44net

44net@mailman.ampr.org

2 participants
3170 discussions

by Dan Cross

# Summary Given that DNS has been a popular topic of discussion lately, I thought it might be useful to try and put some words about it on the Wiki. In preparation for this, I was playing around with the recursive DNS server on my subnet, and I ran into some strange behavior that I don't understand; perhaps someone else knows what's going on? To my eye, it looks like some types of PTR queries are being dropped at or before AMPRGW; this behavior is repeatable. # Setup and Context * I have a machine on my allocated subnet (44.44.48.29) that is running a recursive, caching DNS server (that is, a resolver). * The resolver is configured with stub zones that forward requests for ampr.org, 44.in-addr.arpa and 128.44.in-addr.arpa to the authoritative servers for those zones listed on the Wiki * The resolver is configured to respond to requests issued over both IPv4 and IPv6 * Machines on my subnet are configured to query this server. * I have configured my firewall to allow access to the `domain` port (e.g., UDP/53) on that machine from a few places on the Internet --- but not all. # Observations What I observe is inconsistent, but repeatable, failures when issuing PTR queries for certain IP addresses via IPv4 from the external Internet. * Forward queries from all sources seem to work fine. At least, I haven't observed any that fail (other than for, say, non-existent hostnames). * Similarly, PTR queries issued from the hosts on my subnet all seem to work as expected. * PTR queries issued over IPv6 seem to work fine from any source. * PTR queries issued over IPv4 from other networks locally connected to my home network (I have several ethernets and TCP/IP networks at home, interconnected with a set of routers and switches) all seem to work fine. * PTR queries for _some_ IP addresses issued over IPv4 from external machines on the Internet work reliably. For example, I can reliably query for 44.1.1.44, 44.0.0.1, 127.0.0.1, and 8.8.8.8 and I don't believe I've ever seen any of these queries fail. * PTR queries for _most_ 44Net IP addresses issued over IPv4 from external machines on the Internet fail reliably. For example, I cannot query for 44.44.48.1 (my gateway), or 44.182.21.1 (YO2LOJ's machine). I don't believe I have ever seen any of these queries succeed. Note that the only thing that differs in the last two cases is the address I'm trying to resolve. Now the interesting part. For the failing queries, I've observed that the actual query traffic _never makes it to my gateway from UCSD_. That is, the encapsulated datagram carrying the UDP packet containing the query never makes it to the external gateway. I issued these queries with the `host` tool. To verify this, I ran `tcpdump` in several places: 1. At the source machine where I issued the DNS queries: tcpdump -vvn host 44.44.48.29 2. On my gateway, examining the encapsulated traffic on the external interface: tcpdump -vvni cnmac1 ip proto 4 and 'ip[29:1] == 17 and (ip[42:2] == 53 or ip[40:2] == 53)' (Note the `ip[...]