Changes in d537315: Merge branch 'master' of git.dn42:dn42/wiki

				contact.md
			
          @@ -25,6 +25,7 @@ Join us on Twitter for news and chances to win awesome prizes... [@dn42_net](htt

           There are currently multiple decentralized mirrors and domains for the DN42 wiki available:

          + * [dn42.net](https://dn42.net) maintained by toBee

            * [dn42.us](https://wiki.dn42.us) maintained by xuu

            * [dn42.eu](https://dn42.eu) maintained by Nurtic-vibe

          -

          + * [wiki.dn42.lutoma.org](https://wiki.dn42.lutoma.org) maintained by lutoma

				howto/Bird.md
			
          @@ -272,6 +272,12 @@ Debian version:

           */15 * * * * curl -sfSLR -o/var/lib/bird/bird_roa_dn42.conf -z/var/lib/bird/bird_roa_dn42.conf https://dn42.tech9.io/roa/bird_roa_dn42.conf && birdc configure

           ```

          +then create the directory to make sure curls can save the files:

          +

          +```

          +mkdir -p /var/lib/bird/

          +```

          +

           ## Filter configuration

           In your import filter add the following to reject invalid routes:

				howto/Getting-started.md
			
          @@ -25,29 +25,47 @@ To do so, create a pull request at <https://git.dn42.us/dn42/registry>.

           This example assumes that your name is `<FOO>`, part of an organisation called `<FOO-ORG>` (for instance, your hackerspace).  Obviously, these should be replaced by the appropriate values in all examples below.

           We will create several types of objects: **maintainer** objects, which have an associated password and allow you to authenticate so that you can edit your own objects; **person** objects, which describe people or organisations and provide contact information; and finally, all other objects, which are resources (AS number, IP subnet, DNS zone, etc).

          +All objects are simple text files in the specific subfolders.

           ### Create a maintainer object

          -Create a `mntner` object named `<FOO>-MNT`. It will be used to edit all the objects that are under your responsibility.

          +Create a `mntner` object in `data/mntner/` named `<FOO>-MNT`. It will be used to edit all the objects that are under your responsibility.

           <!-- - choose a password, and don't forget it.  **Note:** even though the field is named `sha512-pw`, you must enter *your password* directly, *not* the sha512 of your password.

           - use `DUMMY-DN42` as `admin-c` and `tech-c`. We will update this later. -->

           - use `<FOO>-MNT` as `mnt-by`, otherwise, you won't be able to edit your maintainer object.

          +- optionally add a PGP Fingerprint `auth: pgp-fingerprint <pgp-fingerprint>`

          +

          +Example: data/mntner/EXAMPLE-MNT

          +```

          +mntner:         EXAMPLE-MNT

          +admin-c:        EXAMPLE-DN42

          +tech-c:         EXAMPLE-DN42

          +mnt-by:         EXAMPLE-MNT

          +```

           ### Create person objects

          -Create a `person` object for **yourself** (not your organisation/hackerspace/whatever).

          +Create a  `person` object in `data/person/` for **yourself** (not your organisation/hackerspace/whatever).

           - use something like `<FOO>-DN42` as `nic-hdl`, it should end with `-DN42`.

           - the `person` field is more freeform, you may use your nickname or even real name here.

           - provide an email.

           - you may provide additional ways of contacting you, using one or more `contact` field. For instance `xmpp:luke@theforce.net`, `irc:luke42@hackint`, `twitter: TheGreatLuke`.

          -- you may whish to add other fields, such as `pgp-id`, `pgp-fingerprint`, `remarks`, and so on.

          +- you may whish to add other fields, such as `pgp-fingerprint`, `remarks`, and so on.

           - don't forget to set `mnt-by` to `<FOO>-MNT`.

           <!-- You must now edit the maintainer object created earlier, to properly fill in the `admin-c` and `tech-c` fields (set them to `<FOO>-DN42`). -->

          -If you intend to register resources for an organisation (e.g. your hackerspace), you must also create an `organisation` object for your organisation:

          +Example: data/mntner/EXAMPLE-DN42

          +```

          +person:         John Doe

          +contact:        john.doe@example.com

          +nic-hdl:        EXAMPLE-DN42

          +mnt-by:         EXAMPLE-MNT

          +```

          +

          +Organisations are not required if you are joining dn42 as a single user. If you intend to register resources for an organisation (e.g. your hackerspace), you must also create an `organisation` object for your organisation:

           - `organisation` is of the form `<ORG-FOO>`.

           - `org-name` should be the name of your organisation.

          @@ -56,6 +74,15 @@ If you intend to register resources for an organisation (e.g. your hackerspace),

           - you may provide a website (`www` field).

           - don't forget to set `mnt-by` to `<FOO>-MNT`, since you're managing this object on behalf of your organisation.

          +Example: data/organisation/ORG-EXAMPLE

          +```

          +organisation:   ORG-EXAMPLE

          +org-name:       Example Organisation

          +admin-c:        EXAMPLE-DN42

          +tech-c:         EXAMPLE-DN42

          +mnt-by:         EXAMPLE-MNT

          +```

          +

           ### Guidelines for future objects

           From now on, you should use:

          @@ -68,7 +95,7 @@ This applies to AS numbers, network prefixes, routes, DNS records...

           ### Register an AS number

          -To register an AS number, simply create an `aut-num` object. `as-name` should be a name for your AS.

          +To register an AS number, simply create an `aut-num` object in `data/aut-num/`. `as-name` should be a name for your AS.

           Your AS number can be chosen arbitrarily in the dn42 ASN space, look at the `as-block` objects. The historic ASN space is around 64600-64855 and 76100-76200. Starting from June 2014, **you must allocate your AS number in the new 4242420000-4242423999 range**.

