From tobias at linuxdingsda.de Mon Jun 14 16:26:35 2010 From: tobias at linuxdingsda.de (Tobias Winter) Date: Mon, 14 Jun 2010 16:26:35 +0200 Subject: [dn42] Registry Message-ID: <4C163C1B.3060406@linuxdingsda.de> Instead of silently trying to introduce a registry I would greatly appreciate it, if there would be an announcement, a howto and a simple to use webinterace. Also I'm not convinced that the thing will continue to live if welterde goes down for whatever reason. -- wintix -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 261 bytes Desc: OpenPGP digital signature URL: From crest at cyb0rg.org Tue Jun 15 16:25:15 2010 From: crest at cyb0rg.org (Crest) Date: Tue, 15 Jun 2010 16:25:15 +0200 Subject: [dn42] Registry In-Reply-To: <4C163C1B.3060406@linuxdingsda.de> References: <4C163C1B.3060406@linuxdingsda.de> Message-ID: <4C178D4B.2050404@cyb0rg.org> Tobias Winter schrieb: > Instead of silently trying to introduce a registry I would greatly > appreciate it, if there would be an announcement, a howto and a simple > to use webinterace. He did announce it the IRC Channel and the Trac Wiki. Following the Changelog enabled everyone to take notice of him deploying whois. Maybe the "official" announcment will follow once it reached a certain stage e.g. derive a bind zone file for "dn42." from it. Sofar nobody is required to use his whoisd for what ever reason other than to have convient access to a subset of what's currently mantained in the wiki. > Also I'm not convinced that the thing will continue > to live if welterde goes down for whatever reason. ACK. This would be a major problem which can't be solved by without redundancy, but always remember then adding a service: it's easier to ask for forgivness than for permission. MfG Crest From dn42 at welterde.de Wed Jun 16 21:33:51 2010 From: dn42 at welterde.de (Tassilo Schweyer) Date: Wed, 16 Jun 2010 21:33:51 +0200 Subject: [dn42] Registry In-Reply-To: <4C178D4B.2050404@cyb0rg.org> References: <4C163C1B.3060406@linuxdingsda.de> <4C178D4B.2050404@cyb0rg.org> Message-ID: <4C19271F.7050009@welterde.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am 15.06.2010 16:25, schrieb Crest: > Tobias Winter schrieb: >> Also I'm not convinced that the thing will continue >> to live if welterde goes down for whatever reason. > > ACK. This would be a major problem which can't be solved by without > redundancy, but always remember then adding a service: it's easier to > ask for forgivness than for permission. Fixed. SomeRandomNick is running an monotone server now too. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwZJx8ACgkQ67wDdGLgEaEP1QCfdBcxVjgUe9wz266tiXspiDfo SrsAn3Wdhybs3rAZG9LV07/7UWwZ10Pg =3vtq -----END PGP SIGNATURE----- From equinox at diac24.net Thu Jun 17 17:15:50 2010 From: equinox at diac24.net (David Lamparter) Date: Thu, 17 Jun 2010 17:15:50 +0200 Subject: [dn42] [chaosvpn] zone file so far In-Reply-To: <4C195AD5.4040000@ramdrive.org> References: <4C19302D.4080901@ramdrive.org> <4C195AD5.4040000@ramdrive.org> Message-ID: <1276787750.6998.6.camel@arkology.n2.diac24.net> Am Donnerstag, den 17.06.2010, 01:14 +0200 schrieb Elmar Lecher: >hack. IN SOA cvpn-dns. root.localhost. >@ IN NS cvpn-dns. >cvpn-dns IN A 172.31.0.5 It isn't running yet, is it? I can ping it from dn42, but no DNS reply. > vermittlung IN A 172.33.17.213 ^ looks like a typo FYI, dn42 has anycast resolvers (non-authoritative, sadly) running on 172.22.0.53. It should respond to .dn42 and {22,23}.172.in-addr.arpa. We could probably come up with some way to provide cross-referrals for our zones/ranges? -equinox From dn42 at welterde.de Thu Jun 17 21:43:39 2010 From: dn42 at welterde.de (Tassilo Schweyer) Date: Thu, 17 Jun 2010 21:43:39 +0200 Subject: [dn42] Test Message-ID: <4C1A7AEB.7080208@welterde.