` expressions are matching in the encapsulated IP and UDP headers.) 3. On the DNS server machine itself: tcpdump -vvn udp port domain or tcp port domain To verify that everything is working as expected, first I issue a successful forward query: ``` : gaja; host -4 kz2x.ampr.org srv.kz2x.ampr.org Using domain server: Name: srv.kz2x.ampr.org Address: 44.44.48.29#53 Aliases: kz2x.ampr.org has address 44.44.48.2 kz2x.ampr.org has IPv6 address 2603:3005:b04:8144:48:edff:fe9c:c00 : gaja; ``` Note that the query succeeded (the astute reader may notice that that's missing an MX record, but ignore that for now), but let's look at the `tcpdump` output at each stage just to see what it looks like. Note that the data is in my cache, so I omit the details of recursive queries down to the roots, etc. From the local machine where I issue the query, one sees: ``` 20:07:31.444583 166.84.136.80.35777 > 44.44.48.29.53: [udp sum ok] 32707+ A? kz2x.ampr.org.(31) (ttl 64, id 18835, len 59) 20:07:31.603276 44.44.48.29.53 > 166.84.136.80.35777: [udp sum ok] 32707* q: A? kz2x.ampr.org. 1/0/0 kz2x.ampr.org. A 44.44.48.2(47) (ttl 40, id 12176, len 75) 20:07:31.605932 166.84.136.80.22717 > 44.44.48.29.53: [udp sum ok] 7616+ AAAA? kz2x.ampr.org.(31) (ttl 64, id 58081, len 59) 20:07:31.761378 44.44.48.29.53 > 166.84.136.80.22717: [udp sum ok] 7616* q: AAAA? kz2x.ampr.org. 1/0/0 kz2x.ampr.org. AAAA 2603:3005:b04:8144:48:edff:fe9c:c00(59) (ttl 40, id 62606, len 87) 20:07:31.762560 166.84.136.80.28977 > 44.44.48.29.53: [udp sum ok] 58832+ MX? kz2x.ampr.org.(31) (ttl 64, id 41619, len 59) 20:07:31.911483 44.44.48.29.53 > 166.84.136.80.28977: 58832* q: MX? kz2x.ampr.org. 0/1/0 ns: kz2x.ampr.org. SOA[|domain] (ttl 40, id 37627, len 110) ``` From the external interface on my AMPRNet gateway machine, I see: 20:07:31.523609 169.228.34.84 > 23.30.150.141: 166.84.136.80.35777 > 44.44.48.29.53: [udp sum ok] 32707+ A? kz2x.ampr.org.(31) [tos 0x28] (ttl 49, id 18835, len 59) (ttl 48, id 486, len 79) 20:07:31.524290 23.30.150.141 > 169.228.34.84: 44.44.48.29.53 > 166.84.136.80.35777: [udp sum ok] 32707* q: A? kz2x.ampr.org. 1/0/0 kz2x.ampr.org. A 44.44.48.2(47) (ttl 63, id 12176, len 75) (ttl 64, id 12041, len 95) 20:07:31.683608 169.228.34.84 > 23.30.150.141: 166.84.136.80.22717 > 44.44.48.29.53: [udp sum ok] 7616+ AAAA? kz2x.ampr.org.(31) [tos 0x28] (ttl 49, id 58081, len 59) (ttl 48, id 6515, len 79) 20:07:31.684262 23.30.150.141 > 169.228.34.84: 44.44.48.29.53 > 166.84.136.80.22717: 7616* q: AAAA? kz2x.ampr.org. 1/0/0 kz2x.ampr.org. AAAA[|domain] (ttl 63, id 62606, len 87) (ttl 64, id 48275, len 107) 20:07:31.836445 169.228.34.84 > 23.30.150.141: 166.84.136.80.28977 > 44.44.48.29.53: [udp sum ok] 58832+ MX? kz2x.ampr.org.(31) [tos 0x28] (ttl 49, id 41619, len 59) (ttl 48, id 6629, len 79) 20:07:31.837067 23.30.150.141 > 169.228.34.84: 44.44.48.29.53 > 166.84.136.80.28977: 58832* q: MX? kz2x.ampr.org. 0/1/0 ns: kz2x.ampr.org. SOA[|domain] (ttl 63, id 37627, len 110) (ttl 64, id 12165, len 130) And on the DNS server machine itself: ``` 20:07:31.520610 166.84.136.80.35777 > 44.44.48.29.53: [udp sum ok] 32707+ A? kz2x.ampr.org.