          @@ -78,9 +105,41 @@ If you intend to use an ASN outside of the native dn42 ranges, please check that

           If unsure, ask on the mailing list or IRC.

          +Example: data/aut-num/AS4242423999

          +```

          +aut-num:        AS4242423999

          +as-name:        AS for EXAMPLE Network

          +admin-c:        EXAMPLE-DN42

          +tech-c:         EXAMPLE-DN42

          +mnt-by:         EXAMPLE-MNT

          +```

          +

           ### Register a network prefix

          -To register an IPv4 network prefix, simply create an `inetnum` object.

          +#### IPv6

          +

          +To register an [IPv6 prefix](/FAQ#frequently-asked-questions_what-about-ipv6-in-dn42), you can create an `inet6num` object. A single /48 allocation in [ULA space](https://www.sixxs.net/tools/grh/ula/) will likely provide more than enough room for all devices you will ever connect. Some people use “vanity” prefixes like fd42:_xyz_::/48 instead of the fully standard-conformant pseudorandom ones.

          +

          +[Unique Local IPv6 Generator](http://unique-local-ipv6.com/)

          +

          +example: data/inet6num/fd42:4992:6a6d::_48

          +```

          +inet6num:          fd42:4992:6a6d:0000:0000:0000:0000:0000 - fd42:4992:6a6d:ffff:ffff:ffff:ffff:ffff

          +cidr:              fd42:4992:6a6d::/48

          +netname:           EVE-NETWORK

          +descr:             Network of eve

          +country:           DE

          +admin-c:           MIC92-DN42

          +tech-c:            MIC92-DN42

          +mnt-by:            MIC92-MNT

          +nserver:           ns1.evenet.dn42

          +nserver:           ns2.evenet.dn42

          +status:            ASSIGNED

          +```

          +

          +#### IPv4 (Legacy)

          +

          +If you also want to register an IPv4 network prefix, simply create an `inetnum` object.

           You may choose your network prefix in one of the currently open netblocks. You can get a list of unassigned subnets on the following sites, please mind the allocation guideline below.

          @@ -105,29 +164,10 @@ To register for example 172.20.150.0/27, you need to fill in 172.20.150.0-172.20

           **Note:** Reverse DNS works with _any_ prefix length, as long as your [recursive nameserver](/services/DNS) supports [RFC 2317](https://www.ietf.org/rfc/rfc2317.txt). Don't go for a /24 _just to have RDNS_.

          -If you want to register an [IPv6 prefix](/FAQ#frequently-asked-questions_what-about-ipv6-in-dn42), you can create an `inet6num` object. A single /48 allocation in [ULA space](https://www.sixxs.net/tools/grh/ula/) will likely provide more than enough room for all devices you will ever connect. Some people use “vanity” prefixes like fd42:_xyz_::/48 instead of the fully standard-conformant pseudorandom ones.

          -

          -[Unique Local IPv6 Generator](http://unique-local-ipv6.com/)

          -

          -example: inet6num/fd42:4992:6a6d::_48

          +example: data/inetnum/172.23.75.0_24

           ```

          -cidr:              fd42:4992:6a6d::/48

          -inet6num:          fd42:4992:6a6d:0000:0000:0000:0000:0000 - fd42:4992:6a6d:ffff:ffff:ffff:ffff:ffff

          -netname:           EVE-NETWORK

          -descr:             Network of eve

          -country:           DE

          -admin-c:           MIC92-DN42

          -tech-c:            MIC92-DN42

          -mnt-by:            MIC92-MNT

          -nserver:           ns1.evenet.dn42

          -nserver:           ns2.evenet.dn42

          -status:            ASSIGNED

          -```

          -

          -example: inetnum/172.23.75.0_24

          -```

          -cidr:              172.23.75.0/24

           inetnum:           172.23.75.0 - 172.23.75.255

          +cidr:              172.23.75.0/24

           netname:           EVE-NETWORK

           admin-c:           MIC92-DN42

           tech-c:            MIC92-DN42

          @@ -139,21 +179,20 @@ status:            ASSIGNED

           #### Create route objects

          -If you plan to announce your prefixes in dn42, which you probably want in most cases, you will also need to create a `route` object for ipv4 prefixes and a `route6` object for ipv6 prefixes. This information is used for ROA checks (route origin authorization). If you skip this step, your network will probably get filtered by some peers. Many people enforce ROA checks to prevent (accidental) hijacking of other people's prefixes.

          +If you plan to announce your prefixes in dn42, which you probably want in most cases, you will also need to create a `route6` object for ipv6 prefixes and a `route` object for ipv4 prefixes. This information is used for Route Origin Authorization (ROA) checks. If you skip this step, your network will probably get filtered by most major peers.  Checking ROA will prevent (accidental) hijacking of other people's prefixes.

          -example: route6/fd42:4992:6a6d::_48

          +example: data/route6/fd42:4992:6a6d::_48

           ```

           route6:            fd42:4992:6a6d::/48

           origin:            AS4242420092

           mnt-by:            MIC92-MNT

           ```

          -example route/172.23.75.0_24:

          +example data/route/172.23.75.0_24:

           ```

           route:             172.23.75.0/24

           origin:            AS4242420092

           mnt-by:            MIC92-MNT

          -bgp-status:        active

           ```

           # Get some peers

				internal/Internal-Services.md
			
          @@ -10,10 +10,6 @@ You can inspect the service status [on this page](https://services.dn42)

           xuu is maintaining an [[certificate authority]] for internal services.