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is a test-message to check the nntp-gateway.. please ignore. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwaeusACgkQ67wDdGLgEaG87ACeIDVF/+++A5FcIEQwRIsDIrqa uSMAoKq5Dvw/yTIcAZ8HuPErBMm2c3cf =GbCX -----END PGP SIGNATURE----- From welterde at welterde.de Thu Jun 17 22:32:25 2010 From: welterde at welterde.de (Tassilo Schweyer) Date: Thu, 17 Jun 2010 20:32:25 +0000 (UTC) Subject: [dn42] Test References: <4C1A7AEB.7080208@welterde.de> Message-ID: Tassilo Schweyer schrieb: > > This is a test-message to check the nntp-gateway.. please ignore. > > _______________________________________________ > dn42 mailing list > dn42 at lists.spaceboyz.net > http://lists.spaceboyz.net/mailman/listinfo/dn42 > Hello from usenet! (try n) From guus at tinc-vpn.org Thu Jun 17 18:49:17 2010 From: guus at tinc-vpn.org (Guus Sliepen) Date: Thu, 17 Jun 2010 18:49:17 +0200 Subject: [dn42] [chaosvpn] zone file so far In-Reply-To: <1276787750.6998.6.camel@arkology.n2.diac24.net> References: <4C19302D.4080901@ramdrive.org> <4C195AD5.4040000@ramdrive.org> <1276787750.6998.6.camel@arkology.n2.diac24.net> Message-ID: <20100617164917.GS32625@sliepen.org> On Thu, Jun 17, 2010 at 05:15:50PM +0200, David Lamparter wrote: > Am Donnerstag, den 17.06.2010, 01:14 +0200 schrieb Elmar Lecher: > >hack. IN SOA cvpn-dns. root.localhost. > >@ IN NS cvpn-dns. > >cvpn-dns IN A 172.31.0.5 > > It isn't running yet, is it? I can ping it from dn42, but no DNS reply. > > > vermittlung IN A 172.33.17.213 > > ^ looks like a typo > > FYI, dn42 has anycast resolvers (non-authoritative, sadly) running on > 172.22.0.53. It should respond to .dn42 and {22,23}.172.in-addr.arpa. Hm, I cannot seem to reach that server from my chaosvpn node: >tracepath 172.22.0.53 1: 172.31.116.1 0.572ms pmtu 1500 1: 172.22.0.53 0.182ms pmtu 1445 1: 172.31.2.1 32.583ms 2: 172.22.78.75 55.572ms 3: no reply (Note that the second line is due to the local tinc daemon generating an ICMP message, not by 172.22.0.53.) Tinc supports multiple nodes announcing the same Subnet. However, if the Subnets have equal Weights, packets will be sent to the reachable node with the lowest Name. If that node goes down, packets will go to the next reachable node. It does not do anycast (yet) in the sense of sending packets to the closest node with that Subnet, but perhaps we can already test this mechanism for .hack anycast DNS? -- Met vriendelijke groet / with kind regards, Guus Sliepen -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From equinox at diac24.net Fri Jun 18 01:12:49 2010 From: equinox at diac24.net (David Lamparter) Date: Fri, 18 Jun 2010 01:12:49 +0200 Subject: [dn42] [chaosvpn] zone file so far In-Reply-To: <20100617164917.GS32625@sliepen.org> References: <4C19302D.4080901@ramdrive.org> <4C195AD5.4040000@ramdrive.org> <1276787750.6998.6.camel@arkology.n2.diac24.net> <20100617164917.GS32625@sliepen.org> Message-ID: <1276816369.6998.17.camel@arkology.n2.diac24.net> Am Donnerstag, den 17.06.2010, 18:49 +0200 schrieb Guus Sliepen: > > FYI, dn42 has anycast resolvers (non-authoritative, sadly) running on > > 172.22.0.53. It should respond to .dn42 and {22,23}.172.in-addr.arpa. > > Hm, I cannot seem to reach that server from my chaosvpn node: > > >tracepath 172.22.0.53 > 1: 172.31.116.1 0.572ms pmtu 1500 > 1: 172.22.0.53 0.182ms pmtu 1445 > 1: 172.31.2.1 32.583ms > 2: 172.22.78.75 55.572ms > 3: no reply Hmm, probably a missing route back. What's your source IP? (not everyone in dn42 accepts ChaosVPN prefixes yet, we probably need to rise awareness for this link on our side) > (Note that the second line is due to the local tinc daemon generating an ICMP > message, not by 172.22.0.53.) Okay (?) > Tinc supports multiple nodes announcing the same Subnet. However, if the > Subnets have equal Weights, packets will be sent to the reachable node with the > lowest Name. If that node goes down, packets will go to the next reachable > node. It does not do anycast (yet) in the sense of sending packets to the > closest node with that Subnet, but perhaps we can already test this mechanism > for .hack anycast DNS? How does weight and "closeness" relate? (and how do you prevent loops?) Also, this behaviour might form a bottleneck in linking chaosvpn and dn42, because if multiple nodes reannounce BGP routes into tinc, if they have the same weight(??) the one with the lowest name will get all the traffic... (at which point the problem wouldn't be bandwidth but much rather availability i.e. traffic drops/corruption like berserking NAT & stuff) -equi From guus at tinc-vpn.org Fri Jun 18 11:08:44 2010 From: guus at tinc-vpn.org (Guus Sliepen) Date: Fri, 18 Jun 2010 11:08:44 +0200 Subject: [dn42] [chaosvpn] zone file so far In-Reply-To: <1276816369.6998.17.camel@arkology.n2.diac24.net> References: <4C19302D.4080901@ramdrive.org> <4C195AD5.4040000@ramdrive.org> <1276787750.6998.6.camel@arkology.n2.diac24.net> <20100617164917.GS32625@sliepen.org> <1276816369.6998.17.camel@arkology.n2.diac24.net> Message-ID: <20100618090844.GB26965@sliepen.org> On Fri, Jun 18, 2010 at 01:12:49AM +0200, David Lamparter wrote: > > Hm, I cannot seem to reach that server from my chaosvpn node: > > > > >tracepath 172.22.0.53 > > 1: 172.31.116.1 0.572ms pmtu 1500 > > 1: 172.22.0.53 0.182ms pmtu 1445 > > 1: 172.31.2.1 32.583ms > > 2: 172.22.78.75 55.572ms > > 3: no reply > > Hmm, probably a missing route back. What's your source IP? > > (not everyone in dn42 accepts ChaosVPN prefixes yet, we probably need to > rise awareness for this link on our side) The first address in the tracepath is always the source, so 172.31.116.1. > > Tinc supports multiple nodes announcing the same Subnet. However, if the > > Subnets have equal Weights, packets will be sent to the reachable node with the > > lowest Name. If that node goes down, packets will go to the next reachable > > node. It does not do anycast (yet) in the sense of sending packets to the > > closest node with that Subnet, but perhaps we can already test this mechanism > > for .hack anycast DNS? > > How does weight and "closeness" relate? (and how do you prevent loops?) Weight is something you can assign yourself. It is virtually the same as the "metric" option of the route command. Closeness means how close nodes are together (in hops or ping time). Tinc sends packets directly to the destination if possible, but if it has to route via intermediate nodes, it uses a routing protocol similar to OSPF. > Also, this behaviour might form a bottleneck in linking chaosvpn and > dn42, because if multiple nodes reannounce BGP routes into tinc, if they > have the same weight(??) the one with the lowest name will get all the > traffic... (at which point the problem wouldn't be bandwidth but much > rather availability i.e. traffic drops/corruption like berserking NAT & > stuff) That is true... I guess I should implement proper anycast routing soon then. -- Met vriendelijke groet / with kind regards, Guus Sliepen -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: From nick at r.somerandomnick.ano Tue Jun 29 03:18:36 2010 From: nick at r.somerandomnick.ano (Nick) Date: Tue, 29 Jun 2010 01:18:36 +0000 (UTC) Subject: [dn42] Test Message-ID: Does this work? From spike at wolfplex.home.kg Tue Jun 29 04:02:27 2010 From: spike at wolfplex.home.kg (=?ISO-8859-1?Q?S=E9bastien_Spike?