Welcome to hivemind.dn42

This page has a public (iana) internet mirror, but its canonical hostname is: www.hivemind.dn42 available over dn42.

When this page is delivered over dn42, links are rewritten where possible to keep you within the network.

This is www.hivemind.dn42 maintained by HIVEMIND and served using a certificate signed by the dn42 CA and verifiable via DANE.

Anycast services are www for web, ns1 for authoritative domain and pingable for ICMP tests. Anycast DNS over UDP is configured with a consistent DNS cookie secret. Anycast TCP handles mid-connection destination changes with a netfilter queue of conntrack state INVALID packets and a user-space consumer that forwards them through a tunnel to the original server. We set net.netfilter.nf_conntrack_tcp_loose=0 so stray ACK packets aren't welcomed by the connection tracker.

All border routers are meshed using iBGP while internal routing is handled using OSPFv3. BGP routes must be RPKI valid. The router software is bird, and BGP communities are set for latency, bandwidth and encryption (but not route origin, because some of my peers then do things I don't understand). Everything is dual stack with a mixture of route-based IPsec via xfrm's if_id and wireguard. Reverse path filtering is loose.

The mail exchanger queen collects mail. For peering or whatever please contact me on tgarcia@hivemind.dn42 over dn42 (otherwise s/dn42/org/ if you prefer) or message Veri on IRC hackint. This is a learning experience, so please feel free to get in touch if it looks like I'm doing anything wrong.

You might be looking for felin.es.


Privacy policy: Your IP address is logged to improve the network and prevent abuse. Cookies are not used.