(31) [tos 0x28] (ttl 48, id 44358, len 59) 20:07:31.520796 44.44.48.29.53 > 166.84.136.80.35777: [udp sum ok] 32707* q: A? kz2x.ampr.org. 1/0/0 kz2x.ampr.org. A 44.44.48.2(47) (ttl 64, id 33360, len 75) 20:07:31.680599 166.84.136.80.22717 > 44.44.48.29.53: [udp sum ok] 7616+ AAAA? kz2x.ampr.org.(31) [tos 0x28] (ttl 48, id 23293, len 59) 20:07:31.680766 44.44.48.29.53 > 166.84.136.80.22717: [udp sum ok] 7616* q: AAAA? kz2x.ampr.org. 1/0/0 kz2x.ampr.org. AAAA 2603:3005:b04:8144:48:edff:fe9c:c00(59) (ttl 64, id 31261, len 87) 20:07:31.833404 166.84.136.80.28977 > 44.44.48.29.53: [udp sum ok] 58832+ MX? kz2x.ampr.org.(31) [tos 0x28] (ttl 48, id 44916, len 59) 20:07:31.833578 44.44.48.29.53 > 166.84.136.80.28977: 58832* q: MX? kz2x.ampr.org. 0/1/0 ns: kz2x.ampr.org. SOA[|domain] (ttl 64, id 28444, len 110) ``` These results are all expected. Similarly for a successful reverse query: ``` : gaja; host -4 44.1.1.44 srv.kz2x.ampr.org Using domain server: Name: srv.kz2x.ampr.org Address: 44.44.48.29#53 Aliases: 44.1.1.44.in-addr.arpa domain name pointer ns.ardc.net. : gaja; ``` As seen from the source host: ``` 20:13:37.445021 166.84.136.80.4339 > 44.44.48.29.53: [udp sum ok] 61470+ PTR? 44.1.1.44.in-addr.arpa.(40) (ttl 64, id 34902, len 68) 20:13:37.609712 44.44.48.29.53 > 166.84.136.80.4339: [udp sum ok] 61470 q: PTR? 44.1.1.44.in-addr.arpa. 1/0/0 44.1.1.44.in-addr.arpa. PTR ns.ardc.net.(65) (ttl 40, id 15635, len 93) ``` From the gateway: ``` 20:13:37.523609 169.228.34.84 > 23.30.150.141: 166.84.136.80.4339 > 44.44.48.29.53: [udp sum ok] 61470+ PTR? 44.1.1.44.in-addr.arpa.(40) [tos 0x28] (ttl 49, id 34902, len 68) (ttl 48, id 13407, len 88) 20:13:37.533691 23.30.150.141 > 169.228.34.84: 44.44.48.29.53 > 166.84.136.80.4339: 61470 q: PTR? 44.1.1.44.in-addr.arpa. 1/0/0 44.1.1.44.in-addr.arpa. PTR[|domain] (ttl 63, id 15635, len 93) (ttl 64, id 52552, len 113) ``` And at the DNS server: ``` 20:13:37.520500 166.84.136.80.4339 > 44.44.48.29.53: [udp sum ok] 61470+ PTR? 44.1.1.44.in-addr.arpa.(40) [tos 0x28] (ttl 48, id 22620, len 68) 20:13:37.520691 44.44.48.29.53 > 166.84.136.80.4339: [udp sum ok] 61470 q: PTR? 44.1.1.44.in-addr.arpa. 1/0/0 44.1.1.44.in-addr.arpa. PTR ns.ardc.net.(65) (ttl 64, id 59842, len 93) ``` Okay, but what about a failing query? Let's try one: ``` : gaja; host -4 44.44.48.29 srv.kz2x.ampr.org ;; connection timed out; no servers could be reached : gaja; ``` Uh oh. As seen from the source host: ``` 20:15:26.775880 166.84.136.80.29535 > 44.44.48.29.53: [udp sum ok] 39502+ PTR? 29.48.44.44.in-addr.arpa.(42) (ttl 64, id 59475, len 70) 20:15:27.776870 166.84.136.80.29535 > 44.44.48.29.53: [udp sum ok] 39502+ PTR? 29.48.44.44.in-addr.arpa.(42) (ttl 64, id 40687, len 70) ``` But at the gateway, nothing at all is seen; no relevant data is received from the AMPRGW, and of course, similarly at the DNS server as well. So it appears that these queries are being lost, either at AMPRGW or before. Has anyone seen this before? Is it expected? - Dan C.