=) Date: Tue, 29 Jun 2010 04:02:27 +0200 Subject: [dn42] Test In-Reply-To: References: Message-ID: Yep, it works. On Tue, Jun 29, 2010 at 3:18 AM, Nick wrote: > Does this work? Spike. From nick at srn.dn42 Tue Jun 29 20:32:26 2010 From: nick at srn.dn42 (nick at srn.dn42) Date: Tue, 29 Jun 2010 18:32:26 +0000 (UTC) Subject: [dn42] 172.22.52.0/23 Message-ID: Will the real terx please stand up? 172.22.52.0/23 claims to be used by terx (and before that, shl (never seen)), but I haven't been able to find his routes in BGP now over the past couple of days. terx, if you're reading this, I'd like to ask you to show some sign of life, because I'd like to walk off with one of your /24s if you're dead. From tobias at linuxdingsda.de Tue Jun 29 22:56:29 2010 From: tobias at linuxdingsda.de (Tobias Winter) Date: Tue, 29 Jun 2010 22:56:29 +0200 Subject: [dn42] somerandomnick fix your dns Message-ID: <4C2A5DFD.3040001@linuxdingsda.de> gnarf. --- hi, just noticed that one of the anycast resolvers is malfunctioning or just misconfigured. wintix at s15320568:~$ host 172.22.221.2 172.22.131.38 Using domain server: Name: 172.22.131.38 Address: 172.22.131.38#53 Aliases: Host 2.221.22.172.in-addr.arpa. not found: 3(NXDOMAIN) wintix at s15320568:~$ it should look like that: wintix at s15320568:~$ host 172.22.221.2 172.22.223.1 Using domain server: Name: 172.22.223.1 Address: 172.22.223.1#53 Aliases: 2.221.22.172.in-addr.arpa domain name pointer wlan.wintix.dn42. wintix at s15320568:~$ would be great if you could fix it. -- wintix From david at fakenet.eu Tue Jun 29 23:23:00 2010 From: david at fakenet.eu (David Zurborg) Date: Tue, 29 Jun 2010 23:23:00 +0200 Subject: [dn42] 172.22.52.0/23 In-Reply-To: References: Message-ID: <4C2A6434.1050108@fakenet.eu> I'm still alive but I'm no longer using the dn42 network. 172.22.52.0/23 can be marked as unallocated. Should I do this? (how? just edit the wiki page?) There is a plan to merge my network(s) with dn42 in future, so I continue following the dn42 mailing list. regards, /david Am 29.06.2010 20:32, schrieb nick at srn.dn42: > Will the real terx please stand up? > > 172.22.52.0/23 claims to be used by terx (and before that, shl (never > seen)), but I haven't been able to find his routes in BGP now over the > past couple of days. > > terx, if you're reading this, I'd like to ask you to show some sign of > life, because I'd like to walk off with one of your /24s if you're dead. From nick at srn.dn42 Wed Jun 30 02:47:21 2010 From: nick at srn.dn42 (SRN) Date: Wed, 30 Jun 2010 00:47:21 +0000 (UTC) Subject: [dn42] somerandomnick fix your dns References: <4C2A5DFD.3040001@linuxdingsda.de> Message-ID: tobias at linuxdingsda.de (Tobias Winter) writes: >just noticed that one of the anycast resolvers is malfunctioning or just >misconfigured. >wintix at s15320568:~$ host 172.22.221.2 172.22.131.38 >Host 2.221.22.172.in-addr.arpa. not found: 3(NXDOMAIN) >wintix at s15320568:~$ >would be great if you could fix it. It's misconfigured. (The root server it talks to has no rDNS for dn42.) I've just removed it from the anycast group, until I can fix it. Thank you for noticing :-) From nick at srn.dn42 Wed Jun 30 02:51:43 2010 From: nick at srn.dn42 (SRN) Date: Wed, 30 Jun 2010 00:51:43 +0000 (UTC) Subject: [dn42] 172.22.52.0/23 References: <4C2A6434.1050108@fakenet.eu> Message-ID: david at fakenet.eu (David Zurborg) writes: >I'm still alive but I'm no longer using the dn42 network. 172.22.52.0/23 >can be marked as unallocated. Should I do this? (how? just edit the wiki >page?) Cool, thanks. I can deallocate it (and reallocate half of it) myself, no worries. >There is a plan to merge my network(s) with dn42 in future, so I >continue following the dn42 mailing list. You're using different address space for that? From david at fakenet.eu Wed Jun 30 07:20:15 2010 From: david at fakenet.eu (David Zurborg) Date: Wed, 30 Jun 2010 07:20:15 +0200 Subject: [dn42] 172.22.52.0/23 In-Reply-To: References: <4C2A6434.1050108@fakenet.eu> Message-ID: <4C2AD40F.6050700@fakenet.eu> My networks are in 10/8 and 198.168/16. I haven't chosen a common address space yet. So I'm going to take the next free network in dn42 in case of