          -## TWLAN

          -

          -florianbAT is maintaining a Tribal Wars LAN-Server for balance between productivity and fun. [twlan.florianb.dn42](https://twlan.florianb.dn42)

          -

           ## Network-related

             * See [[Looking Glasses]] for more network diagnostic tools

          @@ -206,7 +202,8 @@ Also check [Repository Mirrors](/services/Repository-Mirrors)

           |:------------------------------------------------- |:---------------------- |:-------------------------- |

           | hulk.mhm.dn42 (172.23.67.1)                       | Tetrinet               |                            |

           | gaming.marlinc.dn42:27015                         | Counter Strike: Source |                            |

          -| 172.22.177.92:27017 (external:gmod.nixnodes.net)                              | Garry's Mod: Sandbox   | LUA coding, cinema, steam + non-steam, pass: 42 (required from public)   |

          +| 172.22.177.92:27017 (external:gmod.nixnodes.net)  | Garry's Mod: Sandbox   | LUA coding, cinema, steam + non-steam, pass: 42 (required from public) |

          +| twlan.florianb.dn42                               | Tribal Wars             |                           |

           ## Misc 

          @@ -216,9 +213,8 @@ Also check [Repository Mirrors](/services/Repository-Mirrors)

           | http://nowhere.ws/dn42                            | Some random stuff concerning dn42, packages for Debian, e.g. Quagga            |

           |https://bin.dn42 | AES-encrypted pastebin-like service ([zerobin](https://github.com/sebsauvage/ZeroBin)) | 

           | http://pastebin.trunet.dn42                       | AES-encrypted pastebin-like ([zerobin](https://github.com/sebsauvage/ZeroBin)) |

          -| https://paste.weiti.dn42                       | AES-encrypted pastebin-like ([privatebin]| 

          -(https://github.com/sebsauvage/ZeroBin)) |

          -| ~~http://zerobin.e-utp.dn42 | AES-encrypted pastebin-like, second one ([zerobin](https://github.com/sebsauvage/ZeroBin)) | ] 

          +| https://paste.weiti.dn42                          | AES-encrypted pastebin-like (privatebin) |

          +| ~~http://zerobin.e-utp.dn42~~                     | AES-encrypted pastebin-like, second one ([zerobin](https://github.com/sebsauvage/ZeroBin)) | ] 

           | https://pad.dn42 | [Etherpad](http://etherpad.org) service for collaborative work |

           | http://www.nop.dn42/                              | Basic "whatismyip" service

           | http://freerouter.nop.dn42/                       | freeRouter main site

				services/Distributed-Wiki.md
			
          @@ -80,6 +80,7 @@ RACK_ENV=production gollum --css --host 127.0.0.1  --port 4567 --no-edit <path>

            - Setup your maintainer object according to [Automatic CA](https://internal.dn42/services/Automatic-CA)

            - Generate a [CSR](/services/Certificate-Authority) and send DNS Key Pin to [xuu@sour.is](mailto:xuu@sour.is): 

          + - \<AS> is the as number with the prefix `as` like `as64737-ca.wiki.dn42`

           ```

           ./ca.dn42 tls-gen \

          @@ -99,7 +100,8 @@ RACK_ENV=production gollum --css --host 127.0.0.1  --port 4567 --no-edit <path>

           A custom header `X-SiteID` identifies the site you're connecting to:

          -  - `add_header X-SiteID   '<AS number>-<ISO country code>';`

          +  - `add_header X-SiteID   '<AS>-<ISO country code>';`

          +     - \<AS> is the as number prefixed with `as` like `as64737`

           ##### Enabling [HPKP](https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning)

				services/Looking-Glasses.md
			
          @@ -8,19 +8,20 @@ Please sort by AS number.

           | AS | URL | Status |

           |:-- |:--- |:------ |

          -| 4242423993 | ext: https://lg.2f30.org/ <br> IPv4 only. | UP |

           | 64719 | ext: https://lg.dn42.lutoma.org/ <br> dn42: https://lg.lutoma.dn42/ | UP |

           | 64720 | ext: http://lg.prauscher.de <br> dn42: http://lg.prauscher.dn42 | UP |

           | 64737 | ext: https://lg.dn42.us | UP |

          +| 64766 | ext: http://ix.ucis.nl/routes.php <br> dn42: http://ix.ucis.dn42/routes.php <br> IPv4 only. | UP |

           | 76103 | ext: http://lg.nixnodes.net <br> dn42: http://lg.nixnodes.dn42 <br> IPv4 only. | UP |

           | 4242420022 | dn42: http://mhm.dn42:5001 | UP |

           | 4242420123 | dn42: https://lg.grmml.dn42 <br> Interactive (traceroute, BGP-map) | UP |

           | 4242420321 | dn42: http://lg.dn42 <br> Interactive (traceroute, BGP-map) | UP |

           | 4242421588 | dn42: http://lg.tech9computers.dn42 <br> Interactive (traceroute, BGP-map) | UP |

           | 4242421955 | dn42: http://lg.nop.dn42/ <br> telnet:test.nop.dn42 <br> ext: http://freerouter.nop.hu/online.html| UP |

          -| 4242422506 | dn42: http://www.as4242422506.dn42/ | UP |

          +| 4242422016 | ext: https://dn42.sidereal.ca <br> dn42: https://lg.sidereal.dn42 | UP |

           | 4242422700 | dn42: http://lg.gotroot.dn42 <br> ext: http://dn42.gotroot.ca/ | UP |

           | 4242423905 | ext: https://dn42-svc.weiti.org/ulg/ <br> dn42: https://lg.weiti.dn42/ | UP |

