Changes in 1106ecc: Further work

				Home.md
			
          @@ -4,7 +4,7 @@ dn42 is a large, dynamic [VPN](https://en.wikipedia.org/wiki/Virtual_private_net

           Network addresses are assigned in the `172.20.0.0/14` range with private AS numbers (see [registry](/services/Whois)), as well as IPv6 addresses from the ULA range (`fd00::/8`) - see [FAQ](/FAQ#frequently-asked-questions_what-about-ipv6-in-dn42).

          -A variety of [services](/internal/Internal-Services) are available on the network, only accessible from within dn42. dn42 is also interconnected with other networks, such as [ChaosVPN](http://wiki.hamburg.ccc.de/ChaosVPN) and various [Freifunk](https://en.wikipedia.org/wiki/Freifunk) networks.

          +A variety of [services](/internal/Internal-Services) are available on the network, only accessible from within dn42. dn42 is also [interconnected](/Interconnections) with other networks, such as [ChaosVPN](http://wiki.hamburg.ccc.de/ChaosVPN) and various [Freifunk](https://en.wikipedia.org/wiki/Freifunk) networks.

           Still have questions? Check out our [FAQs](/FAQ).

          @@ -91,4 +91,4 @@ Editing is available from within dn42 at <https://wiki.dn42> ([HTTPS certificate

           ### DN42 logo

          -An SVG of the DN42 logo is available [here](/dn42.svg).

          \ No newline at end of file

          +An SVG of the DN42 logo is available [here](/dn42.svg).

				Interconnections.md
			
          @@ -1,4 +1,6 @@

          -**This page lists the external Overlay Networks DN42 is connected to**

          +# Interconnections

          +

          +This page lists the external networks dn42 is connected to

           | Network                                                | IPv4 address space | IPv6 address space | TLDs | Remarks |

           |:-------------------------------------------------------|:-------------------|:-------------------|:-----|:--------|

				services/dns/Architecture.md
			
          @@ -13,7 +13,7 @@ If running your own resolver is not possible or desirable, you can choose one or

           You can also use the globally anycasted a.recursive-servers.dn42 but you won't have any control over which instance you get. This is a **very bad idea** from a security standpoint.

           # Instances

          -The new DNS system has two different components:

          +The system has two different components:

           * *.recursive-servers.dn42 and local resolvers responsible for handling queries from clients, validating DNSSEC and directing the queries at clearnet/dn42/ICVPN.

           * *.delegation-servers.dn42 and *.master.delegation-servers.dn42 are a normal master-slave setup for providing the few official infrastructural zones.

          @@ -37,10 +37,9 @@ These instances do not serve any clients. They poll the registry regularly and r

             * For *.recursive-servers.dn42: Query clearnet, dn42 and ICVPN domains including rDNS. Make sure that both signed and unsigned domains work properly.

           * (Optional) Choose your single letter name and ask in #dn42-dns@hackint to get it added to the registry. Once added to the list, you must implement changes announced to the mailinglist within a week (faster is obviously better) or you might get removed again. We try to keep maintenance work as low as possible but we can't do it without the cooperation of all operators!

          -# [Monitoring](https://grafana.burble.com/d/E4iCaHoWk/dn42-dns-status?orgId=1&refresh=1m)

          -burble is providing monitoring for the new DNS system. It does simple checks on all instances every minute and also logs all changes into #dn42-dns@hackint.

          -

          -Also, gatuno provides another simple [dns checker for all the top level domains](http://gatuno.dn42/dns/) in the registry. If you want to check whatever a domain is resolving or not, this tool may be useful. The tool gets in sync with the registry every 12 hours. You can schedule checks for any domain.

          +# Monitoring

          +burble is providing monitoring for the system. It does simple checks on all instances every minute and also logs all changes into #dn42-dns@hackint.

          +[Monitoring page](https://grafana.burble.com/d/E4iCaHoWk/dn42-dns-status?orgId=1&refresh=1m)

           # DNSSEC

           There are currently two KSKs managed by BURBLE-MNT and JRB0001-MNT. They are used once per quarter to sign the DNSKEY RRset. Each master operator has one ZSK which is used to sign the zones (except for the DNSKEY RRset). This setup leads to bigger responses but allows each KSK holder to solve emergencies independently. The signatures of the DNSKEY RRset are valid until the end of the first month of the next quarter to give enough time for coordinating the next signing. All other signatures are valid for 3 days and replaced at least once per day.