7 months, 2 weeks

AMPR Portal Cut-over 1 Month Later

by Charles J. Hargrove

So, everyone out in 44net land, how are things? After one month since the "cut-over": - are the coordinators allowed to coordinate fully? - are the requestors allowed to be assigned a non-.32/.61/63 address? - is everyone "trusted" enough to use the portal freely/fully again? Inquiring minds, and those waiting for an allocation, want to know. -- Charles J. Hargrove - N2NOV NYC-ARECS/RACES Citywide Radio Officer/Skywarn Coord. NYC-ARECS/RACES Nets 441.100/136.5 PL ARnewsline Broadcast Mon. @ 8:00PM NYC-ARECS Weekly Net Mon. @ 8:30PM http://www.nyc-arecs.org NY-NBEMS Net Saturdays @ 10AM & USeast-NBEMS Net Wednesdays @ 7PM on 7.036 Mhz USB (alt 3.536)/1500 hz waterfall spot; MFSK-16 or 32 "Information is the oxygen of the modern age. It seeps through the walls topped by barbed wire, it wafts across the electrified borders." - Ronald Reagan "The more corrupt the state, the more it legislates." - Tacitus "Molann an obair an fear" - Irish Saying (The work praises the man.) "No matter how big and powerful government gets, and the many services it provides, it can never take the place of volunteers." - Ronald Reagan

7 months, 3 weeks

Connectivity into 44net

by Trevor Halsey

Hello everyone, I've had a 44net account for a while now and I've played with both setting up OpenWRT, several Linux VMs, and a Cisco 1900 (with limited knowledge and testing from work when we got fancy ISR4443's) but never actually achieved anything. Previously I read that to achieve BGP connectivity something had to be done with the ISP to allow the AS route to be announced/routed so that may have been another roadblock. Also with the whole IPIP based traffic, you can only have a limited number of devices unless you start working nat-magic and throw everything behind the same ip. Personally, I'm more familiar with VPN-based tunneling back to an endpoint and the datacenter/carrier-based router would announce the /24 route based on the status of the tunnel/ip and would not actually need to involve the non-rfp'd local carrier at all. As long as traffic could be passed through a tcp port, the connection could be made. Are there any opportunities with IPSEC/SSL/OpenVPN or even SDWAN endpoints joining the network instead of needing a router and formal networking knowledge to do the same? I just keep running into the same issues with 44net even though I can muster along and setup my work sites with good old IPSEC tunnels and locking the service down. Thanks, KD8SEP Trevor Halsey Middletown, Ohio

7 months, 3 weeks

Re: [EastNetPacket] Requesting New Allocations Is Incomplete

by Charles J. Hargrove

I have been asked to participate in a conference call with ARDC staff regarding the concerns about the portal cut-over. If there are any items that you would like me to bring up during the call (not scheduled yet), please email me directly at n2nov(a)n2nov.net with it. On 4/19/2024 2:44 PM, Charles J. Hargrove wrote: > I just received email and then a phone call from a person that wanted > to join one of our networks in the Northeast USA for the purposes of > routing Echolink, repeaters and more. When logging onto the "new" AMPR > portal, they were given only a choice of a few subnets based on a dropdown > list of intended uses. None of them jived with the networks in any of > the individual states or countries. I would suggest spreading the word > that all requests for new or expanded allocations be held up until things > can be straightened out. It seems that their small volunteer force is > unable to keep up with the workload since the changeover on April 3rd. > I personally have over a dozen tickets unassigned and even one from 4/3. > Everyone just standby and chill until they figure things out. No need > to expect steak when they are working with hamburger. > > I just jumped on the AMPR portal and found only these choices: > IPIP Tunnel Mesh 44.63.0.0/16 > > BGP Direct Announce 44.32.0.0/16 > > Radio 44.61.0.0/16 > Globally Unique 44.61.0.0/16 > General Address 44.61.0.0/16 > > AREDN - contact AREDN directly > HAMNET - contact HAMNET directly in Europe > HAMWAN - contact HAMWAN directly > -- Charles J. Hargrove - N2NOV NYC-ARECS/RACES Citywide Radio Officer/Skywarn Coord. NYC-ARECS/RACES Nets 441.100/136.5 PL ARnewsline Broadcast Mon. @ 8:00PM NYC-ARECS Weekly Net Mon. @ 8:30PM http://www.nyc-arecs.org NY-NBEMS Net Saturdays @ 10AM & USeast-NBEMS Net Wednesdays @ 7PM on 7.036 Mhz USB (alt 3.536)/1500 hz waterfall spot; MFSK-16 or 32 "Information is the oxygen of the modern age. It seeps through the walls topped by barbed wire, it wafts across the electrified borders." - Ronald Reagan "The more corrupt the state, the more it legislates." - Tacitus "Molann an obair an fear" - Irish Saying (The work praises the man.) "No matter how big and powerful government gets, and the many services it provides, it can never take the place of volunteers." - Ronald Reagan

