It is recommended to change your configuration to use >> another DNS server ASAP, preferably the anycast address should be used, >> which is 172.22.0.53, and will route your requests to the closest >> available DNS server. More information about the anycast servers is >> available on the WIKI DNS page. >> > > Guys, if you need an authoritative-only .dn42 TLD nameserver, you can > use mine at 172.22.131.88, the first (and still the best) registry-backed > nameserver. > > But without working RDNS, as I recall? From crest at cyb0rg.org Sun Jul 4 10:20:47 2010 From: crest at cyb0rg.org (Crest) Date: Sun, 04 Jul 2010 10:20:47 +0200 Subject: [dn42] Helios' DNS server going down In-Reply-To: <4C303536.3000106@linuxdingsda.de> References: <4C2DD004.8080606@UFO-Net.nl> <4C303536.3000106@linuxdingsda.de> Message-ID: <4C30445F.8000208@cyb0rg.org> Tobias Winter schrieb: > Am 04.07.2010 05:46, schrieb SRN: >> Ivo at UFO-Net.nl (Ivo Smits) writes: >> >> >>> Helios will soon take his DNS server at 172.22.195.2 offline >>> permanently. It is recommended to change your configuration to use >>> another DNS server ASAP, preferably the anycast address should be used, >>> which is 172.22.0.53, and will route your requests to the closest >>> available DNS server. More information about the anycast servers is >>> available on the WIKI DNS page. >>> >> >> Guys, if you need an authoritative-only .dn42 TLD nameserver, you can >> use mine at 172.22.131.88, the first (and still the best) registry-backed >> nameserver. >> >> > But without working RDNS, as I recall? > I'm running a registry backed NS on 172.22.228.6 and 172.22.180.46 with working rDNS ("real" tlds, .dn42, .hack). The scripts are in utils/*. Feel free to use them. Zonetransfer allowed for anyone so. Feel free to slave them and setup ghosts ;-). From post at danluedtke.de Mon Jul 5 20:02:16 2010 From: post at danluedtke.de (Dan =?ISO-8859-1?Q?L=FCdtke?=) Date: Mon, 05 Jul 2010 20:02:16 +0200 Subject: [dn42] Looking for IPv6 peers Message-ID: <1278352936.2475.4.camel@tunafish> Hi everyone, I am looking for IPv6 capable peers. My hostname is bgp42.nonattached.net, I do not have a public IPv4 Address, but I can get to other IPv4 peers through NAT. Nevertheless, at least one native IPv6 peer would be fine. Meet me in IRC for easier setup. Greetings, danrl From dn42 at somakoma.de Tue Jul 6 11:10:28 2010 From: dn42 at somakoma.de (soma) Date: Tue, 06 Jul 2010 11:10:28 +0200 Subject: [dn42] Please update your IPv6-Filters Message-ID: <4C32F304.1000501@somakoma.de> Hi, i'd like to ask you to update your ipv6-filters to allow my public ipv6 networks. > ! soma > ipv6 prefix-list vpn-in seq 190 permit 2001:6f8:1019::/64 > ipv6 prefix-list vpn-in seq 191 permit 2a01:198:22c::/48 le 64 Thanks, soma From dn42 at somakoma.de Tue Jul 6 16:42:50 2010 From: dn42 at somakoma.de (soma) Date: Tue, 06 Jul 2010 16:42:50 +0200 Subject: [dn42] Quagga-dn42-1.1.0-dn42.12 for OpenWrt Message-ID: <4C3340EA.2030903@somakoma.de> Hi again, i needed to build the patched quagga for dn42 for OpenWrt today to get ipv6 and ipv4 running properly at the same time. In case anyone happens to need these, the Makefile and x86 binaries may be found following the links on this page: http://dn42.net/trac/wiki/QuaggaPatches Thanks for your attention! soma From nick at srn.dn42 Wed Jul 7 09:38:20 2010 From: nick at srn.dn42 (SRN) Date: Wed, 7 Jul 2010 07:38:20 +0000 (UTC) Subject: [dn42] Helios' DNS server going down References: <4C2DD004.8080606@UFO-Net.nl> <4C303536.3000106@linuxdingsda.de> Message-ID: tobias at linuxdingsda.de (Tobias Winter) writes: >Am 04.07.2010 05:46, schrieb SRN: >> Ivo at UFO-Net.nl (Ivo Smits) writes: >> >> >>> Helios will soon take his DNS server at 172.22.195.2 offline >>> permanently. It is recommended to change your configuration to use >>> another DNS server ASAP, preferably the anycast address should be used, >>> which is 172.22.0.53, and will route your requests to the closest >>> available DNS server. More information about the anycast servers is >>> available on the WIKI DNS page. >>> >> >> Guys, if you need an authoritative-only .dn42 TLD nameserver, you can >> use mine at 172.22.131.88, the first (and still the best) registry-backed >> nameserver. >> >> >But without working RDNS, as I recall? Right, that's a .dn42 TLD nameserver, not a 22.172.in-addr.arpa. nameserver. (That's why I removed the recursive resolver that uses it, 172.22.131.38, from the anycast. There are still open questions about desired behavior for rDNS on dn42, and since parsing the registry inetnum/ is non-trivial, I don't want to implement rDNS until we've agreed on semantics.) From nick at srn.dn42 Wed Jul 7 10:33:01 2010 From: nick at srn.dn42 (SRN) Date: Wed, 7 Jul 2010 08:33:01 +0000 (UTC) Subject: [dn42] wiki.dn42 Message-ID: Hi guys, Does anybody object to me setting up a decentralized wiki.dn42 with ikiwiki on top of monotone? From tobias at linuxdingsda.de Wed Jul 7 10:38:06 2010 From: tobias at linuxdingsda.de (Tobias Winter) Date: Wed, 07 Jul 2010 10:38:06 +0200 Subject: [dn42] wiki.dn42 In-Reply-To: References: Message-ID: <4C343CEE.1010803@linuxdingsda.de> On 07/07/2010 10:33 AM, SRN wrote: > Hi guys, > > Does anybody object to me setting up a decentralized wiki.dn42 with > ikiwiki on top of monotone? i do not think it is needed, but of course, fire away. if it works and is usable it will likely be adopted. btw... what is it with your mail..? to: dn42 at mail.news.welterde.net and reply-to: dn42 at lists.spaceboyz.net -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 261 bytes Desc: OpenPGP digital signature URL: From nick at srn.dn42 Wed Jul 7 10:42:02 2010 From: nick at srn.dn42 (SRN) Date: Wed, 7 Jul 2010 08:42:02 +0000 (UTC) Subject: [dn42] wiki.dn42 References: <4C343CEE.1010803@linuxdingsda.de> Message-ID: tobias at linuxdingsda.de (Tobias Winter) writes: >On 07/07/2010 10:33 AM, SRN wrote: >> Hi guys, >>=20 >> Does anybody object to me setting up a decentralized wiki.dn42 with >> ikiwiki on top of monotone? >i do not think it is needed, but of course, fire away. if it works and >is usable it will likely be adopted. LOL, thanks :-) >btw... what is it with your mail..? >to: dn42 at mail.news.welterde.net and >reply-to: dn42 at lists.spaceboyz.net I'm not posting by mail, but rather via welterde's NNTP gateway. From crest at cyb0rg.org Wed Jul 7 11:58:29 2010 From: crest at cyb0rg.org (Crest) Date: Wed, 07 Jul 2010 11:58:29 +0200 Subject: [dn42] Helios' DNS server going down In-Reply-To: References: <4C2DD004.8080606@UFO-Net.nl> <4C303536.3000106@linuxdingsda.de> Message-ID: <4C344FC5.8070305@cyb0rg.org> SRN schrieb: > tobias at linuxdingsda.de (Tobias Winter) writes: >> But without working RDNS, as I recall? > > Right, that's a .dn42 TLD nameserver, not a > 22.172.in-addr.arpa. nameserver. (That's why I removed the recursive > resolver that uses it, 172.22.131.38, from the anycast. There are still > open questions about desired behavior for rDNS on dn42, and since parsing > the registry inetnum/ is non-trivial, I don't want to implement rDNS > until we've agreed on semantics.) I'm running an authoritative "dn42." and "22.172.in-addr.arpa." nameserver with auto generated zone files. In my opinion their are no semantics left open to debate for rDNS of networks larger equals /24. That's why I'm running a rDNS nameserver for "22.172.in-addr.arpa.". I'm using utils/ptrgen.rb for rDNS. For my transfer nets 172.22.254.0/26 and 172.22.254.128/27 I debugged utils/rfc2317.rb to generate RFC2317 style delegation. This should scale to the whole dn42 IPv4 space. From crest at cyb0rg.org Wed Jul 7 11:58:29 2010 From: crest at cyb0rg.org (Crest) Date: Wed, 07 Jul 2010 11:58:29 +0200 Subject: [dn42] Helios' DNS server going down References: <4C2DD004.8080606@UFO-Net.nl> <4C303536.3000106@linuxdingsda.de> Message-ID: <4C344FC5.8070305@cyb0rg.org> SRN schrieb: > tobias at linuxdingsda.de (Tobias Winter) writes: >> But without working RDNS, as I recall? > > Right, that's a .dn42 TLD nameserver, not a > 22.172.in-addr.arpa. nameserver. (That's why I removed the recursive > resolver that uses it, 172.22.131.38, from the anycast. There are still > open questions about desired behavior for rDNS on dn42, and since parsing > the registry inetnum/ is non-trivial, I don't want to implement rDNS > until we've agreed on semantics.) I'm running an authoritative "dn42." and "22.172.in-addr.arpa." nameserver with auto generated zone files. In my opinion their are no semantics left open to debate for rDNS of networks larger equals /24. That's why I'm running a rDNS nameserver for "22.172.in-addr.arpa.". I'm using utils/ptrgen.rb for rDNS. For my transfer nets 172.22.254.0/26 and 172.22.254.128/27 I debugged utils/rfc2317.rb to generate RFC2317 style delegation. This should scale to the whole dn42 IPv4 space. From jchome at jc-ix.net Wed Jul 7 12:56:46 2010 From: jchome at jc-ix.net (Frederic Jaeckel) Date: Wed, 07 Jul 2010 12:56:46 +0200 Subject: [dn42] changing endpoint Message-ID: <4C345D6E.7060607@jc-ix.net> for all who peered with akihabara.jc-ix.net (80.244.248.166) - please change that to router1.jc-ix.net (80.244.241.226) .. due to a HDD crash. ;) --Frederic 'jchome' Jaeckel From nick at srn.dn42 Wed Jul 7 14:44:29 2010 From: nick at srn.dn42 (SRN) Date: Wed, 7 Jul 2010 12:44:29 +0000 (UTC) Subject: [dn42] Helios' DNS server going down References: <4C2DD004.8080606@UFO-Net.nl> <4C303536.3000106@linuxdingsda.de> <4C344FC5.8070305@cyb0rg.org> Message-ID: crest at cyb0rg.org (Crest) writes: >SRN schrieb: >> tobias at linuxdingsda.de (Tobias Winter) writes: >>> But without working RDNS, as I recall? >> >> Right, that's a .dn42 TLD nameserver, not a >> 22.172.in-addr.arpa. nameserver. (That's why I removed the recursive >> resolver that uses it, 172.22.131.38, from the anycast. There are still >> open questions about desired behavior for rDNS on dn42, and since parsing >> the registry inetnum/ is non-trivial, I don't want to implement rDNS >> until we've agreed on semantics.) >I'm running an authoritative "dn42." and "22.172.in-addr.arpa." >nameserver with auto generated zone files. In my opinion their are no >semantics left open to debate for rDNS of networks larger equals /24. >That's why I'm running a rDNS nameserver for "22.172.in-addr.arpa.". >I'm using utils/ptrgen.rb for rDNS. >For my transfer nets 172.22.254.0/26 and 172.22.254.128/27 I debugged >utils/rfc2317.rb to generate RFC2317 style delegation. This should scale >to the whole dn42 IPv4 space. Are you doing that directly in your 22.172.in-addr.arpa. zone? From dn42 at xenim.de Wed Jul 7 15:06:34 2010 From: dn42 at xenim.de (Robert Weidlich) Date: Wed, 7 Jul 2010 15:06:34 +0200 Subject: [dn42] changing endpoint In-Reply-To: <4C345D6E.7060607@jc-ix.net> References: <4C345D6E.7060607@jc-ix.net> Message-ID: <20100707130630.GG12710@xenim.de> On Wed, Jul 07, 2010 at 12:56:46PM +0200, Frederic Jaeckel wrote: > for all who peered with akihabara.jc-ix.net (80.244.248.166) - please > change that to router1.jc-ix.net (80.244.241.226) AFAIK is that the second change of the hostname you requested. It might be easier to set up a dedicated DNS-Entry like dn42.jc-ix.net or similar, which is a CNAME to whatever hast you actually use. Robert > > .. due to a HDD crash. ;) > > --Frederic 'jchome' Jaeckel > > _______________________________________________ > dn42 mailing list > dn42 at lists.spaceboyz.net > http://lists.spaceboyz.net/mailman/listinfo/dn42 From jchome at jc-ix.net Wed Jul 7 15:09:14 2010 From: jchome at jc-ix.net (Frederic Jaeckel) Date: Wed, 07 Jul 2010 15:09:14 +0200 Subject: [dn42] changing endpoint In-Reply-To: <20100707130630.GG12710@xenim.de> References: <4C345D6E.7060607@jc-ix.net> <20100707130630.GG12710@xenim.de> Message-ID: <4C347C7A.8080907@jc-ix.net> On 7/7/10 3:06 PM, Robert Weidlich wrote: > On Wed, Jul 07, 2010 at 12:56:46PM +0200, Frederic Jaeckel wrote: >> for all who peered with akihabara.jc-ix.net (80.244.248.166) - please >> change that to router1.jc-ix.net (80.244.241.226) > > AFAIK is that the second change of the hostname you requested. It might be > easier to set up a dedicated DNS-Entry like dn42.jc-ix.net or similar, > which is a CNAME to whatever hast you actually use. That is what I'm doing and it doesn't depend on DNS. From crest at cyb0rg.org Wed Jul 7 15:22:45 2010 From: crest at cyb0rg.org (Crest) Date: Wed, 07 Jul 2010 15:22:45 +0200 Subject: [dn42] Helios' DNS server going down In-Reply-To: References: <4C2DD004.8080606@UFO-Net.nl> <4C303536.3000106@linuxdingsda.de> <4C344FC5.8070305@cyb0rg.org> Message-ID: <4C347FA5.90807@cyb0rg.org> SRN schrieb: >> For my transfer nets 172.22.254.0/26 and 172.22.254.128/27 I debugged >> utils/rfc2317.rb to generate RFC2317 style delegation. This should scale >> to the whole dn42 IPv4 space. > > Are you doing that directly in your 22.172.in-addr.arpa. zone? No. I "took control" over 172.22.254.0/24 after talking to the over affected person (TIM-DN42). This is the content of data/inetnum/172.22.254.0_24 inetnum: 172.22.254.0 - 172.22.254.255 netname: CREST-SHARED-TRANSFER-DN42-IP4NET descr: Workaround DNS limitation of delegating nets <4C303536.3000106@linuxdingsda.de> <4C344FC5.8070305@cyb0rg.org> <4C347FA5.90807@cyb0rg.org> Message-ID: crest at cyb0rg.org (Crest) writes: >SRN schrieb: >>> For my transfer nets 172.22.254.0/26 and 172.22.254.128/27 I debugged >>> utils/rfc2317.rb to generate RFC2317 style delegation. This should scale >>> to the whole dn42 IPv4 space. >> >> Are you doing that directly in your 22.172.in-addr.arpa. zone? >No. I "took control" over 172.22.254.0/24 after talking to the over >affected person (TIM-DN42). This is the content of >data/inetnum/172.22.254.0_24 >inetnum: 172.22.254.0 - 172.22.254.255 >netname: CREST-SHARED-TRANSFER-DN42-IP4NET >descr: Workaround DNS limitation of delegating nets country: DE >admin-c: CREST-DN42 >tech-c: CREST-DN42 >status: ASSIGNED >nserver: ns1.crest.dn42 >nserver: ns2.crest.dn42 >The "254.22.172.in-addr.arpa." zone is served by the same nameservers as >"22.172.in-addr.arpa." and "dn42.", but that doesn't have to be the case >for other ip ranges. The "254.22.172.in-addr.arpa." zonefile is >generated using `ruby utils/rfc2317.rb 172.22.254.0/24` plus hand >written SOA and NS records (could be scripted as well). IMHO, that's a disgusting solution, in that it breaks our decentralization. Lemme think it over, and see if I can come up with something less disgusting. If I can't, I guess a disgusting solution is better than no solution. Thanks for forcing the issue :-) From Ivo at UFO-Net.nl Fri Jul 9 14:58:29 2010 From: Ivo at UFO-Net.nl (Ivo Smits) Date: Fri, 09 Jul 2010 14:58:29 +0200 Subject: [dn42] Inter-darknet routing to anoNet and VAnet Message-ID: <4C371CF5.1080303@UFO-Net.nl> I am announcing the following routes into dn42: - 1.0.0.0/8 for anoNet - 198.18.0.0/15 for VAnet Anonet is a decentralized darknet, which prioritises anonimity over everything else. See also: http://www.anonet.org/ and http://www.wikipedia.org/Anonet. VAnet is a centralized 'work-in-progress' darknet; for more information, take a look at http://www.vanet.org/. Both networks use public IP space. The 1.0.0.0/8 subnet is officially allocated to APNIC. The 198.18.0.0/15 block is allocated for 'use in benchmark tests of network interconnect devices', and will probably not be used on the internet for anything. It's up to you (although it will be appreciated) whether you accept (one of) these routes or not. Please do NOT start a discussion about the use of public IP space for darknets. The