75 lines
18 KiB
XML
75 lines
18 KiB
XML
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
|
||
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
|
||
<channel>
|
||
<title>Services on burble.dn42</title>
|
||
<link>http://localhost:2010/services/</link>
|
||
<description>Recent content in Services on burble.dn42</description>
|
||
<generator>Hugo</generator>
|
||
<language>en-gb</language>
|
||
<atom:link href="http://localhost:2010/services/index.xml" rel="self" type="application/rss+xml" />
|
||
<item>
|
||
<title>DN42</title>
|
||
<link>http://localhost:2010/services/dn42/</link>
|
||
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||
<guid>http://localhost:2010/services/dn42/</guid>
|
||
<description><p>burble.dn42 hosts a number of DN42 infrastructure services.</p>
<h2 id="dns">DNS</h2>
<table>
 <thead>
 <tr>
 <th style="text-align: left">Service</th>
 <th style="text-align: left">Name</th>
 <th style="text-align: left">IP</th>
 </tr>
 </thead>
 <tbody>
 <tr>
 <td style="text-align: left">DN42 Master</td>
 <td style="text-align: left">b.master.delegation-servers.dn42</td>
 <td style="text-align: left">fd42:180:3de0:30::1</td>
 </tr>
 <tr>
 <td style="text-align: left">Authoritative Service</td>
 <td style="text-align: left">b.delegation-servers.dn42</td>
 <td style="text-align: left">172.20.129.1<br/>fd42:4242:2601:ac53::1</td>
 </tr>
 <tr>
 <td style="text-align: left">Recursive Service</td>
 <td style="text-align: left">b.recursive-servers.dn42</td>
 <td style="text-align: left">172.20.129.2<br/>fd42:4242:2601:ac53::53</td>
 </tr>
 </tbody>
</table>
<p>burble.dn42 provides a local, anycast, authoritative and recursive DNS service.<br>
The <a href="http://localhost:2010/services/dns">DNS Service</a> has it&rsquo;s own page.</p>
<h2 id="dn42-wiki-mirror">DN42 Wiki Mirror</h2>
<table>
 <thead>
 <tr>
 <th style="text-align: left">Mirror URLs</th>
 <th></th>
 </tr>
 </thead>
 <tbody>
 <tr>
 <td style="text-align: left"><a href="https://wiki.dn42/">wiki.dn42</a><br/><a href="https://wiki.burble.dn42/">wiki.burble.dn42</a> </td>
 <td style="text-align: left">(editable via DN42)</td>
 </tr>
 <tr>
 <td style="text-align: left"><a href="https://dn42.dev/">dn42.dev</a><br/><a href="https://wiki.burble.com/">wiki.burble.com</a> </td>
 <td style="text-align: left">(read-only via public internet)</td>
 </tr>
 </tbody>
</table>
<p>burble.dn42 maintains a globally distributed mirror of the DN42 Wiki, and is part of
the wiki.dn42 anycast group.
The DN42 services (<a href="https://wiki.dn42/">wiki.dn42</a> and
<a href="https://wiki.burble.dn42/">wiki.burble.dn42</a>) are editable, whilst the public internet
views (<a href="https://dn42.dev/">dn42.dev</a> and <a href="https://wiki.burble.com/">wiki.burble.com</a>) are
read-only.</p></description>
|
||
</item>
|
||
<item>
|
||
<title>Public Services</title>
|
||
<link>http://localhost:2010/services/public/</link>
|
||
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||
<guid>http://localhost:2010/services/public/</guid>
|
||
<description><p>Services provided for use within DN42</p>
<h2 id="website">Website</h2>
<ul>
<li><a href="https://burble.dn42/">burble.dn42</a> (dn42 link)</li>
<li><a href="https://dn42.burble.com/">dn42.burble.com</a> (public internet link)</li>
</ul>
<p>This website is built using <a href="https://gohugo.io/">Hugo</a> and is
<a href="http://localhost:2010/services/internal/#rproxyburbledn42">distributed</a> across burble.dn42
core nodes.</p>
