DN42, aka Decentralized Network 42, is a large, decentralized VPN-based network. You can read more about DN42 in this post: DN42 Experimental Network: Intro and Registration DN42 is an experimental network , where everyone helps everyone. Nobody is going to blame you if you screwed up. You may seek help at DN42's IRC channel , mailing list or the unofficial Telegram group . Since DN42 is a network for experimentation, a lot of relatively inexperienced users also participate in it. Therefore, occasionally an inexperienced user may misconfigure his/her system and impact the whole DN42 network or even shut it down. As a more experienced user,...

DN42, aka Decentralized Network 42, is a large, decentralized VPN-based network. But unlike other traditional VPNs, DN42 itself doesn't provide any VPN exits, which means it doesn't allow you to bypass Internet censorships or unlock streaming services. On the contrary, the goal of DN42 is to simulate another Internet. It uses much of the technology running on modern Internet backbones (BGP, recursive DNS, etc), and is a great replica of a real network environment. In short, DN42 is: NOT suitable for users only seeking privacy protection or bypassing censorship NOT suitable for users consuming large amounts of bandwidth/data, such as for unlocking streaming services IS suitable for users learning about networking, practicing configuration of servers and routers,...

In my previous post, " Setting up Gopher Site with Nginx ", I mentioned that the Gopher service is a byproduct of my original plan: modifying Nginx into a WHOIS server for DN42. This post will explore into details of that process. The WHOIS Protocol First, we can find a WHOIS server to observe its response. Choose the WHOIS server for .pub domain as an example, and run telnet whois.nic.pub 43 : # Type following line and hit enter lantian.pub # WHOIS server responded with: Domain Name: lantian.pub Registry Domain ID: c69e5ccf9d834900be26f88fddc5c9e4-DONUTS Registrar WHOIS Server: whois.dnspod.cn Registrar URL: https://www.dnspod.cn Updated Date: 2021-01-07T14:09:11Z Creation Date: 2016-10-23T08:36:41Z Registry Expiry Date: 2029-10-23T08:36:41Z Registrar: DNSPod, Inc....

On my VPSes, the TAP network interface created by OpenVPN has a randomly-generated IPv6 address with scope stable-privacy . This address itself is created randomly to prevent tracking users by their IPv6 addresses. But when building a network in DN42, BGP handshakes may originate from this address (rather than your manually assigned link-local address) and fail for mismatching origin/IP. The solution is to configure the TAP interfaces with sysctl, and disable the automatic address generation options. OpenVPN can be configured to run sysctl automatically when creating the interface: # Add to OpenVPN's config file script-security 2 up "/bin/sh -c '/sbin/sysctl -w net.ipv6.conf. $dev .autoconf=0 && /sbin/sysctl -w net.ipv6.conf. $dev .accept_ra=0 && /sbin/sysctl -w net....

2020-03-16 Notes There is an updated scheme compared to this post, see Sharing Network Namespace Among Docker Containers for Bird Anycasting . It is suggested to read only the concept explanations in this post, and use the above scheme instead for deployment. What's Anycast The commonly used routing protocol on Internet, the BGP, works like this: I own an IP range, 172.22.76.104/29, on DN42. With a BGP software like BIRD, I "announce" that my server has access to IP range 172.22.76.104/29. Servers with peering to me will record this message: "Over this path, I can access 172.22.76.104/29 which is 1 step away." These servers continue to announce to others with peering to them: "This server is 1 step away from the source of 172.22.76.104/29." Similarly,...

2020-10-11 Update Now a better way exists that doesn't involve a bunch of Docker containers. Please refer to Writing Stories in Traceroute, Elegantly . Intro Traceroute is one of the popular tools for network inspection. It shows the IP addresses of routers on the route from your computer to a destination server, similar to: Domains are shown on the last 2 hops, which is the IP's reverse DNS record. Reverse DNS records exist as PTR records in the format of 4.3.2.1.in-addr.arpa . For more information, you may refer to Setting IP Reverse Records in DN42 . However, PTR records need not be real domains. They can be any string that "looks like" a domain. With this, we can write one sentence on each hop of a Traceroute path to make a story: This story is set up in DN42....

DN42, short for Decentralized Network 42, is a large-scale VPN network. Unlike traditional VPNs, DN42 utilizes technologies commonly deployed on internet backbones (such as BGP), making it an excellent simulation of a real-world network environment. In a previous article , I joined the DN42 network, registered my own domain in another article , and set up my own DNS server. Later, in this article , I configured IPv4 reverse DNS. At that time, due to some outdated information on the DN42 Wiki, I mistakenly believed IPv6 reverse DNS couldn't be configured. However, I've since confirmed it's possible through experimentation. Since the setup process is largely similar, this article will share significant overlap (copy-pasted content) with the earlier IPv4 guide....

DN42, short for Decentralized Network 42, is a large-scale VPN network. Unlike traditional VPNs, DN42 utilizes technologies commonly deployed in internet backbones (such as BGP), effectively simulating a real-world network environment. In a previous article , I joined the DN42 network, and in another article , I registered my own domain and configured my DNS server. With a DNS server in place, we can now set up reverse lookup records for our IP addresses. Reverse lookup primarily aids in spam prevention and improves the appearance of outputs in network tools like ping and traceroute. Setting Up the Resolver for IP Ranges The first step is to delegate reverse resolution for your IP ranges to your DNS server. My servers are ns[1-3].lantian.dn42. While all could theoretically be specified,...

DN42, aka Decentralized Network 42, is a large VPN network. Unlike traditional VPNs, DN42 uses a lot of technology involved in Internet backbones (such as BGP) and is a great simulation of a realistic network environment. In a previous post , I joined DN42 and connected most of my VPSes to it. (The ones left are OpenVZ VPSes without Tun/Tap support.) I knew from the beginning that DN42 has its own domain name system. For example, DN42's wiki ( https://wiki.dn42.us/Home ) can be accessed as https://internal.dn42 in DN42. I didn't register a domain back then since I didn't have time, and I didn't have much knowledge of DN42. I finished the registration this month and would like to share my experience. Building Authoritative DNS An authoritative DNS is responsible for a domain's records....

2020-03-16 Notice This article has an updated version: see 《 Introduction to the DN42 Experimental Network (2020 Edition) 》. The new version features a more detailed registration process and has been updated to reflect changes in DN42 over the past three years. The following content was written in 2017 and is for archival purposes only. DN42, short for Decentralized Network 42, is a large-scale VPN network. Unlike traditional VPNs, DN42 utilizes technologies commonly deployed on internet backbones (such as BGP), effectively simulating a real-world network environment. Due to its realistic nature, the barrier to entry for DN42 is relatively high. You'll need to act as an ISP (Internet Service Provider): register an ASN number, obtain IPv4 and IPv6 address pools,...