other darknets have decided to use it, and that will not change in the near future. If you don't like it, don't accept the routes. I'm not responsible for anonet - I only offer to be the first to link these darknets together. Please note that we're still working on getting the dn42 route accepted on anonet. This will take some time as they don't have any real organization and it's difficult to reach people. Questions and suggestions are welcome: either here, by e-mail to ivo at ucis.nl or on IRC (query/highlight Ivo). -- Ivo a.k.a. UFO -------------- next part -------------- An HTML attachment was scrubbed... URL: From nick at srn.dn42 Fri Jul 9 20:47:44 2010 From: nick at srn.dn42 (SRN) Date: Fri, 9 Jul 2010 18:47:44 +0000 (UTC) Subject: [dn42] Helios' DNS server going down References: <4C2DD004.8080606@UFO-Net.nl> <4C303536.3000106@linuxdingsda.de> <4C344FC5.8070305@cyb0rg.org> <4C347FA5.90807@cyb0rg.org> Message-ID: SRN writes: >crest at cyb0rg.org (Crest) writes: >>SRN schrieb: >>>> For my transfer nets 172.22.254.0/26 and 172.22.254.128/27 I debugged >>>> utils/rfc2317.rb to generate RFC2317 style delegation. This should scale >>>> to the whole dn42 IPv4 space. >>> >>> Are you doing that directly in your 22.172.in-addr.arpa. zone? >>No. I "took control" over 172.22.254.0/24 after talking to the over >>affected person (TIM-DN42). This is the content of >>data/inetnum/172.22.254.0_24 >>inetnum: 172.22.254.0 - 172.22.254.255 >>netname: CREST-SHARED-TRANSFER-DN42-IP4NET >>descr: Workaround DNS limitation of delegating nets >country: DE >>admin-c: CREST-DN42 >>tech-c: CREST-DN42 >>status: ASSIGNED >>nserver: ns1.crest.dn42 >>nserver: ns2.crest.dn42 >>The "254.22.172.in-addr.arpa." zone is served by the same nameservers as >>"22.172.in-addr.arpa." and "dn42.", but that doesn't have to be the case >>for other ip ranges. The "254.22.172.in-addr.arpa." zonefile is >>generated using `ruby utils/rfc2317.rb 172.22.254.0/24` plus hand >>written SOA and NS records (could be scripted as well). >IMHO, that's a disgusting solution, in that it breaks our >decentralization. Lemme think it over, and see if I can come up with >something less disgusting. If I can't, I guess a disgusting solution >is better than no solution. Without anycast, I can't come up with a decent solution, without integrating the small block rDNS into the main rDNS zone (which you've already noted isn't "decent" by you). With anycast, I have what I believe to be the cleanest possible solution. I'm reserving .53.54 (see http://www.srn.dn42/crazydns) for small-block dn42 rDNS, and .53.52 (dn42 rDNS) servers simply delegate the /24s containing the small blocks to .53.54. This solution is cleaner than yours because: 1) It preserves dn42's decentralization. 2) It doesn't require artificial "covering" registry entries. If I'm missing something, please complain. If my solution looks good to you, then I plan to implement the necessary scripts to make it happen, so I can beg cronix to deploy it :-) BTW - Does anybody know what's up with 172.22.24.1? I have routes to it, but for some strange reason, I'm not able to connect (or even ping): I simply get no packets back. Can somebody who can reach .24.1 try pinging me (at 172.22.131.40 for example)? From equinox at diac24.net Sat Jul 10 14:15:54 2010 From: equinox at diac24.net (David Lamparter) Date: Sat, 10 Jul 2010 14:15:54 +0200 Subject: [dn42] Inter-darknet routing to anoNet and VAnet In-Reply-To: <4C371CF5.1080303@UFO-Net.nl> References: <4C371CF5.1080303@UFO-Net.nl> Message-ID: <20100710141554.546b9cb6.equinox@diac24.net> On Fri, 09 Jul 2010 14:58:29 +0200 Ivo Smits wrote: > Please note that we're still working on getting the dn42 route accepted > on anonet. This will take some time as they don't have any real > organization and it's difficult to reach people. Well, it's basically the same here, dn42 is nothing more than the collection of people participating. > I am announcing the following routes into dn42: > - 1.0.0.0/8 for anoNet > - 198.18.0.0/15 for VAnet > > Both networks use public IP space. The 1.0.0.0/8 subnet is officially > allocated to APNIC. The 198.18.0.0/15 block is allocated for 'use in > benchmark tests of network interconnect devices', and will probably not > be used on the internet for anything. While I see no problem accepting 198.18.0/15 (and probably will accept that myself), I would certainly recommend no one accept 1.0/8 since that network is currently undergoing "debogoning" (cf. https://www.ripe.net/info/ncc/presentations/2010-dranse-1slash8.pdf and http://www.ris.ripe.net/debogon/ ) To make this fully clear to everyone: THE 1.0.0.0/8 NETWORK IS NOW IN USE ON THE INTERNET. This basically is a anoNet problem that has to be solved by the anoNet people, end of story... Thank you for your patience, please remain fully seated while the RIR pilots land the 1.0/8 plane on the internet airport... -equinox From nick at srn.dn42 Sun Jul 11 08:03:19 2010 From: nick at srn.dn42 (SRN) Date: Sun, 11 Jul 2010 06:03:19 +0000 (UTC) Subject: [dn42] Inter-darknet routing to anoNet and VAnet References: <4C371CF5.1080303@UFO-Net.nl> <20100710141554.546b9cb6.equinox@diac24.net> Message-ID: equinox at diac24.net (David Lamparter) writes: >On Fri, 09 Jul 2010 14:58:29 +0200 >Ivo Smits wrote: >> Please note that we're still working on getting the dn42 route accepted >> on anonet. This will take some time as they don't have any real >> organization and it's difficult to reach people. >Well, it's basically the same here, dn42 is nothing more than the collection of people participating. >> I am announcing the following routes into dn42: >> - 1.0.0.0/8 for anoNet >> - 198.18.0.0/15 for VAnet >> >> Both networks use public IP space. The 1.0.0.0/8 subnet is officially >> allocated to APNIC. The 198.18.0.0/15 block is allocated for 'use in >> benchmark tests of network interconnect devices', and will probably not >> be used on the internet for anything. >While I see no problem accepting 198.18.0/15 (and probably will accept that myself), I would certainly recommend no one accept 1.0/8 since that network is currently undergoing "debogoning" (cf. https://www.ripe.net/info/ncc/presentations/2010-dranse-1slash8.pdf and http://www.ris.ripe.net/debogon/ ) >To make this fully clear to everyone: >THE 1.0.0.0/8 NETWORK IS NOW IN USE ON THE INTERNET. >This basically is a anoNet problem that has to be solved by the anoNet people, end of story... >Thank you for your patience, please remain fully seated while the RIR pilots land the 1.0/8 plane on the internet airport... I find it funny how people like to start out with ridiculous assumptions, and then take them for granted when challenged. There is no divine ordenation granting ICANN control of the public IP addresses on any public internet except their own IcannNet (which they've confusingly labeled "Internet"). On the AnoNet, public resources aren't allocated by ICANN, and in fact, ICANN isn't even known to participate in the AnoNet. For more about this topic, you may want to check out the AnoNet FAQ (http://www.anonet2.org/faq). So if you want to remain fully seated while the RIR pilots crashland yet another Class A IcannNet subnet, that's your own choice, but it's kinda silly to expect everybody else to do the same, and calling this "a[n] AnoNet problem that has to be solved by the AnoNet people" is just plain laughable. BTW - welterde: I didn't get UFO's message that equinox replied to. Is it possible that mail2news drops certain messages? I'd ask you on IRC, but I'm not able to access 172.22.24.1 for some reason. From equinox at diac24.net Sun Jul 11 10:32:14 2010 From: equinox at diac24.net (David Lamparter) Date: Sun, 11 Jul 2010 10:32:14 +0200 Subject: [dn42] Inter-darknet routing to anoNet and VAnet In-Reply-To: References: <4C371CF5.1080303@UFO-Net.nl> <20100710141554.546b9cb6.equinox@diac24.net> Message-ID: <1278837134.5830.34.camel@arkology.n2.diac24.net> Am Donnerstag, den 01.01.1970, 00:00 +0000 schrieb SRN: > I find it funny how people like to start out with ridiculous assumptions, > and then take them for granted when challenged. There is no divine > ordenation granting ICANN control of the public IP addresses on any > public internet except their own IcannNet (which they've confusingly > labeled "Internet"). Weirdly enough, this "IcannNet" seems to be the Internet I want to participate in. It has all those funny cat pictures and Rick Astley videos. I also want to participate in dn42. Now since dn42 acknowledges the need for IcannNet - usually it even requires IcannNet for participating - the parameters for dn42 have been chosen in a way that makes it not interfere with this "IcannNet" thing. (people's priorities tend to be participation in IcannNet primarily, plus then for some things dn42.) If you want to participate in anoNet first, and then maybe in this IcannNet - sure, go ahead. Actually, if you have a low/zero-cost solution of interlinking anoNet nodes without a working IcannNet, then please tell! Also, from another perspective: You have the participation reversed. anoNet are the one supposed to participate in the ICANN, not the other way around. The ICANN, with all its failures and problems - I'd be very happy to have it replaced with a body that isn't this heavily influenced by the US government and large corporations - still is the body that has formed as a forum for internet (no "the"!) coordination. Or, as lore: "At the beginnings of time, when universities, nuclear facilities and oddball companies started linking their networks, they noticed they'd need to coordinate. They set up procedures and people to take care of all the coordination they'd need. Over the decades, this has grown to a big institution with all kinds of quirks, but it still is /the/ place to meet for internet needs." So if you want to be an alternative to the IcannNet instead of an addition, be my guest. But don't whine when people prefer this IcannNet (with google lolcats and their employer's website) over your anoNet. (funnily enough, it has always been interesting to watch how dn42 develops and evolves its own body for regulation. I have to say, the recent developments with the registry are most intriguing.) > but I'm not able to access 172.22.24.1 for some reason. what's your ASN/IP? did you try 2001:8d8:81:5c0::1? -equinox From dn42 at somakoma.de Sun Jul 11 10:39:31 2010 From: dn42 at somakoma.de (soma) Date: Sun, 11 Jul 2010 10:39:31 +0200 Subject: [dn42] Inter-darknet routing to anoNet and VAnet In-Reply-To: References: <4C371CF5.1080303@UFO-Net.nl> <20100710141554.546b9cb6.equinox@diac24.net> Message-ID: <4C398343.5090400@somakoma.de> On 11.07.2010 08:03, SRN wrote: > > I find it funny how people like to start out with ridiculous assumptions, > and then take them for granted when challenged. There is no divine > ordenation granting ICANN control of the public IP addresses on any > public internet except their own IcannNet (which they've confusingly > labeled "Internet"). On the AnoNet, public resources aren't allocated by > ICANN, and in fact, ICANN isn't even known to participate in the AnoNet. > For more about this topic, you may want to check out the AnoNet FAQ > (http://www.anonet2.org/faq). So if you want to remain fully seated > while the RIR pilots crashland yet another Class A IcannNet subnet, > that's your own choice, but it's kinda silly to expect everybody else > to do the same, and calling this "a[n] AnoNet problem that has to be > solved by the AnoNet people" is just plain laughable. > It may be fine to use every ip range for isolated networks. But because most of the people want to access "the Internet" in the first line and then maybe have a foot in some other nets like dn42, anonet or freifunk its not a good idea to generate collissions in these nets. For example Freifunk started using 104/8, which is also going to be allocated soon and there still is a lot of work to be done to migrate to some rfc1918 space. Using "stolen" ip-space turned out to be a huge mistake back then. Imho you should also think about migration. But i have to admit that rfc1918 spaces are heavily used, so you won't be able to find a "free" /8 network. Maybe the way to go is v6... Greetings, soma From nick at srn.dn42 Sun Jul 11 12:21:27 2010 From: nick at srn.dn42 (SRN) Date: Sun, 11 Jul 2010 10:21:27 +0000 (UTC) Subject: [dn42] Inter-darknet routing to anoNet and VAnet References: <4C371CF5.1080303@UFO-Net.nl> <20100710141554.546b9cb6.equinox@diac24.net> <4C398343.5090400@somakoma.de> Message-ID: dn42 at somakoma.de (soma) writes: >On 11.07.2010 08:03, SRN wrote: >> >> I find it funny how people like to start out with ridiculous assumptions, >> and then take them for granted when challenged. There is no divine >> ordenation granting ICANN control of the public IP addresses on any >> public internet except their own IcannNet (which they've confusingly >> labeled "Internet"). On the AnoNet, public resources aren't allocated by >> ICANN, and in fact, ICANN isn't even known to participate in the AnoNet. >> For more about this topic, you may want to check out the AnoNet FAQ >> (http://www.anonet2.org/faq). So if you want to remain fully seated >> while the RIR pilots crashland yet another Class A IcannNet subnet, >> that's your own choice, but it's kinda silly to expect everybody else >> to do the same, and calling this "a[n] AnoNet problem that has to be >> solved by the AnoNet people" is just plain laughable. >> >It may be fine to use every ip range for isolated networks. But because >most of the people want to access "the Internet" in the first line and >then maybe have a foot in some other nets like dn42, anonet or freifunk >its not a good idea to generate collissions in these nets. For example >Freifunk started using 104/8, which is also going to be allocated soon >and there still is a lot of work to be done to migrate to some rfc1918 >space. Using "stolen" ip-space turned out to be a huge mistake back then. Freifunk has as its goal to connect people to the IcannNet, so conflicting with the IcannNet obviously is counterproductive. AnoNet users would normally be accessing IcannNet through a proxy, anyway, so there's no real need to dodge addressing conflicts with IcannNet. >Imho you should also think about migration. But i have to admit that >rfc1918 spaces are heavily used, so you won't be able to find a "free" >/8 network. Maybe the way to go is v6... AnoNet1 is working (slowly) on IPv6 adoption, BTW, but AnoNet2 isn't likely to switch to IPv6 anytime soon, since there's nobody on AnoNet2 who's pushing for IPv6. My own opinion, of course, is that SNAT and/or ALG are the correct ways of dealing with separate internets. From rmayer at vinotech.de Sun Jul 11 12:42:29 2010 From: rmayer at vinotech.de (Ralph J.Mayer) Date: Sun, 11 Jul 2010 12:42:29 +0200 Subject: [dn42] Inter-darknet routing to anoNet and VAnet In-Reply-To: References: <4C371CF5.1080303@UFO-Net.nl> <20100710141554.546b9cb6.equinox@diac24.net> Message-ID: <4C39A015.3070300@vinotech.de> > I find it funny how people like to start out with ridiculous assumptions, > and then take them for granted when challenged. There is no divine > ordenation granting ICANN control of the public IP addresses on any > public internet except their own IcannNet (which they've confusingly > labeled "Internet"). So true! This is what the "Internet" is all about, the agreement to accept the allocations by IANA. Most people do not understand this. And if anyone has a problem with other networks using the same space, be careful what you announce and what you