          +| 4242423993 | ext: https://lg.2f30.org/ <br> IPv4 only. | UP |

           ## Down

          @@ -30,7 +31,6 @@ These looking glasses were added to the table at some point, but now seem to be 

           | AS | URL | Status |

           |:-- |:--- |:------ |

          -| 64766 | ext: http://ix.ucis.nl/routes.php <br> dn42: http://ix.ucis.dn42/routes.php <br> IPv4 only. Currently not connected to dn42. | DOWN |

           | 64835 | ext: http://lg.nordkapp-5.dn42 <br> dn42: http://172.22.235.4 | DOWN |

           | 65529 | ext: http://bgp.freifunk-bielefeld.de/ulg/ulg.py <br> Interactive, BGP-map | DOWN |

           | 76142 | dn42: http://lg.ffdn.dn42 <br> Interactive, BGP-map | DOWN |

          @@ -43,8 +43,8 @@ These looking glasses were added to the table at some point, but now seem to be 

           | 4242420812 | dn42: https://lg.jan.dn42 <br> Interactive (traceroute, BGP-map) | DOWN |

           | 4242421092 | dn42: http://lg.erg.dn42 <br> Interactive (traceroute, BGP-map) | DOWN |

           | 4242421166 | dn42: http://lg.alcatrash.dn42/ | DOWN |

          -| 4242422016 | dn42: https://lg.sidereal.dn42 <br> Interactive (traceroute, BGP-map) | DOWN |

           | 4242422342 | dn42: http://lg.gbe.dn42 <br> Semi-interactive (no traceroute, no ping) | DOWN |

          +| 4242422506 | dn42: http://www.as4242422506.dn42/ | DOWN |

           | 4242423827 | ext: https://sky.nullroute.eu.org/dn42/lg/ <br> dn42: http://lg.nullroute.dn42 | DOWN |

           | 4242423905 | ext: http://zeus.nowhere.ws/dn42/routes.cgi <br> dn42: http://zeus.nihilus.dn42/dn42/routes.cgi <br> Non-interactive (route listing only). | DOWN |

           | 4242423955 | dn42: http://lg.flo.dn42 | DOWN |

				services/Whois.md
			
          @@ -150,7 +150,7 @@ Monotone is an distributed revision control system. Monotone tracks revisions to

           | zorun    | mtn.polyno.me / mtn.polynome.dn42 (172.23.184.71)| UP |

           | Nurtic-Vibe | mtn.dn42.eu / mtn.grmml.dn42 (172.23.149.20/fd42:23:149:1::20)| UP |

           | toBee | mtn.mhm.dn42 (172.23.67.120)| UP |

          -| hexa- | mtn.hexa.dn42 (172.23.42.130) | UP |

          +| hexa- | mtn.lossy.network (172.23.42.130) | UP |

           | tombii | mtn.tombii.dn42 (172.22.102.133) | UP |

           | Mic92 | mtn.evenet.dn42 (172.23.75.6/fd42:4992:6a6d::6) | UP |

           | weiti | mtn.weiti.dn42 (172.20.175.251/fdf7:17d5:de49::251) | UP |

				services/dns/Configuration.md
			
          @@ -1,6 +1,6 @@

           # Forwarder setup

          -Configuration of common resolver softwares, to forward DNS queries for `.dn42` (and reverse DNS) to `172.23.0.53`.

          +Configuration of common resolver softwares, to forward DNS queries for `.dn42` (and reverse DNS) to `fd42:d42:d42:53::1` (or `172.23.0.53`).

           ## BIND

          @@ -83,29 +83,45 @@ root_servers["23.172.in-addr.arpa."] = "dn42_root"

           ```

           server:

                 domain-insecure: "dn42"

          +      domain-insecure: "20.172.in-addr.arpa"

          +      domain-insecure: "21.172.in-addr.arpa"

          +      domain-insecure: "22.172.in-addr.arpa"

          +      domain-insecure: "23.172.in-addr.arpa"

          +      domain-insecure: "d.f.ip6.arpa"

                 local-zone: "20.172.in-addr.arpa." nodefault

          +      local-zone: "21.172.in-addr.arpa." nodefault

                 local-zone: "22.172.in-addr.arpa." nodefault

                 local-zone: "23.172.in-addr.arpa." nodefault

                 local-zone: "d.f.ip6.arpa." nodefault

           forward-zone: 

                 name: "dn42"

          +      forward-addr: fd42:d42:d42:53::1

                 forward-addr: 172.23.0.53

           forward-zone: 

                 name: "20.172.in-addr.arpa"

          +      forward-addr: fd42:d42:d42:53::1

          +      forward-addr: 172.23.0.53

          +

          +forward-zone: 

          +      name: "21.172.in-addr.arpa"

          +      forward-addr: fd42:d42:d42:53::1

                 forward-addr: 172.23.0.53

           forward-zone: 

                 name: "22.172.in-addr.arpa"

          +      forward-addr: fd42:d42:d42:53::1

                 forward-addr: 172.23.0.53

           forward-zone: 

                 name: "23.172.in-addr.arpa"

          +      forward-addr: fd42:d42:d42:53::1

                 forward-addr: 172.23.0.53

           forward-zone:

                 name: "d.f.ip6.arpa"

          +      forward-addr: fd42:d42:d42:53::1

                 forward-addr: 172.23.0.53

           ```

...	...	@@ -272,6 +272,12 @@ Debian version:
272	272	/15 * * * curl -sfSLR -o/var/lib/bird/bird_roa_dn42.conf -z/var/lib/bird/bird_roa_dn42.conf https://dn42.tech9.io/roa/bird_roa_dn42.conf && birdc configure
273	273	```
274	274
	275	+then create the directory to make sure curls can save the files:
	276	+
	277	+```
	278	+mkdir -p /var/lib/bird/
	279	+```
	280	+
275	281	## Filter configuration
276	282
277	283	In your import filter add the following to reject invalid routes:

...	...	@@ -25,6 +25,7 @@ Join us on Twitter for news and chances to win awesome prizes... [@dn42_net](htt
25	25
26	26	There are currently multiple decentralized mirrors and domains for the DN42 wiki available:
27	27
	28	+ * [dn42.net](https://dn42.net) maintained by toBee
28	29	* [dn42.us](https://wiki.dn42.us) maintained by xuu
29	30	* [dn42.eu](https://dn42.eu) maintained by Nurtic-vibe
30		-
	31	+ * [wiki.dn42.lutoma.org](https://wiki.dn42.lutoma.org) maintained by lutoma

