Not much details there. I see DNS updates are to be done by the coordinators. As they are volunteers, and as they may be very busy, this may not be compatible with a quick update required by a growing network
But you can be the volunteer yourself!
Our plans were to get a subnet large enough for our island, and to manage the "internal" subnetting locally.
You have presented your plans before, and here everyone is wary that a network on a comparatively small and rural territory like Corsica (330.000 inhabitants) only used by radio amateurs is not likely to be as large as you picture it. We all know about the difficulty in getting IPv4 space on internet, but using Net-44 space for a Wireless ISP that just happens to have a couple of radio amateurs in its admin team is not the way to go. So you will have to present convincing evidence that this is not what is going on.
I'm wondering about what would be the best solution :
- Use an independant domain name (ie, "radioamateur.tk")
- Use a subdomain of ampr.org (ie, "corsica.ampr.org"), with a
sub-delegation from the parent "ampr.org" domain In both solutions, we would have immediate access for local updates, on our local DNS servers.
Different networks prefer and use different solutions. Some use an independent domain, some use sub-delegated subdomains, others are directly under ampr.org. Each of them of course has advantages and disadvantages and each sees it in a different way.
On the Dutch network we put our addresses directly under .ampr.org and use the main DNS servers. For updating, I am using a script that automatically sends the updates to the server based on a local hosts file I update with newly assigned addresses. Whenever I run the script, which automatically happens once a day, the diff between the current and previous version is made and all changes are sent to the robot by mail, and appear in the global DNS some minutes later.
I also download the zone file and keep it locally for use when the internet connection fails. Systems using our local resolvers (44.137.0.1 and 44.137.0.2) still have .ampr.org resolution, for those addresses not sub-delegated.
This way I don't have to worry about providing DNS service on internet (which is a can of worms...) and still everyone has access to our names. Reverse also works, which is usually a problem on the independent networks.
Rob
Hi Rob, and thank you for your answer.
Le 05/04/2018 à 10:55, Rob Janssen a écrit :
But you can be the volunteer yourself!
That was my first approach, one year ago. As Corsica is a "separate" country in terms of ham radio, I first thought about asking for a dedicated subnet, and become the local coordinator for our island. I just received flames via private mails that had nothing to deal with technical arguments and hamradio. That made me stay with private addressing, which suits our needs. The only current drawback is the management of D-Star, DMR, XLX and other digital stuff, which require hacks such as dual adressing, NAT and so on.
But, after talking with DL5NGN and F6CNB, who operate big networks in Europe and France, I was told to forget NAT and private addresses, and to use hamnet addressing. Following their advice, I arranged a /23 subnet (44.168.80.0/23) with the coordinator. I'm now waiting for validation.
We all know about the difficulty in getting IPv4 space on internet, but using Net-44 space for a Wireless ISP that just happens to have a couple of radio amateurs in its admin team is not the way to go. So you will have to present convincing evidence that this is not what is going on.
We have two skilled network engineers, two data centers in the two main cities of the island, with plenty of free space, free transit over the public fiber backbone, free public IPs, BGP capabilities, access to high points, and free second hand hardware such as switches, Cisco routers, hp Proliant DL servers with RAID controllers, and many other things. And we have plenty of (unfortunalely, not hundreds of) HAM guys involved in repeaters, digital, contesting, remote station, etc... who are just waiting for extension of the IP backbone to their location.
I think many regions of the world don't have so much. Even the region of Paris does not actually have BGP capabilities (we are working together to share our data centers and informations for redundancy).
We already built the most important elements of our network with private addressing, and it works. We also have a lot of projects. We could just deploy sites with our current techniques (OpenWRT / OpenVPN) with private addressing. But, as said before, several skilled people in Europe convinced us to switch to hamnet addessing. That's what we are trying to do. Our current net is still working on private addressing, and we already started building a lab on separated VMs for hamnet addressing, firewalling, and BGP over our two data centers. We are now waiting for IPs...
This way I don't have to worry about providing DNS service on internet (which is a can of worms...) and still everyone has access to our names. Reverse also works, which is usually a problem on the independent networks.
We'll investigate that. I'd like to avoid opening DNS directly to Internet, even through firewalls and secure gateways.
73 de TK1BI
-
Rob Janssen -
Toussaint OTTAVI