accept in your filters. -- Viele Gr??e / Kind Regards / Cordiali Saluti / Met vriendelijke groet Ralph J.Mayer xmpp:rmayer at vinotech.de www.vinoblog.de mailto:rmayer at vinotech.de From nobody at nowhere.ws Sun Jul 11 19:31:13 2010 From: nobody at nowhere.ws (nobody at nowhere.ws) Date: Sun, 11 Jul 2010 19:31:13 +0200 Subject: [dn42] Inter-darknet routing to anoNet and VAnet In-Reply-To: References: <4C371CF5.1080303@UFO-Net.nl> <20100710141554.546b9cb6.equinox@diac24.net> <4C398343.5090400@somakoma.de> Message-ID: <4C39FFE1.4030504@nowhere.ws> On 11.07.2010 12:21, SRN wrote: > Freifunk has as its goal to connect people to the IcannNet I just want to state that this information is wrong. The main goal of Freifunk has been and is to provide independent networks. The ability to route to the "IcannNet" is just another neat feature - unfortunately for many users the only interesting one. -nobody From nick at srn.dn42 Sun Jul 11 20:25:39 2010 From: nick at srn.dn42 (SRN) Date: Sun, 11 Jul 2010 18:25:39 +0000 (UTC) Subject: [dn42] Inter-darknet routing to anoNet and VAnet References: <4C371CF5.1080303@UFO-Net.nl> <20100710141554.546b9cb6.equinox@diac24.net> <1278837134.5830.34.camel@arkology.n2.diac24.net> Message-ID: equinox at diac24.net (David Lamparter) writes: >Am Donnerstag, den 01.01.1970, 00:00 +0000 schrieb SRN: >> I find it funny how people like to start out with ridiculous assumptions, >> and then take them for granted when challenged. There is no divine >> ordenation granting ICANN control of the public IP addresses on any >> public internet except their own IcannNet (which they've confusingly >> labeled "Internet"). >Weirdly enough, this "IcannNet" seems to be the Internet I want to >participate in. It has all those funny cat pictures and Rick Astley >videos. I also want to participate in dn42. Now since dn42 acknowledges >the need for IcannNet - usually it even requires IcannNet for >participating - the parameters for dn42 have been chosen in a way that >makes it not interfere with this "IcannNet" thing. (people's priorities >tend to be participation in IcannNet primarily, plus then for some >things dn42.) I guess that would explain why so many #dn42 clients are on IcannNet IPs. >If you want to participate in anoNet first, and then maybe in this >IcannNet - sure, go ahead. Actually, if you have a low/zero-cost >solution of interlinking anoNet nodes without a working IcannNet, then >please tell! IcannNet, while having many problems, does have one redeeming feature: it's the best dumb pipe available between most pairs of people. Therefore, it's only natural to use it to tunnel most of AnoNet's link layer. >Also, from another perspective: >You have the participation reversed. anoNet are the one supposed to >participate in the ICANN, not the other way around. The ICANN, with all >its failures and problems - I'd be very happy to have it replaced with a >body that isn't this heavily influenced by the US government and large >corporations - still is the body that has formed as a forum for internet >(no "the"!) coordination. Your confusion is in proper vs. improper nouns. An internet simply means an internetwork, and AnoNet meets the definition just as well as IcannNet. The source of confusion lies in the merging of the old internets into what eventually grabbed the name "Internet," marketing itself to world domination. My rename is intended to make it easier to avoid your confusion. >Or, as lore: "At the beginnings of time, when universities, nuclear >facilities and oddball companies started linking their networks, they >noticed they'd need to coordinate. They set up procedures and people to >take care of all the coordination they'd need. Over the decades, this >has grown to a big institution with all kinds of quirks, but it still >is /the/ place to meet for internet needs." Translation: Over the decades, ICANN has transformed its internet from an amazing achievement into an annoying extension of government, and has mismanaged it even in that capacity. You make the fundamental error of assuming that IcannNet is the only internet, and that therefore all internet needs can and should be dealt with at ICANN. ICANN has no divine monopoly over internetworking: IcannNet was built on top of other internets, and IcannNet2 until recently was little more than a tunneled overlay on IcannNet, but I doubt you'd levy the same type of ridiculous accusations against it as you do against AnoNet. >So if you want to be an alternative to the IcannNet instead of an >addition, be my guest. But don't whine when people prefer this IcannNet >(with google lolcats and their employer's website) over your anoNet. The advantage in AnoNet only using 1/8 is to narrow the sphere of conflict between IcannNet and AnoNet. You're not forced to replace all your google lolcats and your employer's IcannNet presence by joining AnoNet (although you're certainly free to), since I'm not aware of any google lolcats (nor anything else worth visiting, for that matter) on 1/8. Now, by all means, feel free to "remain seated" while ICANN tries to change that, but don't whine when others decide it's time to move on. >(funnily enough, it has always been interesting to watch how dn42 >develops and evolves its own body for regulation. I have to say, the >recent developments with the registry are most intriguing.) FWIW, I've been quite impressed with the level of decentralization on dn42. My only real complaint so far has been dn42's centralized alignment with ICANN for public ASNs, rather than taking the decentralized approach (what the written rules used to say) of letting everybody do whatever the heck he wants, and "may the best AS28 win." Now, I regard the registry as a strong step in the right direction, since it moves resource allocation from a centralized authority (the wiki) to a decentralized one (our monotone-based registry). (Don't get me wrong: I see many problems in the technical choices made in the dn42 registry filesystem (proven in the huge difference in LOC between anonet resdb scripts and dn42 registry scripts), but the dn42 registry is certainly "good enough" to get the job done, and it holds a curious advantage over the anonet resdb in that it's tracked by monotone rather than git.) I've spent the last couple of hours working on getting our internal wiki to follow the same pattern, and with God's help I hope we can continue to further enhance the level of decentralization on dn42. (My hope, in case it's not perfectly obvious, is for the dn42 "body for regulation" to develop and evolv into the smallest body feasible, rather than the largest one feasible, as has happened on the IcannNet.) I already refer anybody who doesn't want anonymity to dn42 because it's earned my respect as a decent AnoNet alternative for those who could care less about AnoNet's primary purpose. >> but I'm not able to access 172.22.24.1 for some reason. >what's your ASN/IP? I'm AS64731. A pingable IP is 172.22.131.40. > did you try 2001:8d8:81:5c0::1? Nope, I have not tried it (nor can I easily, since I have no IPv6). From nick at srn.dn42 Sun Jul 11 21:35:37 2010 From: nick at srn.dn42 (SRN) Date: Sun, 11 Jul 2010 19:35:37 +0000 (UTC) Subject: [dn42] Inter-darknet routing to anoNet and VAnet References: <4C371CF5.1080303@UFO-Net.nl> <20100710141554.546b9cb6.equinox@diac24.net> <4C398343.5090400@somakoma.de> <4C39FFE1.4030504@nowhere.ws> Message-ID: nobody at nowhere.ws writes: >On 11.07.2010 12:21, SRN wrote: >> Freifunk has as its goal to connect people to the IcannNet >I just want to state that this information is wrong. The main goal of >Freifunk has been and is to provide independent networks. The ability to >route to the "IcannNet" is just another neat feature - unfortunately for >many users the only interesting one. Thank