<p>The public internet site is a <a href="https://www.cloudflare.com">CloudFlare</a> pages
application and the source is <a href="https://git.burble.com/burble.dn42/www">published</a>
in the burble.dn42 git.</p>
<h2 id="service-administration-portal">Service Administration Portal</h2>
<ul>
<li><a href="https://svc.burble.dn42/">svc.burble.dn42</a></li>
</ul>
<p>The service portal allows you to configure your burble.dn42 services.</p>
<p>Functionality includes:</p>
<ul>
<li>Setting or changing a burble.dn42 LDAP password</li>
<li>Changing your shell for the shell services</li>
<li>Viewing peering information</li>
</ul>
<h2 id="diagnostic-services">Diagnostic Services</h2>
<h3 id="looking-glass">Looking Glass</h3>
<ul>
<li><a href="https://lg.burble.com">lg.burble.com</a> (public internet link)</li>
<li><a href="https://lg.burble.dn42">lg.burble.dn42</a> (dn42 link)</li>
</ul>
<p>The burble.dn42 looking glass is based on
<a href="https://github.com/xddxdd/bird-lg-go">bird-lg-go</a> with some local
customisations. The source code for the looking glass is available
on the
<a href="https://git.burble.com/burble.dn42/bird-lg-go">burble.dn42 git</a>.</p></description>
|
||
</item>
|
||
<item>
|
||
<title>Internal Services</title>
|
||
<link>http://localhost:2010/services/internal/</link>
|
||
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||
<guid>http://localhost:2010/services/internal/</guid>
|
||
<description><p>This page provides some documenation on other services used within burble.dn42
that are not directly available for public use.</p>
<h2 id="traefik--traefik-eu--traefik-na">traefik / traefik-eu / traefik-na</h2>
<p>burble.dn42 runs a global <a href="https://traefik.io/traefik/">traefik</a> cluster which
acts as a reverse proxy and load balancer for burble.dn42 web services.</p>
<p>The traefik instances are anycast globally (traefik.burble.dn42), but also
have regional load balancing groups for Europe (traefik-eu.burble.dn42) and
North America (traefik-na.burble.dn42). This regional split helps to direct
users to local services where possible.</p></description>
|
||
</item>
|
||
<item>
|
||
<title>DNS</title>
|
||
<link>http://localhost:2010/services/dns/</link>
|
||
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||
<guid>http://localhost:2010/services/dns/</guid>
|
||
<description><p>burble.dn42 provides a suite of DNS services, including running one of the two
DN42 DNS master nodes that exports registry information to the DNS infrastructure.</p>
<table>
 <thead>
 <tr>
 <th style="text-align: left">Role</th>
 <th style="text-align: left">Names</th>
 </tr>
 </thead>
 <tbody>
 <tr>
 <td style="text-align: left">DN42 DNS Master</td>
 <td style="text-align: left">b.master.delegation-servers.dn42</td>
 </tr>
 <tr>
 <td style="text-align: left">Authoritative DNS Service</td>
 <td style="text-align: left">b.delegation-servers.dn42<br>ns1.burble.dn42</td>
 </tr>
 <tr>
 <td style="text-align: left">Recursive DNS Service</td>
 <td style="text-align: left">b.recursive-servers.dn42<br/>dns.burble.dn42</td>
 </tr>
 <tr>
 <td style="text-align: left">dns64 Service</td>
 <td style="text-align: left">dns64.burble.dn42</td>
 </tr>
 </tbody>
</table>
<p>Apart from the Master, all DNS services are anycast across every node to provide fast,
local responses network wide. The services support DNSSEC and are available over UDP, TCP,
DNS over HTTPs and DNS over TLS.</p></description>
|
||
</item>
|
||
<item>
|
||
<title>ACME</title>
|
||
<link>http://localhost:2010/services/acme/</link>