7 months, 3 weeks

Re: [ARDC:44Net] Blog Post Highlighting Portal 2.0 is Live

by Charles J. Hargrove

I guess it can be called the "Friday Funnies" and full of marketing hype. On 5/3/2024 2:22 PM, Rebecca Key via groups.io wrote: > Hey Everyone, > > Our latest blog post on ardc.net highlights the launch of the new > Portal: check it out here > <https://www.ardc.net/ardc-launches-44net-portal-2-0/>! > > 73, > Rebecca > KO4KVG -- Charles J. Hargrove - N2NOV NYC-ARECS/RACES Citywide Radio Officer/Skywarn Coord. NYC-ARECS/RACES Nets 441.100/136.5 PL ARnewsline Broadcast Mon. @ 8:00PM NYC-ARECS Weekly Net Mon. @ 8:30PM http://www.nyc-arecs.org NY-NBEMS Net Saturdays @ 10AM & USeast-NBEMS Net Wednesdays @ 7PM on 7.036 Mhz USB (alt 3.536)/1500 hz waterfall spot; MFSK-16 or 32 "Information is the oxygen of the modern age. It seeps through the walls topped by barbed wire, it wafts across the electrified borders." - Ronald Reagan "The more corrupt the state, the more it legislates." - Tacitus "Molann an obair an fear" - Irish Saying (The work praises the man.) "No matter how big and powerful government gets, and the many services it provides, it can never take the place of volunteers." - Ronald Reagan

7 months, 3 weeks

IPIP tunnel for internet traffic

by KUN LIN

Hi I am wondering if the outgoing traffic can go through the IPIP tunnel gateway? After adding DNS record to my 44net ip, I can successfully ping my 44net IP. But when I try to run outbound traffic, for example ping -c 3 -I tunl0 1.1.1.1 It won't work. I am wondering how to initiate connections on the Debian 12. Thanks Kun