you for that correction. I've corrected my own version of reality, and hope others do the same. Regardless, though, you consider IcannNet routing a feature of Freifunk, so the rest of my argument applies just the same. AnoNet doesn't consider IcannNet routing a feature, and in fact considers the lack thereof a primary feature, so even though we attempted to avoid direct conflicts with IcannNet by using a range that IcannNet itself reserved against its own allocations, we were under no obligation to do so, and naturally we are under no obligation to "fix" the conflicts that ICANN chose to create more recently by allocating 1/8 itself. From astro at spaceboyz.net Sun Jul 11 18:26:13 2010 From: astro at spaceboyz.net (Astro) Date: Sun, 11 Jul 2010 18:26:13 +0200 Subject: [dn42] Inter-darknet routing to anoNet and VAnet In-Reply-To: References: <4C371CF5.1080303@UFO-Net.nl> <20100710141554.546b9cb6.equinox@diac24.net> Message-ID: <20100711162613.GD2278@chronos.sin> SRN wrote: > There is no divine ordenation granting ICANN control of the public IP > addresses on any public internet except their own IcannNet (which > they've confusingly labeled "Internet"). Seen that way, I still prefer the default route to my upstream ISP for any _Internet_ traffic. Do you despise the foundations of our liberal western world too? From admin at crystalnet.eu Mon Jul 12 01:23:28 2010 From: admin at crystalnet.eu (Lukas Wingerberg) Date: Mon, 12 Jul 2010 01:23:28 +0200 Subject: [dn42] Helios' DNS server going down In-Reply-To: References: <4C2DD004.8080606@UFO-Net.nl> <4C303536.3000106@linuxdingsda.de> <4C344FC5.8070305@cyb0rg.org> <4C347FA5.90807@cyb0rg.org> Message-ID: Well srn, im only waiting for your "go" and ill be in with hostin an anycast rDNS, just a matter of time Greetings, Cronix -------------- next part -------------- An HTML attachment was scrubbed... URL: From admin at crystalnet.eu Mon Jul 12 01:23:28 2010 From: admin at crystalnet.eu (Lukas Wingerberg) Date: Mon, 12 Jul 2010 01:23:28 +0200 Subject: [dn42] Helios' DNS server going down References: <4C2DD004.8080606@UFO-Net.nl> <4C303536.3000106@linuxdingsda.de> <4C344FC5.8070305@cyb0rg.org> <4C347FA5.90807@cyb0rg.org> Message-ID: Well srn, im only waiting for your "go" and ill be in with hostin an anycast rDNS, just a matter of time Greetings, Cronix -------------- next part -------------- An HTML attachment was scrubbed... URL: From nick at srn.dn42 Sat Jul 17 01:03:43 2010 From: nick at srn.dn42 (SRN) Date: Fri, 16 Jul 2010 23:03:43 +0000 (UTC) Subject: [dn42] Helios' DNS server going down References: <4C2DD004.8080606@UFO-Net.nl> <4C303536.3000106@linuxdingsda.de> <4C344FC5.8070305@cyb0rg.org> <4C347FA5.90807@cyb0rg.org> Message-ID: admin at crystalnet.eu (Lukas Wingerberg) writes: >Well srn, im only waiting for your "go" and ill be in with hostin an anycast >rDNS, just a matter of time Hi cronix, Now that my infrastructure seems to be back up again, I'm planning to work on scripts for the two dn42 rDNS anycasts (the /24 nameserver and the small block nameserver). I was hoping to deal with the wiki first, but after your experience with ikiwiki, I fear it may take more time and effort than I was hoping it'd take. Does anybody else have a suggestion for a decentralized wiki, before I start banging my head against the ikiwiki wall? From nick at srn.dn42 Sat Jul 17 01:12:54 2010 From: nick at srn.dn42 (SRN) Date: Fri, 16 Jul 2010 23:12:54 +0000 (UTC) Subject: [dn42] Inter-darknet routing to anoNet and VAnet References: <4C371CF5.1080303@UFO-Net.nl> <20100710141554.546b9cb6.equinox@diac24.net> <20100711162613.GD2278@chronos.sin> Message-ID: astro at spaceboyz.net (Astro) writes: >SRN wrote: >> There is no divine ordenation granting ICANN control of the public IP >> addresses on any public internet except their own IcannNet (which >> they've confusingly labeled "Internet"). >Seen that way, I still prefer the default route to my upstream ISP for >any _Internet_ traffic. That's the wonderful thing about freedom of choice: nobody's forcing you to surrender your _IcannNet_ traffic to AnoNet. >Do you despise the foundations of our liberal western world too? Quite to the contrary, I greatly value freedom of choice and its prerequisite, truth in advertising. That's why I don't allow myself to be sold out to the so-called "Internet" hype. Guys like equinox may allow themselves to be bribed by google lolcatz, but not I. I value my liberal western world, and intend to defend it against the corporatist interests that would like to redefine "internetwork" into a proper noun. Where are _your_ liberal western values??? From allo at laxu.de Sun Jul 18 14:45:34 2010 From: allo at laxu.de (Allo) Date: Sun, 18 Jul 2010 14:45:34 +0200 Subject: [dn42] dn42chan Message-ID: <4C42F76E.8040406@laxu.de> Hi everybody! I proudly present: http://chan.dn42 the zone works only on 172.22.53.53 nameserver now, so use http://chan.allo.dn42 if you're using the 172.22.0.53 nameserver. enjoy! From admin at crystalnet.eu Mon Jul 19 02:52:12 2010 From: admin at crystalnet.eu (Cronix) Date: Mon, 19 Jul 2010 00:52:12 +0000 (UTC) Subject: [dn42] test from new newsgroup webinterface Message-ID: just a shot testmessage ;) From admin at crystalnet.eu Mon Jul 19 03:08:59 2010 From: admin at crystalnet.eu (Cronix) Date: Mon, 19 Jul 2010 01:08:59 +0000 (UTC) Subject: [dn42] test from new newsgroup webinterface References: Message-ID: Test completed successfully, you can now access a new newsgroup webinterface @ http://news.crystalnet.dn42 Requests for groups via mail or list ;) Greetings Cronix From admin at crystalnet.eu Sat Jul 24 02:31:58 2010 From: admin at crystalnet.eu (Cronix) Date: Sat, 24 Jul 2010 00:31:58 +0000 (UTC) Subject: [dn42] DN42 Dns Frontend Message-ID: Hi Dn42, Im currently collecting ideas / feature requests etc for the webinterface i write to use with the current registry, if u have any particular features or anything else in mind, please let me know and write it down at the wiki page i created for this purpose: http://dn42.net/trac/wiki/dnsWebinterface Thanks in advance Cronix From nick at srn.dn42 Wed Jul 28 09:39:01 2010 From: nick at srn.dn42 (SRN) Date: Wed, 28 Jul 2010 07:39:01 +0000 (UTC) Subject: [dn42] DN42 Dns Frontend References: Message-ID: admin at crystalnet.eu (Cronix) writes: >Im currently collecting ideas / feature requests etc for the webinterface >i write to use with the current registry, if u have any particular >features or anything else in mind, please let me know and write it down at >the wiki page i created for this purpose: >http://dn42.net/trac/wiki/dnsWebinterface Hi cronix, I notice you haven't yet implemented the part that manages the actual records. I'd like to take this opportunity to suggest a format, and if it sounds good, I can then implement the script to autogenerate datafiles for crazydns nameservice to power domains managed by your webinterface. My suggestion is to place the contents of the zone directly in the data/dns/.dn42 file, as records named "dnsrecord." Here's what data/dns/crazydns.dn42 might look like, with my current proposal: domain: crazydns.dn42 nserver: somerandomcrap.ns.crazydns.dn42 172.22.53.55 nserver: someothercrap.ns.crazydns.dn42 172.22.53.56 status: connect admin-c: SRN-DN42 tech-c: SRN-DN42 dnsrecord: A:www.crazydns.dn42:172.22.53.80 dnsrecord: A:a.rootns.crazydns.dn42:172.22.53.50 dnsrecord: A:a.dn42ns.crazydns.dn42:172.22.53.51 dnsrecord: A:a.rdns.crazydns.dn42:172.22.53.52 dnsrecord: A:a.dnscache.crazydns.dn42:172.22.53.53 dnsrecord: A:a.smallblockrdns.crazydns.dn42:172.22.53.54 What do you think of my current proposal? I see some strengths and some weaknesses, but I don't see any way to improve it off-hand. Do you? Does anybody else? -- Their mad rush in getting us out of the country