...	...	@@ -25,29 +25,47 @@ To do so, create a pull request at <https://git.dn42.us/dn42/registry>.
25	25	This example assumes that your name is `<FOO>`, part of an organisation called `<FOO-ORG>` (for instance, your hackerspace). Obviously, these should be replaced by the appropriate values in all examples below.
26	26
27	27	We will create several types of objects: maintainer objects, which have an associated password and allow you to authenticate so that you can edit your own objects; person objects, which describe people or organisations and provide contact information; and finally, all other objects, which are resources (AS number, IP subnet, DNS zone, etc).
	28	+All objects are simple text files in the specific subfolders.
28	29
29	30	### Create a maintainer object
30	31
31		-Create a `mntner` object named `<FOO>-MNT`. It will be used to edit all the objects that are under your responsibility.
	32	+Create a `mntner` object in `data/mntner/` named `<FOO>-MNT`. It will be used to edit all the objects that are under your responsibility.
32	33
33	34	<!-- - choose a password, and don't forget it. Note: even though the field is named `sha512-pw`, you must enter your password directly, not the sha512 of your password.
34	35	- use `DUMMY-DN42` as `admin-c` and `tech-c`. We will update this later. -->
35	36	- use `<FOO>-MNT` as `mnt-by`, otherwise, you won't be able to edit your maintainer object.
	37	+- optionally add a PGP Fingerprint `auth: pgp-fingerprint <pgp-fingerprint>`
	38	+
	39	+Example: data/mntner/EXAMPLE-MNT
	40	+```
	41	+mntner: EXAMPLE-MNT
	42	+admin-c: EXAMPLE-DN42
	43	+tech-c: EXAMPLE-DN42
	44	+mnt-by: EXAMPLE-MNT
	45	+```
36	46
37	47	### Create person objects
38	48
39		-Create a `person` object for yourself (not your organisation/hackerspace/whatever).
	49	+Create a `person` object in `data/person/` for yourself (not your organisation/hackerspace/whatever).
40	50
41	51	- use something like `<FOO>-DN42` as `nic-hdl`, it should end with `-DN42`.
42	52	- the `person` field is more freeform, you may use your nickname or even real name here.
43	53	- provide an email.
44	54	- you may provide additional ways of contacting you, using one or more `contact` field. For instance `xmpp:luke@theforce.net`, `irc:luke42@hackint`, `twitter: TheGreatLuke`.
45		-- you may whish to add other fields, such as `pgp-id`, `pgp-fingerprint`, `remarks`, and so on.
	55	+- you may whish to add other fields, such as `pgp-fingerprint`, `remarks`, and so on.
46	56	- don't forget to set `mnt-by` to `<FOO>-MNT`.
47	57
48	58	<!-- You must now edit the maintainer object created earlier, to properly fill in the `admin-c` and `tech-c` fields (set them to `<FOO>-DN42`). -->
49	59
50		-If you intend to register resources for an organisation (e.g. your hackerspace), you must also create an `organisation` object for your organisation:
	60	+Example: data/mntner/EXAMPLE-DN42
	61	+```
	62	+person: John Doe
	63	+contact: john.doe@example.com
	64	+nic-hdl: EXAMPLE-DN42
	65	+mnt-by: EXAMPLE-MNT
	66	+```
	67	+
	68	+Organisations are not required if you are joining dn42 as a single user. If you intend to register resources for an organisation (e.g. your hackerspace), you must also create an `organisation` object for your organisation:
51	69
52	70	- `organisation` is of the form `<ORG-FOO>`.
53	71	- `org-name` should be the name of your organisation.
...	...	@@ -56,6 +74,15 @@ If you intend to register resources for an organisation (e.g. your hackerspace),
56	74	- you may provide a website (`www` field).
57	75	- don't forget to set `mnt-by` to `<FOO>-MNT`, since you're managing this object on behalf of your organisation.
58	76
	77	+Example: data/organisation/ORG-EXAMPLE
	78	+```
	79	+organisation: ORG-EXAMPLE
	80	+org-name: Example Organisation
	81	+admin-c: EXAMPLE-DN42
	82	+tech-c: EXAMPLE-DN42
	83	+mnt-by: EXAMPLE-MNT
	84	+```
	85	+
59	86	### Guidelines for future objects
60	87
61	88	From now on, you should use:
...	...	@@ -68,7 +95,7 @@ This applies to AS numbers, network prefixes, routes, DNS records...
68	95
69	96	### Register an AS number
70	97
71		-To register an AS number, simply create an `aut-num` object. `as-name` should be a name for your AS.
	98	+To register an AS number, simply create an `aut-num` object in `data/aut-num/`. `as-name` should be a name for your AS.
72	99
73	100	Your AS number can be chosen arbitrarily in the dn42 ASN space, look at the `as-block` objects. The historic ASN space is around 64600-64855 and 76100-76200. Starting from June 2014, you must allocate your AS number in the new 4242420000-4242423999 range.
74	101
...	...	@@ -78,9 +105,41 @@ If you intend to use an ASN outside of the native dn42 ranges, please check that
78	105
79	106	If unsure, ask on the mailing list or IRC.
80	107
	108	+Example: data/aut-num/AS4242423999
	109	+```
	110	+aut-num: AS4242423999
	111	+as-name: AS for EXAMPLE Network
	112	+admin-c: EXAMPLE-DN42
	113	+tech-c: EXAMPLE-DN42
	114	+mnt-by: EXAMPLE-MNT
	115	+```
	116	+
81	117	### Register a network prefix
82	118
83		-To register an IPv4 network prefix, simply create an `inetnum` object.
	119	+#### IPv6
	120	+
	121	+To register an [IPv6 prefix](/FAQ#frequently-asked-questions_what-about-ipv6-in-dn42), you can create an `inet6num` object. A single /48 allocation in [ULA space](https://www.sixxs.net/tools/grh/ula/) will likely provide more than enough room for all devices you will ever connect. Some people use “vanity” prefixes like fd42:_xyz_::/48 instead of the fully standard-conformant pseudorandom ones.
	122	+
	123	+[Unique Local IPv6 Generator](http://unique-local-ipv6.com/)
	124	+
	125	+example: data/inet6num/fd42:4992:6a6d::_48
	126	+```
	127	+inet6num: fd42:4992:6a6d:0000:0000:0000:0000:0000 - fd42:4992:6a6d:ffff:ffff:ffff:ffff:ffff
	128	+cidr: fd42:4992:6a6d::/48
	129	+netname: EVE-NETWORK
	130	+descr: Network of eve
	131	+country: DE
	132	+admin-c: MIC92-DN42
	133	+tech-c: MIC92-DN42
	134	+mnt-by: MIC92-MNT
	135	+nserver: ns1.evenet.dn42
	136	+nserver: ns2.evenet.dn42
	137	+status: ASSIGNED
	138	+```
	139	+
	140	+#### IPv4 (Legacy)
	141	+
	142	+If you also want to register an IPv4 network prefix, simply create an `inetnum` object.
84	143
85	144	You may choose your network prefix in one of the currently open netblocks. You can get a list of unassigned subnets on the following sites, please mind the allocation guideline below.
86	145
...	...	@@ -105,29 +164,10 @@ To register for example 172.20.150.0/27, you need to fill in 172.20.150.0-172.20
105	164
106	165	Note: Reverse DNS works with _any_ prefix length, as long as your [recursive nameserver](/services/DNS) supports [RFC 2317](https://www.ietf.org/rfc/rfc2317.txt). Don't go for a /24 _just to have RDNS_.
107	166
108		-If you want to register an [IPv6 prefix](/FAQ#frequently-asked-questions_what-about-ipv6-in-dn42), you can create an `inet6num` object. A single /48 allocation in [ULA space](https://www.sixxs.net/tools/grh/ula/) will likely provide more than enough room for all devices you will ever connect. Some people use “vanity” prefixes like fd42:_xyz_::/48 instead of the fully standard-conformant pseudorandom ones.
109		-
110		-[Unique Local IPv6 Generator](http://unique-local-ipv6.com/)
111		-
112		-example: inet6num/fd42:4992:6a6d::_48
	167	+example: data/inetnum/172.23.75.0_24
113	168	```
114		-cidr: fd42:4992:6a6d::/48
115		-inet6num: fd42:4992:6a6d:0000:0000:0000:0000:0000 - fd42:4992:6a6d:ffff:ffff:ffff:ffff:ffff
116		-netname: EVE-NETWORK
117		-descr: Network of eve
118		-country: DE
119		-admin-c: MIC92-DN42
120		-tech-c: MIC92-DN42
121		-mnt-by: MIC92-MNT
122		-nserver: ns1.evenet.dn42
123		-nserver: ns2.evenet.dn42
124		-status: ASSIGNED
125		-```
126		-
127		-example: inetnum/172.23.75.0_24
128		-```
129		-cidr: 172.23.75.0/24
130	169	inetnum: 172.23.75.0 - 172.23.75.255
	170	+cidr: 172.23.75.0/24
131	171	netname: EVE-NETWORK
132	172	admin-c: MIC92-DN42
133	173	tech-c: MIC92-DN42
...	...	@@ -139,21 +179,20 @@ status: ASSIGNED
139	179
140	180	#### Create route objects
141	181
142		-If you plan to announce your prefixes in dn42, which you probably want in most cases, you will also need to create a `route` object for ipv4 prefixes and a `route6` object for ipv6 prefixes. This information is used for ROA checks (route origin authorization). If you skip this step, your network will probably get filtered by some peers. Many people enforce ROA checks to prevent (accidental) hijacking of other people's prefixes.
	182	+If you plan to announce your prefixes in dn42, which you probably want in most cases, you will also need to create a `route6` object for ipv6 prefixes and a `route` object for ipv4 prefixes. This information is used for Route Origin Authorization (ROA) checks. If you skip this step, your network will probably get filtered by most major peers. Checking ROA will prevent (accidental) hijacking of other people's prefixes.
143	183
144		-example: route6/fd42:4992:6a6d::_48
	184	+example: data/route6/fd42:4992:6a6d::_48
145	185	```
146	186	route6: fd42:4992:6a6d::/48
147	187	origin: AS4242420092
148	188	mnt-by: MIC92-MNT
149	189	```
150	190
151		-example route/172.23.75.0_24:
	191	+example data/route/172.23.75.0_24:
152	192	```
153	193	route: 172.23.75.0/24
154	194	origin: AS4242420092
155	195	mnt-by: MIC92-MNT
156		-bgp-status: active
157	196	```
158	197
159	198	# Get some peers