|
||
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||
<guid>http://localhost:2010/services/acme/</guid>
|
||
<description><p>burble.dn42 provides an <a href="https://en.wikipedia.org/wiki/Automatic_Certificate_Management_Environment">ACME</a>
service using an intermediate certificate issued by the
<a href="https://dn42.dev/services/Certificate-Authority">dn42 certificate authority</a> and implemented using
a <a href="https://vaultproject.io/">HashiCorp Vault</a> cluster to provide a highly available service.</p>
<p>The following ACME challenge types are supported:</p>
<ul>
<li>http-01</li>
<li>dns-01</li>
<li>tls-alpn-01</li>
</ul>
<h2 id="dn42-endpoint">dn42 endpoint</h2>
<ul>
<li><a href="https://acme.burble.dn42/v1/dn42/acme/directory">https://acme.burble.dn42/v1/dn42/acme/directory</a></li>
</ul>
<p>The dn42 endpoint serves certificates signed by an intermediate certificate issued by the
<a href="https://dn42.dev/services/Certificate-Authority">dn42 certificate authority</a>.</p>
<blockquote class="gdoc-hint info">
 <p>Note that certificates are issued with a validity period of <strong>30 days</strong>, which is
shorter than most clearnet ACME services.</p></description>
|
||
</item>
|
||
<item>
|
||
<title>Shell Accounts</title>
|
||
<link>http://localhost:2010/services/shell/</link>
|
||
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||
<guid>http://localhost:2010/services/shell/</guid>
|
||
<description><p>burble.dn42 provides shell accounts on the following servers:</p>
<ul>
<li>shell.fr.burble.dn42</li>
<li>shell.uk.burble.dn42</li>
<li>shell.de.burble.dn42</li>
<li>shell.lax.burble.dn42</li>
<li>shell.nyc.burble.dn42</li>
</ul>
<p>There is also an anycast address <a href="https://shell.burble.dn42">shell.burble.dn42</a>
that will route to the closest server.</p>
<h2 id="accessing-the-service">Accessing the Service</h2>
<p>The shell service imports user information from the dn42 registry allowing
any MNTNER to log in to the servers. Usernames are constructed by
lowercasing and removing the &lsquo;-MNT&rsquo; suffix.</p>
<h3 id="using-an-ssh-public-key">Using an SSH public key</h3>
<p>If you have an <code>auth</code> attribute with an SSH public key, this will be
imported from the registry and you can use the SSH key to log in to the
shell server.</p></description>
|
||
</item>
|
||
<item>
|
||
<title>S3 Object Storage</title>
|
||
<link>http://localhost:2010/services/minio/</link>
|
||
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||
<guid>http://localhost:2010/services/minio/</guid>
|
||
<description><p>burble.dn42 provides an S3 compatible storage service based on <a href="https://min.io/">min.io</a>.</p>
<ul>
<li><a href="https://minio.burble.dn42">https://minio.burble.dn42</a> - Web interface</li>
<li>s3.burble.dn42 - S3 compatible interface</li>
</ul>
<blockquote class="gdoc-hint warning">
 <p>Remember that the storage service is provided for the dn42 community and
the <a href="http://localhost:2010/network/abuse/">burble.dn42 abuse policy</a> applies.</p>
<p>Be considerate in your usage so that others will get the same benefits as
you are enjoying now. Clean up files that you no longer need, do not use the service for
illegal or objectional content and don&rsquo;t be stupid.</p></description>
|
||
</item>
|
||
<item>
|
||
<title>Certificate Authority</title>
|
||
<link>http://localhost:2010/services/ca/</link>
|
||
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||