is the greatest proof to me that I have served the cause of humanity, that I have never wavered or compromised. -- Emma Goldman From admin at crystalnet.eu Wed Jul 28 10:28:32 2010 From: admin at crystalnet.eu (Lukas Wingerberg) Date: Wed, 28 Jul 2010 10:28:32 +0200 Subject: [dn42] DN42 Dns Frontend Message-ID: Hm generally i agree with you, well, i just thought about and might have an idea about an alternative. I dont know if it affect the parsetime in a bad way. Am 28.07.2010 09:42 schrieb "SRN" : admin at crystalnet.eu (Cronix) writes: >Im currently collecting ideas / feature requests etc for the ... Hi cronix, I notice you haven't yet implemented the part that manages the actual records. I'd like to take this opportunity to suggest a format, and if it sounds good, I can then implement the script to autogenerate datafiles for crazydns nameservice to power domains managed by your webinterface. My suggestion is to place the contents of the zone directly in the data/dns/.dn42 file, as records named "dnsrecord." Here's what data/dns/crazydns.dn42 might look like, with my current proposal: domain: crazydns.dn42 nserver: somerandomcrap.ns.crazydns.dn42 172.22.53.55 nserver: someothercrap.ns.crazydns.dn42 172.22.53.56 status: connect admin-c: SRN-DN42 tech-c: SRN-DN42 dnsrecord: A:www.crazydns.dn42:172.22.53.80 dnsrecord: A:a.rootns.crazydns.dn42:172.22.53.50 dnsrecord: A:a.dn42ns.crazydns.dn42:172.22.53.51 dnsrecord: A:a.rdns.crazydns.dn42:172.22.53.52 dnsrecord: A:a.dnscache.crazydns.dn42:172.22.53.53 dnsrecord: A:a.smallblockrdns.crazydns.dn42:172.22.53.54 What do you think of my current proposal? I see some strengths and some weaknesses, but I don't see any way to improve it off-hand. Do you? Does anybody else? -- Their mad rush in getting us out of the country is the greatest proof to me that I have served the cause of humanity, that I have never wavered or compromised. -- Emma Goldman _______________________________________________ dn42 mailing list dn42 at lists.spaceboyz.net http://l... -------------- next part -------------- An HTML attachment was scrubbed... URL: From crest at cyb0rg.org Wed Jul 28 13:54:57 2010 From: crest at cyb0rg.org (Crest) Date: Wed, 28 Jul 2010 13:54:57 +0200 Subject: [dn42] DN42 Dns Frontend In-Reply-To: References: Message-ID: <4C501A91.2080603@cyb0rg.org> SRN schrieb: > admin at crystalnet.eu (Cronix) writes: > >> Im currently collecting ideas / feature requests etc for the webinterface >> i write to use with the current registry, if u have any particular >> features or anything else in mind, please let me know and write it down at >> the wiki page i created for this purpose: >> http://dn42.net/trac/wiki/dnsWebinterface > > Hi cronix, > > I notice you haven't yet implemented the part that manages the actual > records. I'd like to take this opportunity to suggest a format, and if > it sounds good, I can then implement the script to autogenerate datafiles > for crazydns nameservice to power domains managed by your webinterface. > My suggestion is to place the contents of the zone directly in the > data/dns/.dn42 file, as records named "dnsrecord." Here's what > data/dns/crazydns.dn42 might look like, with my current proposal: > domain: crazydns.dn42 > nserver: somerandomcrap.ns.crazydns.dn42 172.22.53.55 > nserver: someothercrap.ns.crazydns.dn42 172.22.53.56 > status: connect > admin-c: SRN-DN42 > tech-c: SRN-DN42 > dnsrecord: A:www.crazydns.dn42:172.22.53.80 > dnsrecord: A:a.rootns.crazydns.dn42:172.22.53.50 > dnsrecord: A:a.dn42ns.crazydns.dn42:172.22.53.51 > dnsrecord: A:a.rdns.crazydns.dn42:172.22.53.52 > dnsrecord: A:a.dnscache.crazydns.dn42:172.22.53.53 > dnsrecord: A:a.smallblockrdns.crazydns.dn42:172.22.53.54 > > What do you think of my current proposal? I see some strengths and some > weaknesses, but I don't see any way to improve it off-hand. Do you? > Does anybody else? How about the bind zonefile format? I would use one $INCLUDE per zone. e.g. "master/dn42": $ORIGIN . $TTL 24h dn42 IN SOA nic.dn42. root.nic.dn42. ( 2010072800 ; serial 4h ; refresh 1h ; retry 2w ; expire 2d ; minimum ) ... $INCLUDE master/dn42_include/crest ... and "master/dn42_include/crest": crest.dn42. NS ns1.crest.dn42. crest.dn42. NS ns2.crest.dn42. ns1.crest.dn42 A 172.22.228.6 ns2.crest.dn42 A 172.22.228.46 The format is reasonably simple to write for your Webinterface and directly usable by BIND. IMO the internal format is more or less unimportant as long as it's exported into the monotone repo in whoisd's format. e.g. "data/dns/crest.dn42" domain: crest.dn42 nserver: ns1.crest.dn42 172.22.228.6 nserver: ns2.crest.dn42 172.22.180.46 status: connect-webif admin-c: CREST-DN42 tech-c: CREST-DN42 IMO a webinterface to enter these less than 10 lines is overkill. Just write a bunch of cgi scripts an be happy. From nick at srn.dn42 Fri Jul 30 02:23:59 2010 From: nick at srn.dn42 (SRN) Date: Fri, 30 Jul 2010 00:23:59 +0000 (UTC) Subject: [dn42] DN42 Dns Frontend References: <4C501A91.2080603@cyb0rg.org> Message-ID: crest at cyb0rg.org (Crest) writes: >SRN schrieb: >> admin at crystalnet.eu (Cronix) writes: >> >>> Im currently collecting ideas / feature requests etc for the webinterface >>> i write to use with the current registry, if u have any particular >>> features or anything else in mind, please let me know and write it down at >>> the wiki page i created for this purpose: >>> http://dn42.net/trac/wiki/dnsWebinterface >> >> Hi cronix, >> >> I notice you haven't yet implemented the part that manages the actual >> records. I'd like to take this opportunity to suggest a format, and if >> it sounds good, I can then implement the script to autogenerate datafiles >> for crazydns nameservice to power domains managed by your webinterface. >> My suggestion is to place the contents of the zone directly in the >> data/dns/.dn42 file, as records named "dnsrecord." Here's what >> data/dns/crazydns.dn42 might look like, with my current proposal: >> domain: crazydns.dn42 >> nserver: somerandomcrap.ns.crazydns.dn42 172.22.53.55 >> nserver: someothercrap.ns.crazydns.dn42 172.22.53.56 >> status: connect >> admin-c: SRN-DN42 >> tech-c: SRN-DN42 >> dnsrecord: A:www.crazydns.dn42:172.22.53.80 >> dnsrecord: A:a.rootns.crazydns.dn42:172.22.53.50 >> dnsrecord: A:a.dn42ns.crazydns.dn42:172.22.53.51 >> dnsrecord: A:a.rdns.crazydns.dn42:172.22.53.52 >> dnsrecord: A:a.dnscache.crazydns.dn42:172.22.53.53 >> dnsrecord: A:a.smallblockrdns.crazydns.dn42:172.22.53.54 >> >> What do you think of my current proposal? I see some strengths and some >> weaknesses, but I don't see any way to improve it off-hand. Do you? >> Does anybody else? >How about the bind zonefile format? I would use one $INCLUDE per zone. The fundamental problem with the bind zonefile format is that it's harder to parse. I was actually going to propose the tinydns datafile format (which is even easier to parse), but I decided to stick with something that's easier for humans to read/write too given that the cost to achieve it is minimal. >e.g. "master/dn42": > $ORIGIN . > $TTL 24h > dn42 IN SOA nic.dn42. root.nic.dn42. ( > 2010072800 ; serial > 4h ; refresh > 1h ; retry > 2w ; expire > 2d ; minimum > ) > ... > $INCLUDE master/dn42_include/crest > ... >and "master/dn42_include/crest": > crest.dn42. NS ns1.crest.dn42. > crest.dn42. NS ns2.crest.dn42. > ns1.crest.dn42 A 172.22.228.6 > ns2.crest.dn42 A 172.22.228.46 You want to do all this in separate files, rather than in the data/dns/crest.dn42 file? >The format is reasonably simple to write for your Webinterface and >directly usable by BIND. ...and essentially unusable by anything else that may have to parse it (including the webinterface itself) :-( My proposed format is usable by BIND, tinydns, or anything else, with a simple one-line script in nearly any language. It's