...	...	@@ -10,10 +10,6 @@ You can inspect the service status [on this page](https://services.dn42)
10	10
11	11	xuu is maintaining an [[certificate authority]] for internal services.
12	12
13		-## TWLAN
14		-
15		-florianbAT is maintaining a Tribal Wars LAN-Server for balance between productivity and fun. [twlan.florianb.dn42](https://twlan.florianb.dn42)
16		-
17	13	## Network-related
18	14
19	15	* See [[Looking Glasses]] for more network diagnostic tools
...	...	@@ -206,7 +202,8 @@ Also check [Repository Mirrors](/services/Repository-Mirrors)
206	202	\|:------------------------------------------------- \|:---------------------- \|:-------------------------- \|
207	203	\| hulk.mhm.dn42 (172.23.67.1) \| Tetrinet \| \|
208	204	\| gaming.marlinc.dn42:27015 \| Counter Strike: Source \| \|
209		-\| 172.22.177.92:27017 (external:gmod.nixnodes.net) \| Garry's Mod: Sandbox \| LUA coding, cinema, steam + non-steam, pass: 42 (required from public) \|
	205	+\| 172.22.177.92:27017 (external:gmod.nixnodes.net) \| Garry's Mod: Sandbox \| LUA coding, cinema, steam + non-steam, pass: 42 (required from public) \|
	206	+\| twlan.florianb.dn42 \| Tribal Wars \| \|
210	207
211	208	## Misc
212	209
...	...	@@ -216,9 +213,8 @@ Also check [Repository Mirrors](/services/Repository-Mirrors)
216	213	\| http://nowhere.ws/dn42 \| Some random stuff concerning dn42, packages for Debian, e.g. Quagga \|
217	214	\|https://bin.dn42 \| AES-encrypted pastebin-like service ([zerobin](https://github.com/sebsauvage/ZeroBin)) \|
218	215	\| http://pastebin.trunet.dn42 \| AES-encrypted pastebin-like ([zerobin](https://github.com/sebsauvage/ZeroBin)) \|
219		-\| https://paste.weiti.dn42 \| AES-encrypted pastebin-like ([privatebin]\|
220		-(https://github.com/sebsauvage/ZeroBin)) \|
221		-\| ~~http://zerobin.e-utp.dn42 \| AES-encrypted pastebin-like, second one ([zerobin](https://github.com/sebsauvage/ZeroBin)) \| ]
	216	+\| https://paste.weiti.dn42 \| AES-encrypted pastebin-like (privatebin) \|
	217	+\| ~~http://zerobin.e-utp.dn42~~ \| AES-encrypted pastebin-like, second one ([zerobin](https://github.com/sebsauvage/ZeroBin)) \| ]
222	218	\| https://pad.dn42 \| [Etherpad](http://etherpad.org) service for collaborative work \|
223	219	\| http://www.nop.dn42/ \| Basic "whatismyip" service
224	220	\| http://freerouter.nop.dn42/ \| freeRouter main site