merge. Regards, /david >> There is a plan to merge my network(s) with dn42 in future, so I >> continue following the dn42 mailing list. > > You're using different address space for that? > > _______________________________________________ > dn42 mailing list > dn42 at lists.spaceboyz.net > http://lists.spaceboyz.net/mailman/listinfo/dn42 From nick at srn.dn42 Wed Jun 30 08:07:34 2010 From: nick at srn.dn42 (SRN) Date: Wed, 30 Jun 2010 06:07:34 +0000 (UTC) Subject: [dn42] somerandomnick fix your dns References: <4C2A5DFD.3040001@linuxdingsda.de> Message-ID: tobias at linuxdingsda.de (Tobias Winter) writes: >it should look like that: >2.221.22.172.in-addr.arpa domain name pointer wlan.wintix.dn42. >wintix at s15320568:~$ That's an easy case, wintix. This is a more interesting example: $ dnsq ptr 129.9.22.172.in-addr.arpa Here's another one: $ dnsq ptr 128.64.22.172.in-addr.arpa (Please note that the two queries above have RD unset.) In particular, how do you want my nameservers to respond to those queries? (Neither the registry nor the wiki gives enough information for me to be able to do the right thing for them.) From nick at srn.dn42 Wed Jun 30 08:16:38 2010 From: nick at srn.dn42 (SRN) Date: Wed, 30 Jun 2010 06:16:38 +0000 (UTC) Subject: [dn42] 172.22.52.0/23 References: <4C2A6434.1050108@fakenet.eu> <4C2AD40F.6050700@fakenet.eu> Message-ID: david at fakenet.eu (David Zurborg) writes: >My networks are in 10/8 and 198.168/16. >I haven't chosen a common address space yet. So I'm going to take the >next free network in dn42 in case of merge. Okay, cool, thanks again. I'm in the middle of freeing up your first /24 and walking off with your second one, so if you decide at any point that you'd like your old space back, just let me know. Also, you're aware that FF already has much of 10/8 routed in dn42, right? Depending on what exactly you're using in 10/8, it may be trivial to add your native routes into dn42 BGP, too. From tobias at linuxdingsda.de Wed Jun 30 10:05:48 2010 From: tobias at linuxdingsda.de (Tobias Winter) Date: Wed, 30 Jun 2010 10:05:48 +0200 Subject: [dn42] somerandomnick fix your dns In-Reply-To: References: <4C2A5DFD.3040001@linuxdingsda.de> Message-ID: <4C2AFADC.2010808@linuxdingsda.de> Am 30.06.2010 08:07, schrieb SRN: > That's an easy case, wintix. This is a more interesting example: > $ dnsq ptr 129.9.22.172.in-addr.arpa > Here's another one: > $ dnsq ptr 128.64.22.172.in-addr.arpa > (Please note that the two queries above have RD unset.) > > In particular, how do you want my nameservers to respond to those queries? > (Neither the registry nor the wiki gives enough information for me to > be able to do the right thing for them.) > ah. took me some time to notice that you are reffering to the /25 problem in ptr records. if possible handle it like a /24. if the other half of the /25 is assigned as well and differ in nameserver records you would have to handle it as 255 single ips. but still, since there is no data (because there is no dns stuff in the wiki or the registry for those ranges) you would have to return nxdomain, i think. -- wintix From david at fakenet.eu Wed Jun 30 10:57:45 2010 From: david at fakenet.eu (David Zurborg) Date: Wed, 30 Jun 2010 10:57:45 +0200 Subject: [dn42] 172.22.52.0/23 In-Reply-To: References: <4C2A6434.1050108@fakenet.eu> <4C2AD40F.6050700@fakenet.eu> Message-ID: <4C2B0709.5030803@fakenet.eu> Yeah, well, you're right. That's the plan in my networks: When I'm going to merge with dn42, I want to completely reallocate all my hosts with new ip addresses. In 10/8 I'm using very big blocks: 10.64/10 and so on for example. There are about 20 hosts up in my network (including all telephones and printers) and in future I add some other clients (toaster, refridgerator, ...) but I'm sure I'm below of an /24 network. Since I'm using DNS