- Source: Dn42
dn42 is a decentralized peer-to-peer network built using VPNs and software/hardware BGP routers.
While other darknets try to establish anonymity for their participants, that is not what dn42 aims for. It is a network to explore routing technologies used in the Internet and tries to establish direct non-NAT-ed connections between the members.
The network is not fully meshed. dn42 uses mostly tunnels instead of physical links between the individual networks. Each participant is connected to one or more other participants. Over the VPN or the physical links, BGP is used for inter AS routing. While OSPF is the most commonly used protocol for intra AS routing, each participant is free to choose any other IGP, like Babel, inside their AS.
History
The dn42 is a reboot of the diac24. At the time, diac24 only consisted of around a dozen participants. In diac24, the IPv4 address range used was 172.22.0.0/23 and the IPv6 address range used was 3ffe:400:c00::/48. The dn42 seems to have used the IPv4 space 172.22.0.0/16, the Clearnet IPv6 spaces like 2001:6f8: and the AS range 65000 to 65999 in the early years after that. It can also be said that the diac24 and the dn42 were initially aimed at a German audience, as much of the documentation was written in German. The diac24 mainly used GRE as a tunnel protocol between the participants, but this is not encrypted. In the beginning of the dn42, OpenVPN was often used for peering in the dn42. Over time, this has been replaced by WireGuard, partly due to faster performance and simpler configuration. At that time, the registry was not managed with Git as it is now, but in a wiki page. Anyone who wanted to register entered their desired ASN and IP space there.
Technical setup
= Address space
=Network address space for IPv4 consists of private subnets: 172.20.0.0/14 is the main subnet. Note that other private address ranges may also be announced in dn42, as the network is interconnected with other similar projects. Most notably, ChaosVPN uses 172.31.0.0/16 and parts of 10.0.0.0/8, Freifunk IC-VPN uses 10.0.0.0/8 and NeoNetwork uses 10.127.0.0/16.
For IPv6, Unique Local Address (ULA, the IPv6 equivalent of private address range) (fd00::/8) are used. Please note that IPv6 addresses within this range are also utilized by other networks, such as NeoNetwork employing fd10:127::/32 and CRXN utilizing segments of fd00::/8.
= AS numbers
=In order to use BGP, even in a private environment, autonomous system numbers are needed. dn42 uses several private or reserved AS number ranges, including 64512 to 64855 and 76100 to 76199. Since June 2014, dn42 is now using a new private range, 4242420000 to 4242429999, part of larger private range defined by RFC 6996.
= BGP routers
=While some participants use hardware routers, most participants use general purpose servers or virtual machines to lower their cost. The most commonly used BGP implementations used in dn42 are BIRD and FRR, but some participants use OpenBGPD, XORP, GoBGP or the implementation of JunOS, Cisco IOS, MikroTik's RouterOS or VyOS (which uses FRR as a routing daemon in the background).
= Tunneling
=In dn42, various links are used between the participants - but mainly virtual links, also known as tunnels. WireGuard is most commonly used for this, as it is easy to configure and is considered secure (with Perfect Forward Secrecy). Furthermore, many automatic peering systems offer WireGuard as the only option. fastd is used for peering with the IC-VPN. In rare cases, OpenVPN or IPsec are also used.
= DN42 TLD
=Websites and services hosted on the Dn42 network often use the top-level domain dn42. This is not an official IANA top-level domain, and it is handled through the dn42 registry.
= Registry
=To ensure uniform administration of IP addresses and domains, there is also a registry in dn42, as in Clearnet. This is based on Git in dn42 and therefore also offers the option of storing these in a decentralized manner. Furthermore, all changes can be clearly traced back to an author. To make a change in the dn42 (e.g. a registration), a pull request is created with the corresponding change. One of the registry maintainers then looks at this, validates it (including syntactically) and also verifies it (checking the authorization and signature). A participant must be authorized to make a change. This is verified by a signature using a GPG or SSH key.
= Interconnections
=The dn42 maintains a number of links to similar projects:
= Certificate Authority
=The dn42 has its own (unofficial) Certificate Authority (CA). This can be used to issue TLS certificates, for example for HTTPS. Ownership can be verified with ACME, as with Let's Encrypt.
In addition, the NeoNetwork also operates its own CA for the .neo TLD and the associated network area. The ChaosVPN, IC-VPN and the CRXN do not have a CA. In order to prevent the CA from issuing certificates for Clearnet addresses, name constraints are used which limit the name validity range of the CA. This means that the CA cannot be used for Clearnet addresses.
Services
The following is a selection of services in the dn42:
Notes
References
External links
dn42 website mirror
Another dn42 website mirror
Kata Kunci Pencarian:
- Jaringan terdesentralisasi 42
- Daftar planet minor: 60001–61000
- Daftar planet minor/60401–60500
- Dn42
- List of minor planets: 60001–61000
- List of minor planets: 471001–472000
- List of minor planets: 664001–665000
- List of minor planets: 327001–328000
- List of minor planets: 472001–473000
- List of minor planets: 180001–181000
- List of minor planets: 353001–354000
- List of minor planets: 458001–459000
- List of minor planets: 536001–537000