...	...	@@ -80,6 +80,7 @@ RACK_ENV=production gollum --css --host 127.0.0.1 --port 4567 --no-edit <path>
80	80
81	81	- Setup your maintainer object according to [Automatic CA](https://internal.dn42/services/Automatic-CA)
82	82	- Generate a [CSR](/services/Certificate-Authority) and send DNS Key Pin to [xuu@sour.is](mailto:xuu@sour.is):
	83	+ - \<AS> is the as number with the prefix `as` like `as64737-ca.wiki.dn42`
83	84
84	85	```
85	86	./ca.dn42 tls-gen \
...	...	@@ -99,7 +100,8 @@ RACK_ENV=production gollum --css --host 127.0.0.1 --port 4567 --no-edit <path>
99	100
100	101	A custom header `X-SiteID` identifies the site you're connecting to:
101	102
102		- - `add_header X-SiteID '<AS number>-<ISO country code>';`
	103	+ - `add_header X-SiteID '<AS>-<ISO country code>';`
	104	+ - \<AS> is the as number prefixed with `as` like `as64737`
103	105
104	106	##### Enabling [HPKP](https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning)
105	107

...	...	@@ -8,19 +8,20 @@ Please sort by AS number.
8	8
9	9	\| AS \| URL \| Status \|
10	10	\|:-- \|:--- \|:------ \|
11		-\| 4242423993 \| ext: https://lg.2f30.org/ <br> IPv4 only. \| UP \|
12	11	\| 64719 \| ext: https://lg.dn42.lutoma.org/ <br> dn42: https://lg.lutoma.dn42/ \| UP \|
13	12	\| 64720 \| ext: http://lg.prauscher.de <br> dn42: http://lg.prauscher.dn42 \| UP \|
14	13	\| 64737 \| ext: https://lg.dn42.us \| UP \|
	14	+\| 64766 \| ext: http://ix.ucis.nl/routes.php <br> dn42: http://ix.ucis.dn42/routes.php <br> IPv4 only. \| UP \|
15	15	\| 76103 \| ext: http://lg.nixnodes.net <br> dn42: http://lg.nixnodes.dn42 <br> IPv4 only. \| UP \|
16	16	\| 4242420022 \| dn42: http://mhm.dn42:5001 \| UP \|
17	17	\| 4242420123 \| dn42: https://lg.grmml.dn42 <br> Interactive (traceroute, BGP-map) \| UP \|
18	18	\| 4242420321 \| dn42: http://lg.dn42 <br> Interactive (traceroute, BGP-map) \| UP \|
19	19	\| 4242421588 \| dn42: http://lg.tech9computers.dn42 <br> Interactive (traceroute, BGP-map) \| UP \|
20	20	\| 4242421955 \| dn42: http://lg.nop.dn42/ <br> telnet:test.nop.dn42 <br> ext: http://freerouter.nop.hu/online.html\| UP \|
21		-\| 4242422506 \| dn42: http://www.as4242422506.dn42/ \| UP \|
	21	+\| 4242422016 \| ext: https://dn42.sidereal.ca <br> dn42: https://lg.sidereal.dn42 \| UP \|
22	22	\| 4242422700 \| dn42: http://lg.gotroot.dn42 <br> ext: http://dn42.gotroot.ca/ \| UP \|
23	23	\| 4242423905 \| ext: https://dn42-svc.weiti.org/ulg/ <br> dn42: https://lg.weiti.dn42/ \| UP \|
	24	+\| 4242423993 \| ext: https://lg.2f30.org/ <br> IPv4 only. \| UP \|
24	25
25	26
26	27	## Down
...	...	@@ -30,7 +31,6 @@ These looking glasses were added to the table at some point, but now seem to be
30	31
31	32	\| AS \| URL \| Status \|
32	33	\|:-- \|:--- \|:------ \|
33		-\| 64766 \| ext: http://ix.ucis.nl/routes.php <br> dn42: http://ix.ucis.dn42/routes.php <br> IPv4 only. Currently not connected to dn42. \| DOWN \|
34	34	\| 64835 \| ext: http://lg.nordkapp-5.dn42 <br> dn42: http://172.22.235.4 \| DOWN \|
35	35	\| 65529 \| ext: http://bgp.freifunk-bielefeld.de/ulg/ulg.py <br> Interactive, BGP-map \| DOWN \|
36	36	\| 76142 \| dn42: http://lg.ffdn.dn42 <br> Interactive, BGP-map \| DOWN \|
...	...	@@ -43,8 +43,8 @@ These looking glasses were added to the table at some point, but now seem to be
43	43	\| 4242420812 \| dn42: https://lg.jan.dn42 <br> Interactive (traceroute, BGP-map) \| DOWN \|
44	44	\| 4242421092 \| dn42: http://lg.erg.dn42 <br> Interactive (traceroute, BGP-map) \| DOWN \|
45	45	\| 4242421166 \| dn42: http://lg.alcatrash.dn42/ \| DOWN \|
46		-\| 4242422016 \| dn42: https://lg.sidereal.dn42 <br> Interactive (traceroute, BGP-map) \| DOWN \|
47	46	\| 4242422342 \| dn42: http://lg.gbe.dn42 <br> Semi-interactive (no traceroute, no ping) \| DOWN \|
	47	+\| 4242422506 \| dn42: http://www.as4242422506.dn42/ \| DOWN \|
48	48	\| 4242423827 \| ext: https://sky.nullroute.eu.org/dn42/lg/ <br> dn42: http://lg.nullroute.dn42 \| DOWN \|
49	49	\| 4242423905 \| ext: http://zeus.nowhere.ws/dn42/routes.cgi <br> dn42: http://zeus.nihilus.dn42/dn42/routes.cgi <br> Non-interactive (route listing only). \| DOWN \|
50	50	\| 4242423955 \| dn42: http://lg.flo.dn42 \| DOWN \|