<guid>http://localhost:2010/services/ca/</guid>
|
||
<description><p>burble.dn42 maintains a PKI infarstructure for its services, using
<a href="http://localhost:2010/services/internal/#vaultburbledn42">Hashicorp Vault</a></p>
<h2 id="ca-details">CA details</h2>
<table>
 <thead>
 <tr>
 <th></th>
 <th></th>
 </tr>
 </thead>
 <tbody>
 <tr>
 <td>countryName</td>
 <td>GB</td>
 </tr>
 <tr>
 <td>stateOrProvinceName </td>
 <td>dn42</td>
 </tr>
 <tr>
 <td>organizationName</td>
 <td>burble.dn2</td>
 </tr>
 <tr>
 <td>commonName</td>
 <td>ca.burble.dn42</td>
 </tr>
 <tr>
 <td>emailAddress</td>
 <td><a href="mailto:dn42@burble.com">dn42@burble.com</a></td>
 </tr>
 </tbody>
</table>
<h2 id="ca-download">CA Download</h2>
<p><a href="http://localhost:2010/burble-dn42-ca.pem">burble-dn42-ca.pem</a></p>
<pre tabindex="0"><code>-----BEGIN CERTIFICATE-----
MIIDtzCCAp+gAwIBAgIUBIkK5f6OppmInBEKnG0xiNTn7lIwDQYJKoZIhvcNAQEL
BQAwazELMAkGA1UEBhMCR0IxDTALBgNVBAgMBGRuNDIxFDASBgNVBAoMC2J1cmJs
ZS5kbjQyMRcwFQYDVQQDDA5jYS5idXJibGUuZG40MjEeMBwGCSqGSIb3DQEJARYP
ZG40MkBidXJibGUuY29tMB4XDTE5MDgxMzEwMDg0OVoXDTI5MDUxMjEwMDg0OVow
azELMAkGA1UEBhMCR0IxDTALBgNVBAgMBGRuNDIxFDASBgNVBAoMC2J1cmJsZS5k
bjQyMRcwFQYDVQQDDA5jYS5idXJibGUuZG40MjEeMBwGCSqGSIb3DQEJARYPZG40
MkBidXJibGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsSxS
bQq27BmOsx5aX/G3x/lcIt0N0ECb0pZ8laX1/DFMWTBgQxpcwuOGyagsq7Jd6Ozt
fvZUAD8K3P0q6JCX+164Yq+3yA1urchdUf0rFby6JJYkhSSVnzTWouNRfiTNYmUK
C6Dtd3ZDQux6+8JAxI1rYGV+HqJ4y2N5A1pGGjLLfESfu38I2SflT5tUVNRgTfV9
ERbIQl7Zq9fYoizLnkbGWRSY5lk8Cwyz1q342Z8NazE5glJgE54uzLMmcdZfSD5f
2wF/XgIM8vcpXGo10aU8ZiYlevxDls1S/p2IdIZ3idb9+38hEY+mBenDNxA1Ad+d
5lQZIL0v7QHgtHiyqQIDAQABo1MwUTAdBgNVHQ4EFgQU3z7rCRdMpqOyh7MLWfO8
F75hmxwwHwYDVR0jBBgwFoAU3z7rCRdMpqOyh7MLWfO8F75hmxwwDwYDVR0TAQH/
BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAm2hdaRx7CESeeWpvQIUmWysYWZ5r
tLsDkU0PdM2vQSB42MbngKNGi2GU1CXgQhNiYDieoIMhtfMf1Zl6PBm13XE11COg
HKCbs828G5X6HrlCnVAfqQiaa0HLZ0vFO94RVknn/wqr2VoHKNLdA46gMD67FWGm
KGyeD480JbIOiM69r/4JGzuJSh384CxH6KPCX7dUywxgI9zbW99SaKTQNJ8Z+O04
qPtmh+qW0L8a7lTuaR/SEbloDA+ztDYyEPsgmVpvM+e2PtJdmygGaUc8Y15TevJR
PGauY9oPLMXdxRYsqjQeKjBXv7Ms0CQB8XNHQ7zPsM83EZD5Eq68wLIvUA==
-----END CERTIFICATE-----
</code></pre><blockquote class="gdoc-hint danger">
 Certificate Expiry Date: <code>May 12 10:08:49 2029 GMT</code>
</blockquote></description>
|
||
</item>
|
||
<item>
|
||
<title>Ping Challenge</title>
|
||
<link>http://localhost:2010/services/ping/</link>
|
||
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
|
||
<guid>http://localhost:2010/services/ping/</guid>
|
||
<description><p>Can you solve the burble.dn42 ping challenge ?</p>
<h2 id="to-start">To start</h2>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl">$ ping -s <span class="m">0</span> -c <span class="m">1</span> fd42:4242:2601:31f0::1
</span></span></code></pre></div><h2 id="hints">Hints</h2>
<ul>
<li>Use <code>-c 1</code> to only return one ping, <em>unless instructed otherwise</em></li>
<li>Use <code>-s 0</code> to create a zero sized ping, <em>unless instructed otherwise</em></li>
<li>Packet capture is your friend</li>
<li>You may also find a <a href="http://kioubit.dn42/cyber/">CyberChef</a> useful</li>
<li>The server maintains state based on your source IP and will time out idle clients after several days. There are ways to check the status (revealed during the challenge) but if your state times out you will need to restart from the nearest checkpoint.</li>
</ul></description>
|
||
</item>
|
||
</channel>
|
||
</rss>
|