very well, I hope the reallocation cause not really big problems. Regards, /david Am 30.06.2010 08:16, schrieb SRN: > Okay, cool, thanks again. I'm in the middle of freeing up your first > /24 and walking off with your second one, so if you decide at any > point that you'd like your old space back, just let me know. Also, > you're aware that FF already has much of 10/8 routed in dn42, right? > Depending on what exactly you're using in 10/8, it may be trivial to > add your native routes into dn42 BGP, too. From crest at cyb0rg.org Wed Jun 30 12:24:09 2010 From: crest at cyb0rg.org (Crest da Zoltral) Date: Wed, 30 Jun 2010 12:24:09 +0200 Subject: [dn42] Test References: Message-ID: On 2010-06-29 03:18:36 +0200, Nick said: > Does this work? No. I received your spam. From crest at cyb0rg.org Wed Jun 30 12:26:22 2010 From: crest at cyb0rg.org (Crest da Zoltral) Date: Wed, 30 Jun 2010 12:26:22 +0200 Subject: [dn42] 172.22.52.0/23 References: <4C2A6434.1050108@fakenet.eu> Message-ID: On 2010-06-29 23:23:00 +0200, david at fakenet.eu (David Zurborg) said: > I'm still alive but I'm no longer using the dn42 network. 172.22.52.0/23 > can be marked as unallocated. Should I do this? (how? just edit the wiki > page?) Please mark your IPv4 range as unallocated and update the registry. From nick at srn.dn42 Wed Jun 30 14:36:42 2010 From: nick at srn.dn42 (SRN) Date: Wed, 30 Jun 2010 12:36:42 +0000 (UTC) Subject: [dn42] somerandomnick fix your dns References: <4C2A5DFD.3040001@linuxdingsda.de> <4C2AFADC.2010808@linuxdingsda.de> Message-ID: tobias at linuxdingsda.de (Tobias Winter) writes: >Am 30.06.2010 08:07, schrieb SRN: >> That's an easy case, wintix. This is a more interesting example: >> $ dnsq ptr 129.9.22.172.in-addr.arpa >> Here's another one: >> $ dnsq ptr 128.64.22.172.in-addr.arpa >> (Please note that the two queries above have RD unset.) >> >> In particular, how do you want my nameservers to respond to those queries? >> (Neither the registry nor the wiki gives enough information for me to >> be able to do the right thing for them.) >> >ah. took me some time to notice that you are reffering to the /25 >problem in ptr records. >if possible handle it like a /24. if the other half of the /25 is >assigned as well and differ in nameserver records you would have to >handle it as 255 single ips. That sounds like a rather complicated algorithm for an automated zonegen script to do. I think we may need some hints in the registry (perhaps an "rdns-zone:" field), if we want this strategy to scale. >but still, since there is no data (because there is no dns stuff in the >wiki or the registry for those ranges) you would have to return >nxdomain, i think. That's not guaranteed to stay the case forever. I noticed a pattern, you seem to like kicking cans down the road ;-P From nick at srn.dn42 Wed Jun 30 14:45:35 2010 From: nick at srn.dn42 (SRN) Date: Wed, 30 Jun 2010 12:45:35 +0000 (UTC) Subject: [dn42] 172.22.52.0/23 References: <4C2A6434.1050108@fakenet.eu> <4C2AD40F.6050700@fakenet.eu> <4C2B0709.5030803@fakenet.eu> Message-ID: david at fakenet.eu (David Zurborg) writes: >Yeah, well, you're right. That's the plan in my networks: When I'm going >to merge with dn42, I want to completely reallocate all my hosts with >new ip addresses. In 10/8 I'm using very big blocks: 10.64/10 and so on >for example. There are about 20 hosts up in my network (including all >telephones and printers) and in future I add some other clients >(toaster, refridgerator, ...) but I'm sure I'm below of an /24 network. >Since I'm using DNS very well, I hope the reallocation cause not really >big problems. Cool, well thanks for your second /24, then. (If you look in the wiki, you'll see what I'm using it for.) From tobias at linuxdingsda.de Wed Jun 30 15:29:15 2010 From: tobias at linuxdingsda.de (Tobias Winter) Date: Wed, 30 Jun 2010 15:29:15 +0200 Subject: [dn42] thoughts about the registry Message-ID: <4C2B46AB.5040107@linuxdingsda.de> in the irc channel has been some discussion about the registry. and as one will notice, my post is obviously to long for irc. 15:13:00 < wintix> i think we have to start further back in the discussion. right now we have a wiki. nearly everybody has an account due to the need of marking your address space as assigned. it works. vandalism can be repaired and everybody can use it. the problems with the wiki are that it's a single point of failure and feeding the data into the dns systems has to be done manually. - but keep in mind: it actually works well. the registry as it is now also has its up- ... 15:13:00 < wintix> ... and downsides. upsides would be that it's decentralized and textbased. so you can easily generate configs, etc out of it and be done. the problems with the registry now are that it is very difficult to handle. it definitely can and will not be used by any not very technical user. you need a monotone client, need to ask someone to get you access for your key, there is no syntax-checking, there is no documentation and you have to actually do quite some ... 15:13:00 < wintix> ... work to get _anything_ done. monotone is the right thing to use, i think. it provides decentralized revision control. but if not EVERYONE can use it, what good does it do? prior to taking down something working there has to be heavy thought on what problems you want to solve and for whom you make live miserable. even if a webinterface has it's downsides there is no "we don't want one because..." allowed. a webinterface is the only way everybody can ... 15:13:00 < wintix> ... contribute to the registry without great pain. if designed correctly, the webinterface will be as decentralized as we like it and as usable as a wiki. 15:13:36 < wintix> one additional point: with the registry in it's current state, the wiki WILL NOT go away. some feedback i got right away and maybe points for a discussion. i will respond to each of them. 15:13:28 < crest> a webfront or mysql db is a spof - aggreed. but i never wanted a mysql based frontend. in my opinion it has to be based on the files in the monotone checkout and work with them. it's the only way to get changes back to the monotone anyways. 15:13:43 < Astro> I prefer structured data in a VCS over a wiki 15:13:48 < Ivo> >>feeding the data into the dns systems has to be done manually<< - I have a script for that too - nice :) - i never was annoyed enough to hack up somthing. 15:14:49 < Astro> wintix: so what we need is a usable registry frontend - yes! :) 15:14:59 < welterde> wintix: there is an documentation, but noone bothered reading it..(ok.. few people) - you are reffering to the monotone documentation. and.. of course i did NOT read it. - it is just too long and i didn't see the point of investing major time in getting to know yet another revision control thing. 15:14:59 < Astro> time to collect requirements in the wiki! - well. it has to be decentralised and easy to use (meaning webfrontend) and the registry has to get rid of those wiki dependencies. there is no point in a decentralised and cool monotone registry if we still need the single point of failure wiki for managing ressources because no one can hope to remain on top of the ressource situation. (what do we have, what is assigned and what is left and who uses / used it, ..) -- wintix From nick at srn.dn42 Wed Jun 30 15:44:43 2010 From: nick at srn.dn42 (SRN) Date: Wed, 30 Jun 2010 13:44:43 +0000 (UTC) Subject: [dn42] 172.22.52.0/23 References: <4C2A6434.1050108@fakenet.eu> Message-ID: Crest da Zoltral writes: >On 2010-06-29 23:23:00 +0200, david at fakenet.eu (David Zurborg) said: >> I'm still alive but I'm no longer using the dn42 network. 