...	...	@@ -150,7 +150,7 @@ Monotone is an distributed revision control system. Monotone tracks revisions to
150	150	\| zorun \| mtn.polyno.me / mtn.polynome.dn42 (172.23.184.71)\| UP \|
151	151	\| Nurtic-Vibe \| mtn.dn42.eu / mtn.grmml.dn42 (172.23.149.20/fd42:23:149:1::20)\| UP \|
152	152	\| toBee \| mtn.mhm.dn42 (172.23.67.120)\| UP \|
153		-\| hexa- \| mtn.hexa.dn42 (172.23.42.130) \| UP \|
	153	+\| hexa- \| mtn.lossy.network (172.23.42.130) \| UP \|
154	154	\| tombii \| mtn.tombii.dn42 (172.22.102.133) \| UP \|
155	155	\| Mic92 \| mtn.evenet.dn42 (172.23.75.6/fd42:4992:6a6d::6) \| UP \|
156	156	\| weiti \| mtn.weiti.dn42 (172.20.175.251/fdf7:17d5:de49::251) \| UP \|

...	...	@@ -1,6 +1,6 @@
1	1	# Forwarder setup
2	2
3		-Configuration of common resolver softwares, to forward DNS queries for `.dn42` (and reverse DNS) to `172.23.0.53`.
	3	+Configuration of common resolver softwares, to forward DNS queries for `.dn42` (and reverse DNS) to `fd42:d42:d42:53::1` (or `172.23.0.53`).
4	4
5	5	## BIND
6	6
...	...	@@ -83,29 +83,45 @@ root_servers["23.172.in-addr.arpa."] = "dn42_root"
83	83	```
84	84	server:
85	85	domain-insecure: "dn42"
	86	+ domain-insecure: "20.172.in-addr.arpa"
	87	+ domain-insecure: "21.172.in-addr.arpa"
	88	+ domain-insecure: "22.172.in-addr.arpa"
	89	+ domain-insecure: "23.172.in-addr.arpa"
	90	+ domain-insecure: "d.f.ip6.arpa"
86	91	local-zone: "20.172.in-addr.arpa." nodefault
	92	+ local-zone: "21.172.in-addr.arpa." nodefault
87	93	local-zone: "22.172.in-addr.arpa." nodefault
88	94	local-zone: "23.172.in-addr.arpa." nodefault
89	95	local-zone: "d.f.ip6.arpa." nodefault
90	96
91	97	forward-zone:
92	98	name: "dn42"
	99	+ forward-addr: fd42:d42:d42:53::1
93	100	forward-addr: 172.23.0.53
94	101
95	102	forward-zone:
96	103	name: "20.172.in-addr.arpa"
	104	+ forward-addr: fd42:d42:d42:53::1
	105	+ forward-addr: 172.23.0.53
	106	+
	107	+forward-zone:
	108	+ name: "21.172.in-addr.arpa"
	109	+ forward-addr: fd42:d42:d42:53::1
97	110	forward-addr: 172.23.0.53
98	111
99	112	forward-zone:
100	113	name: "22.172.in-addr.arpa"
	114	+ forward-addr: fd42:d42:d42:53::1
101	115	forward-addr: 172.23.0.53
102	116
103	117	forward-zone:
104	118	name: "23.172.in-addr.arpa"
	119	+ forward-addr: fd42:d42:d42:53::1
105	120	forward-addr: 172.23.0.53
106	121
107	122	forward-zone:
108	123	name: "d.f.ip6.arpa"
	124	+ forward-addr: fd42:d42:d42:53::1
109	125	forward-addr: 172.23.0.53
110	126	```
111	127