7 months, 3 weeks

Fwd: [OpenDV] John Hays K7VE SK

by Charles J. Hargrove

I just received this news this morning (nearly 2 weeks after). -------- Forwarded Message -------- Subject: [OpenDV] John Hays K7VE SK Date: Sun, 28 Apr 2024 05:54:08 -0700 From: Jonathan Naylor via groups.io <naylorjs=yahoo.com(a)groups.io> To: OpenDV(a)groups.io My friend John Hays K7VE died unexpectedly on April 16th. The Facebook algorithms didn't see fit to show me this information and I had to be told days later by Jim KI6ZUM. Instead FB insisted on feeding me pages that I don't follow, rather than stuff that matters to me. Anyway I digress. I knew John pretty well. He had been an early supporter of my software, and my first dealing with him were in Autumn 2009 only a few months after the release of my first D-Star and FM repeater software, and before it was in widespread use. Many of our emails were about the poor performance of the then popular GMSK modems and what we could do about them, as well as more software related items. Once I had released the ircDDB Gateway in Autumn 2010 he moved his repeater, then based on an Icom repeater stack, over to use it rather than Icom's G2 software. The next few years would see many more emails being eschanged as I enhanced my software and he suggested changes, reported bugs, etc. John came up with the idea for StarNet which is still included with the ircDDB Gateway. I first physically met John in 2014 as I was to attend Hamvention as a guest of NWDR, which was John and Bryan Hoyer at the time. We manned a booth at the old Hara arena, and despite being used to Ham Radio in Friedrickshafen, nothing could prepare me for the onslaught of Hamvention. I had a great time, and by the time that Sunday rolled around, I was burned out! Too much of a good thing I suppose. John backed off a bit with my software with the release of the MMDVM. He wasn't happy with me supporting purely commercial protocols like DMR. It was indeed ironic that I got my first DMR radio at that very Hamvention from Jerry Wanger of CSI, and I also crossed swords with the DMR-MARC guys, which strongly encouranged me to go down the route that would become the MMDVM a little while later. Since then I would see John at various shows, and then after Covid when things had more or less returned to normal, I saw him at Ham Radio in 2022, and 2023 manning the ARDC stand. I also saw him at Pacificon in October 2023 which would turn out to be the last time I saw him. We would sit and have long conversations about development work and potential projects. I was very much looking forward to seeing him at Hamvention in a few weeks. Rest in peace John, it was an honour to be your friend. Jonathan G4KLX -- Charles J. Hargrove - N2NOV NYC-ARECS/RACES Citywide Radio Officer/Skywarn Coord. NYC-ARECS/RACES Nets 441.100/136.5 PL ARnewsline Broadcast Mon. @ 8:00PM NYC-ARECS Weekly Net Mon. @ 8:30PM http://www.nyc-arecs.org NY-NBEMS Net Saturdays @ 10AM & USeast-NBEMS Net Wednesdays @ 7PM on 7.036 Mhz USB (alt 3.536)/1500 hz waterfall spot; MFSK-16 or 32 "Information is the oxygen of the modern age. It seeps through the walls topped by barbed wire, it wafts across the electrified borders." - Ronald Reagan "The more corrupt the state, the more it legislates." - Tacitus "Molann an obair an fear" - Irish Saying (The work praises the man.) "No matter how big and powerful government gets, and the many services it provides, it can never take the place of volunteers." - Ronald Reagan

7 months, 4 weeks

New Allocation - Question

by razvan＠yo6rzv.ro

Hello all, Has anybody else requested a new IPv4 subnet space allocation via BGP since the new portal has been released? I'm asking this because I've requested on 18th of this month a new one, and until today no answer or update on the ticket. I've tried to reach out to Chris directly, but I had no answer on my previous email. I'm just wondering if anybody else had it's request resolved, since I had another 1-2 tickets opened and resolved after 1-2 days, and this one is still unassigned and in the new state. I do apologize in advance if this is a stupid question, but since my other tickets were resolved "quickly", I thought to ask if somebody else had requested and received a response. Have a lovely weekend ahead and 73's! Thanks, Razvan - YO6RZV Web: https://yo6rzv.ro

7 months, 4 weeks

Encap file

by Lee D Bengston

Hello, If I use the line from the Wiki below in order to retrieve the file via API (and convert it back to the text forma), I get a parsing error - presumably from jq. If I download only the file taking jq out of the equation, it's not a json file, but rather, a HTML file. I assume that's why there's a parsing error when jq reads it. Is the info from the Wiki out of date? Thanks, Lee K5DAT curl -s https://user:key@portal.ampr.org/api/v1/encap | jq -r '.[] | "route addprivate \(.network)/\(.maskLength) encap \(.gatewayIP)"'

7 months, 4 weeks

501(c)3 Questions

by lleachii＠aol.com

Hello, Being a former director on two 501(c)3's (and who volunteered and heard nothing) - I took time to review the annual reports. I have some questions. Who would I direct those to? e.g. (but not limited to) - I noted the 501(c)3 annual report on the website did not note receipts/donations, only outgoing funds as "granting" "projects"- I'd like to see you Public Filings and any required by California - or the Regents System, etc. as applicable, etc.- Your 2023 IRS Form 990-PF not yet posted to your website - I await viewing it Thanks and 73, - LynwoodKB3VWG

7 months, 4 weeks

← Newer
1
...
8
9
10
11
12
13
14
...
317
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

44net