...	...	@@ -4,7 +4,7 @@ dn42 is a large, dynamic [VPN](https://en.wikipedia.org/wiki/Virtual_private_net
4	4
5	5	Network addresses are assigned in the `172.20.0.0/14` range with private AS numbers (see [registry](/services/Whois)), as well as IPv6 addresses from the ULA range (`fd00::/8`) - see [FAQ](/FAQ#frequently-asked-questions_what-about-ipv6-in-dn42).
6	6
7		-A variety of [services](/internal/Internal-Services) are available on the network, only accessible from within dn42. dn42 is also interconnected with other networks, such as [ChaosVPN](http://wiki.hamburg.ccc.de/ChaosVPN) and various [Freifunk](https://en.wikipedia.org/wiki/Freifunk) networks.
	7	+A variety of [services](/internal/Internal-Services) are available on the network, only accessible from within dn42. dn42 is also [interconnected](/Interconnections) with other networks, such as [ChaosVPN](http://wiki.hamburg.ccc.de/ChaosVPN) and various [Freifunk](https://en.wikipedia.org/wiki/Freifunk) networks.
8	8
9	9	Still have questions? Check out our [FAQs](/FAQ).
10	10
...	...	@@ -91,4 +91,4 @@ Editing is available from within dn42 at <https://wiki.dn42> ([HTTPS certificate
91	91
92	92	### DN42 logo
93	93
94		-An SVG of the DN42 logo is available [here](/dn42.svg).
...	...	\ No newline at end of file
	0	+An SVG of the DN42 logo is available [here](/dn42.svg).

...	...	@@ -1,4 +1,6 @@
1		-This page lists the external Overlay Networks DN42 is connected to
	1	+# Interconnections
	2	+
	3	+This page lists the external networks dn42 is connected to
2	4
3	5	\| Network \| IPv4 address space \| IPv6 address space \| TLDs \| Remarks \|
4	6	\|:-------------------------------------------------------\|:-------------------\|:-------------------\|:-----\|:--------\|

...	...	@@ -13,7 +13,7 @@ If running your own resolver is not possible or desirable, you can choose one or
13	13	You can also use the globally anycasted a.recursive-servers.dn42 but you won't have any control over which instance you get. This is a very bad idea from a security standpoint.
14	14
15	15	# Instances
16		-The new DNS system has two different components:
	16	+The system has two different components:
17	17	* *.recursive-servers.dn42 and local resolvers responsible for handling queries from clients, validating DNSSEC and directing the queries at clearnet/dn42/ICVPN.
18	18	* .delegation-servers.dn42 and .master.delegation-servers.dn42 are a normal master-slave setup for providing the few official infrastructural zones.
19	19
...	...	@@ -37,10 +37,9 @@ These instances do not serve any clients. They poll the registry regularly and r
37	37	* For *.recursive-servers.dn42: Query clearnet, dn42 and ICVPN domains including rDNS. Make sure that both signed and unsigned domains work properly.
38	38	* (Optional) Choose your single letter name and ask in #dn42-dns@hackint to get it added to the registry. Once added to the list, you must implement changes announced to the mailinglist within a week (faster is obviously better) or you might get removed again. We try to keep maintenance work as low as possible but we can't do it without the cooperation of all operators!
39	39
40		-# [Monitoring](https://grafana.burble.com/d/E4iCaHoWk/dn42-dns-status?orgId=1&refresh=1m)
41		-burble is providing monitoring for the new DNS system. It does simple checks on all instances every minute and also logs all changes into #dn42-dns@hackint.
42		-
43		-Also, gatuno provides another simple [dns checker for all the top level domains](http://gatuno.dn42/dns/) in the registry. If you want to check whatever a domain is resolving or not, this tool may be useful. The tool gets in sync with the registry every 12 hours. You can schedule checks for any domain.
	40	+# Monitoring
	41	+burble is providing monitoring for the system. It does simple checks on all instances every minute and also logs all changes into #dn42-dns@hackint.
	42	+[Monitoring page](https://grafana.burble.com/d/E4iCaHoWk/dn42-dns-status?orgId=1&refresh=1m)
44	43
45	44	# DNSSEC
46	45	There are currently two KSKs managed by BURBLE-MNT and JRB0001-MNT. They are used once per quarter to sign the DNSKEY RRset. Each master operator has one ZSK which is used to sign the zones (except for the DNSKEY RRset). This setup leads to bigger responses but allows each KSK holder to solve emergencies independently. The signatures of the DNSKEY RRset are valid until the end of the first month of the next quarter to give enough time for coordinating the next signing. All other signatures are valid for 3 days and replaced at least once per day.