also trivial to validate. The only downside is that if you have a TXT record with a colon in the record data, parsing rules become ambiguous. If you want to address that type of issue, my suggestion is to make a data/dns/crazydns.dn42.d/rr/ directory: $ cat data/dns/crazydns.dn42.d/rr/www.crazydns.dn42/0 name: www.crazydns.dn42 type: A data: 172.22.53.80 This scheme is nowhere near perfect, because of an "ancient" assumption that all "dns" data would fit in a flat name:value table. If we were starting from scratch, I'd rename data/dns/crazydns.dn42 to data/dns/crazydns.dn42/whois. >IMO the internal format is more or less unimportant as long as it's >exported into the monotone repo in whoisd's format. My proposal is not to have any separate "internal" format, but rather to use the repo directly. It simplifies implementation, and provides reliability for free. >e.g. "data/dns/crest.dn42" > domain: crest.dn42 > nserver: ns1.crest.dn42 172.22.228.6 > nserver: ns2.crest.dn42 172.22.180.46 > status: connect-webif > admin-c: CREST-DN42 > tech-c: CREST-DN42 Interesting, so you're (ab)using the status field instead of (ab)using the tech-c field. Why do you think that's better? (Before you ask, I'm not sure why I think tech-c is better, except that it comes closer to agreeing with (my perception of) reality.) >IMO a webinterface to enter these less than 10 lines is overkill. Just >write a bunch of cgi scripts an be happy. webinterface == "a bunch of cgi scripts" -- Their mad rush in getting us out of the country is the greatest proof to me that I have served the cause of humanity, that I have never wavered or compromised. -- Emma Goldman From crest at cyb0rg.org Sat Jul 31 18:31:02 2010 From: crest at cyb0rg.org (Crest) Date: Sat, 31 Jul 2010 18:31:02 +0200 Subject: [dn42] DN42 Dns Frontend In-Reply-To: References: <4C501A91.2080603@cyb0rg.org> Message-ID: <4C544FC6.4020706@cyb0rg.org> SRN schrieb: > crest at cyb0rg.org (Crest) writes: > >> SRN schrieb: >>> admin at crystalnet.eu (Cronix) writes: >>> >>>> Im currently collecting ideas / feature requests etc for the webinterface >>>> i write to use with the current registry, if u have any particular >>>> features or anything else in mind, please let me know and write it down at >>>> the wiki page i created for this purpose: >>>> http://dn42.net/trac/wiki/dnsWebinterface >>> Hi cronix, >>> >>> I notice you haven't yet implemented the part that manages the actual >>> records. I'd like to take this opportunity to suggest a format, and if >>> it sounds good, I can then implement the script to autogenerate datafiles >>> for crazydns nameservice to power domains managed by your webinterface. >>> My suggestion is to place the contents of the zone directly in the >>> data/dns/.dn42 file, as records named "dnsrecord." Here's what >>> data/dns/crazydns.dn42 might look like, with my current proposal: >>> domain: crazydns.dn42 >>> nserver: somerandomcrap.ns.crazydns.dn42 172.22.53.55 >>> nserver: someothercrap.ns.crazydns.dn42 172.22.53.56 >>> status: connect >>> admin-c: SRN-DN42 >>> tech-c: SRN-DN42 >>> dnsrecord: A:www.crazydns.dn42:172.22.53.80 >>> dnsrecord: A:a.rootns.crazydns.dn42:172.22.53.50 >>> dnsrecord: A:a.dn42ns.crazydns.dn42:172.22.53.51 >>> dnsrecord: A:a.rdns.crazydns.dn42:172.22.53.52 >>> dnsrecord: A:a.dnscache.crazydns.dn42:172.22.53.53 >>> dnsrecord: A:a.smallblockrdns.crazydns.dn42:172.22.53.54 >>> >>> What do you think of my current proposal? I see some strengths and some >>> weaknesses, but I don't see any way to improve it off-hand. Do you? >>> Does anybody else? > >> How about the bind zonefile format? I would use one $INCLUDE per zone. > > The fundamental problem with the bind zonefile format is that it's harder > to parse. I was actually going to propose the tinydns datafile format > (which is even easier to parse), but I decided to stick with something > that's easier for humans to read/write too given that the cost to achieve > it is minimal. > >> e.g. "master/dn42": >> $ORIGIN . >> $TTL 24h >> dn42 IN SOA nic.dn42. root.nic.dn42. ( >> 2010072800 ; serial >> 4h ; refresh >> 1h ; retry >> 2w ; expire >> 2d ; minimum >> ) >> ... >> $INCLUDE master/dn42_include/crest >> ... > >> and "master/dn42_include/crest": >> crest.dn42. NS ns1.crest.dn42. >> crest.dn42. NS ns2.crest.dn42. >> ns1.crest.dn42 A 172.22.228.6 >> ns2.crest.dn42 A 172.22.228.46 > > You want to do all this in separate files, rather than in the > data/dns/crest.dn42 file? I would reject anything that implies manual duplication. I would replace it. >> The format is reasonably simple to write for your Webinterface and >> directly usable by BIND. > > ...and essentially unusable by anything else that may have to parse it > (including the webinterface itself) :-( Not as long as you can rely on the webinterface to generate a subset of that what's readable by BIND. > My proposed format is usable by BIND, tinydns, or anything else, with > a simple one-line script in nearly any language. It's also trivial > to validate. The only downside is that if you have a TXT record > with a colon in the record data, parsing rules become ambiguous. And (newlines or 0 character etc.). Your're right we should be able to transport any valid value. Base64 to the rescue? > If you want to address that type of issue, my suggestion is to make a > data/dns/crazydns.dn42.d/rr/ directory: > $ cat data/dns/crazydns.dn42.d/rr/www.crazydns.dn42/0 > name: www.crazydns.dn42 > type: A > data: 172.22.53.80 > > This scheme is nowhere near perfect, because of an "ancient" > assumption that all "dns" data would fit in a flat name:value table. > If we were starting from scratch, I'd rename data/dns/crazydns.dn42 to > data/dns/crazydns.dn42/whois. > >> IMO the internal format is more or less unimportant as long as it's >> exported into the monotone repo in whoisd's format. > > My proposal is not to have any separate "internal" format, but rather > to use the repo directly. It simplifies implementation, and provides > reliability for free. Sry i didn't meant to replace the current format with BIND's insane formats. I tought the webfrontend should also generate ID-10-T compatible zonefiles. >> e.g. "data/dns/crest.dn42" >> domain: crest.dn42 >> nserver: ns1.crest.dn42 172.22.228.6 >> nserver: ns2.crest.dn42 172.22.180.46 >> status: connect-webif >> admin-c: CREST-DN42 >> tech-c: CREST-DN42 > > Interesting, so you're (ab)using the status field instead of (ab)using > the tech-c field. Why do you think that's better? (Before you ask, > I'm not sure why I think tech-c is better, except that it comes closer > to agreeing with (my perception of) reality.) Neither status nor tech-c are meant to be for this. I think tech-c with an extra handle is the cleaner approach as it doesn't create subformats. From crest at cyb0rg.org Sat Jul 31 19:01:32 2010 From: crest at cyb0rg.org (Crest) Date: Sat, 31 Jul 2010 19:01:32 +0200 Subject: [dn42] DN42 Dns Frontend In-Reply-To: References: Message-ID: <4C5456EC.6040506@cyb0rg.org> Cronix wrote: > Im currently collecting ideas / feature requests etc for the > webinterface i write to use with the current registry, if u have any > particular features or anything else in mind, please let me know and > write it down at the wiki page i created for this purpose: > http://dn42.net/trac/wiki/dnsWebinterface > Thanks in advance > Cronix I'm working on some scripts to make the repo more user and script friendly. The scripts should offer an interface like this: res dns add --domain crest.dn42 \ --nserver ns1.crest.dn42 172.22.228.6 \ --nserver ns2.crest.dn42 172.22.180.46 \ --status connect \ --admin-c CREST-DN42 \ --tech-c CREST-DN42 res commit && res sync Their is an other problem to discuss. How do we want do store arbitrary binary data in the current format? Hex? Base64?