Difference between revisions of "Research:Beacon"

From sanctions
Line 5: Line 5:
  
 
==== Domain Beacon ====
 
==== Domain Beacon ====
We have registered two domain names for this purpose: [http://sanctions-beacon.net sanctions-beacon.net] and [http://sanctions-beacon.com sanctions-beacon.com]. Each will be set up to host the necessary responders, on two different independent network connections, using IP addresses not in any of our beacon IP address blocks. We will presumably need to get TLS certs for them as well.  Because these should be blocked by name ''and not'' by number, we will also host positive beacons on the same servers (which should be visible, although resources identified by the beacon domains should ''not'' be visible).  Depending upon the decision of the policy group on the matter of [[Policy:More Specific Domains|more specific domain names]], we may also want to host separate beacons on more-specific subdomains, c.f. http://more-specific.sanctions-beacon.net.
+
As of March 27, 2022, we have two domain name beacons. They are:
 +
{{plainlist|
 +
* [https://lookup.icann.org/lookup?q=sanctions-beacon.net&t=a sanctions-beacon.net]
 +
* [https://lookup.icann.org/lookup?q=sanctions-beacon.com&t=a sanctions-beacon.com]
 +
}}
 +
 
 +
Each will be set up to host the necessary responders, on two different independent network connections, using IP addresses not in any of our beacon IP address blocks. We will presumably need to get TLS certs for them as well.  Because these should be blocked by name ''and not'' by number, we will also host positive beacons on the same servers (which should be visible, although resources identified by the beacon domains should ''not'' be visible).  Depending upon the decision of the policy group on the matter of [[Policy:More Specific Domains|more specific domain names]], we may also want to host separate beacons on more-specific subdomains, c.f. http://more-specific.sanctions-beacon.net.
  
 
==== IPv4 Beacon ====
 
==== IPv4 Beacon ====

Revision as of 15:09, 7 April 2022

The design of the beacon which will be used to verify operation and reach of the program is currently underway on the mailing list, and will be described here when it reaches stable consensus. It is intended to allow independent verification of IPv4 and IPv6 routing and domain name resolution, and to be robust against orthogonal DNSSEC validation errors.

Generally, our goal is to use two of each type of beacon, on independent and unrelated infrastructure, with one strobing on a one-hour period.

Domain Beacon

As of March 27, 2022, we have two domain name beacons. They are:

Each will be set up to host the necessary responders, on two different independent network connections, using IP addresses not in any of our beacon IP address blocks. We will presumably need to get TLS certs for them as well. Because these should be blocked by name and not by number, we will also host positive beacons on the same servers (which should be visible, although resources identified by the beacon domains should not be visible). Depending upon the decision of the policy group on the matter of more specific domain names, we may also want to host separate beacons on more-specific subdomains, c.f. http://more-specific.sanctions-beacon.net.

IPv4 Beacon

As of April 5, RIPE has contacted ARIN's 8.4 transfer group and initiated the transfer of our two /24s.

IPv6 Beacon

As of April 7, 2022, we've received the two independent IPv6 /48 beacon subnets that we applied for. They are:

ASN Beacon

As of April 5, 2022, we've received both the 16-bit and 32-bit beacon ASNs we requested. They are:

Retrieved from "https://wiki.sanctions.net/index.php?title=Research:Beacon&oldid=279"
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.