172.22.52.0/23 >> can be marked as unallocated. Should I do this? (how? just edit the wiki >> page?) >Please mark your IPv4 range as unallocated and update the registry. I already did it for him (as I volunteered), no worries. From nick at srn.dn42 Wed Jun 30 15:46:41 2010 From: nick at srn.dn42 (SRN) Date: Wed, 30 Jun 2010 13:46:41 +0000 (UTC) Subject: [dn42] Test References: Message-ID: Crest da Zoltral writes: >On 2010-06-29 03:18:36 +0200, Nick said: >> Does this work? >No. I received your spam. then tell your procmail to ignore me From Ivo at UFO-Net.nl Wed Jun 30 18:20:26 2010 From: Ivo at UFO-Net.nl (Ivo Smits) Date: Wed, 30 Jun 2010 18:20:26 +0200 Subject: [dn42] thoughts about the registry In-Reply-To: <4C2B46AB.5040107@linuxdingsda.de> References: <4C2B46AB.5040107@linuxdingsda.de> Message-ID: <4C2B6ECA.4070503@UFO-Net.nl> Op 30-6-2010 15:29, Tobias Winter schreef: > 15:13:28 < crest> a webfront or mysql db is a spof > - aggreed. but i never wanted a mysql based frontend. in my opinion it > has to be based on the files in the monotone checkout and work with > them. it's the only way to get changes back to the monotone anyways. But it is also very easy to work with, retrieve structured data, search for specific values. Mysql can't work decentralized, maybe some other similar database engine? > 15:13:48 < Ivo> >>feeding the data into the dns systems has to be done > manually<< - I have a script for that too > - nice :) - i never was annoyed enough to hack up somthing. It did not take long... > 15:14:59 < Astro> time to collect requirements in the wiki! > - well. it has to be decentralised and easy to use (meaning > webfrontend) and the registry has to get rid of those wiki > dependencies. there is no point in a decentralised and cool monotone > registry if we still need the single point of failure wiki for > managing ressources because no one can hope to remain on top of the > ressource situation. (what do we have, what is assigned and what is > left and who uses / used it, ..) A read-only web frontend exists at http://ix.ucis.dn42/dn42/ and http://ix.ucis.dn42/dn42/db/ - first one uses data directly from the repository, second one uses a mysql database which is updated (rebuilt) based on the repository. While writing the first web frontend, I ran into a problem: it is not possible to easily relate data. If some user identifies using his PERSON handle, good luck efficiently locating his IP networks or AS numbers - an essential feature for a login based web frontend. Also, many objects have their name both in the filename, and in a field inside the file, resulting in possible ambiguity. The data format was designed for use in a WHOIS system, and not for interpretation by automated systems, although it is possible, with the risk of ambiguity. Ideally, I would like to use some SQL-capable database engine, either decentralized or on top of a decentralized VCS, but I realize that this may not be a realistic option. For a file-based system like we have now, there must be strict rules for the layout of the data files, and in case of possible ambiguity, rules for which field takes precedence. Adding link information (eg, list all IP networks and AS numbers in a person data file) would also greatly help in creating frontends. Also, we should consider creating a telnet/ssh/similar interface for those who do not want to use web browsers. We should also consider an API/scriptable telnet interface. And last, but not least... what exactly are the design goals? It appears that some people want a fully decentralized, authenticated and signed system. Others want something that makes life easier, and will be easily accessible to everybody. While using monotone, these two goals seem to conflict. Personally, I would go for something that gets the job done and makes life easier for everybody. -- Ivo