Hosting

doxx.net was desinged to host full apps and appliations on the 10.0.0.0/8 subnet. You can register domains, sign certificates, and create dns records on .doxx.

Creating and Managing SSL Certificates with doxx.net

Table of Contents

  1. Managing DNS Records and Domains
  2. Creating SSL Certificates via a0x13.doxx.net Portal
  3. Creating SSL Certificates via API
  4. Setting up doxx.net Client as a System Service
  5. Advanced Routing Configuration with -no-routing

1. Managing DNS Records and Domains

Registering Domains

You can register .doxx domains through either the a0x13.doxx.net portal or via API.

Domains do not expire, but you can transfer them to another doxx.net token. There is no whohis service so domains are only registered to the token that creates them.

Via Portal

  1. Access Domain Registration

    • Log into a0x13.doxx.net
    • Click “Register New Domain”
    • Enter your desired domain name (without .doxx)

  2. Domain Requirements

    • Must be 3-63 characters long
    • Can contain letters (a-z), numbers (0-9), and hyphens
    • Cannot start or end with a hyphen
    • Cannot contain consecutive hyphens

Via API

  1. Check Domain Availability
curl -X POST https://setup.doxx.net/ \
    -d "token=YOUR_TOKEN" \
    -d "check_domain=yourdomain"
  1. Register Domain
curl -X POST https://setup.doxx.net/ \
    -d "token=YOUR_TOKEN" \
    -d "register_domain=yourdomain" \
    -d "years=1"

Managing DNS via Portal

  1. Access DNS Management

    • Log into a0x13.doxx.net
    • Select your domain
    • Click “Manage DNS Records”

  2. Adding DNS Records

    • Click “Add Record” button
    • Select record type (A, CNAME, MX, or TXT)
    • Enter record details:
      • Name: Subdomain or @ for root
      • Content: IP address or target
      • TTL: Time to live (default: 3600)

  3. Common DNS Configurations

Website Hosting

# A record for root domain
Type: A
Name: @
Content: 10.1.2.3  # Your doxx.net VPN IP

# CNAME for www subdomain
Type: CNAME
Name: www
Content: yourdomain.doxx.

Email Configuration

# MX record for email
Type: MX
Name: @
Content: mail.yourdomain.doxx.
Priority: 10

# A record for mail server
Type: A
Name: mail
Content: 10.1.2.3  # Your mail server's IP

Managing DNS via API

  1. List DNS Records
curl -X POST https://setup.doxx.net/ \
    -d "token=YOUR_TOKEN" \
    -d "domain=yourdomain.doxx" \
    -d "list_dns=1"
  1. Add DNS Record
curl -X POST https://setup.doxx.net/ \
    -d "token=YOUR_TOKEN" \
    -d "domain=yourdomain.doxx" \
    -d "add_dns=1" \
    -d "name=www" \
    -d "type=A" \
    -d "content=10.1.2.3" \
    -d "ttl=3600"
  1. Delete DNS Record
curl -X POST https://setup.doxx.net/ \
    -d "token=YOUR_TOKEN" \
    -d "domain=yourdomain.doxx" \
    -d "delete_dns=1" \
    -d "record_id=12345"

DNS Propagation

After making DNS changes:

  • Changes typically propagate within 5 minutes on doxx.net network
  • Use dig @10.10.10.10 yourdomain.doxx to verify records
  • The doxx.net DNS system (10.10.10.10) will always have the most current records

DNS Security Features

  1. DNSSEC

    • Automatically enabled for all .doxx domains
    • No additional configuration required
    • Managed by doxx.net infrastructure

  2. DNS Filtering

    • Built-in protection against DNS-based attacks
    • Automatic blocking of known malicious domains
    • Enable additional filtering with -block-bad-dns flag

  3. Query Logging

    • Available in Security Console
    • Shows all DNS queries and responses
    • Helps identify potential security issues

2. Creating SSL Certificates via a0x13.doxx.net Portal

Prerequisites

  • A registered domain on doxx.net
  • Access to a0x13.doxx.net portal
  • OpenSSL installed on your system

Steps to Generate and Sign Certificates

  1. Generate Your Private Key and CSR
# Generate private key
openssl genrsa -out yourdomain.key 2048

# Create CSR
openssl req -new -key yourdomain.key -out yourdomain.csr \
    -subj "/CN=yourdomain.doxx" \
    -addext "subjectAltName = DNS:yourdomain.doxx"

# (Optional) Verify CSR contents
openssl req -in yourdomain.csr -text -noout
  1. Sign Certificate Using Portal
    • Log into a0x13.doxx.net
    • Click “Sign Certificate” button
    • Select your domain from the dropdown
    • Paste your CSR content
    • Submit the form

3. Creating SSL Certificates via API

# Sign certificate using API
curl -X POST https://setup.doxx.net/ \
    -d "token=YOUR_TOKEN" \
    -d "domain=yourdomain.doxx" \
    -d "sign_cert=1" \
    -d "csr=$(cat yourdomain.csr)"

4. Setting up doxx.net Client as a System Service

Creating Systemd Service File

  1. Create the service file:
sudo nano /etc/systemd/system/doxx.net.service
  1. Add the following content:
[Unit]
Description=doxx.net VPN Client
After=network-online.target
Wants=network-online.target

[Service]
Type=simple
ExecStart=/usr/local/bin/doxx.net -server tcp-encrypted.mia.us.doxx.net:443 -token YOUR_TUNNEL_TOKEN
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target
  1. Enable and start the service:
sudo systemctl daemon-reload
sudo systemctl enable doxx.net
sudo systemctl start doxx.net
  1. Check service status:
sudo systemctl status doxx.net

5. Advanced Routing Configuration with -no-routing

When using the -no-routing flag, you’ll need to manually configure routes to maintain connectivity with doxx.net services while controlling which traffic goes through the VPN.

Basic Setup with -no-routing

  1. Modify your systemd service file to include the -no-routing flag:
[Service]
ExecStart=/usr/local/bin/doxx.net -server tcp-encrypted.mia.us.doxx.net:443 -token YOUR_TUNNEL_TOKEN -no-routing
  1. Add the required route for doxx.net services:
# Get your doxx.net VPN IP (usually shows when connecting)
# Example: Connected: 10.1.2.3 -> tcp-encrypted.mia.us.doxx.net:443

# Add route for all doxx.net internal services (10.0.0.0/8)
sudo ip route add 10.0.0.0/8 via 10.1.2.3

# For Windows:
route ADD 10.0.0.0 MASK 255.0.0.0 10.1.2.3
  1. Create a routing script:
#!/bin/bash
# /usr/local/bin/doxx-routes.sh

# Wait for VPN connection
sleep 5

# Get VPN IP (adjust grep pattern as needed)
VPN_IP=$(ip addr show dev doxx0 | grep 'inet ' | awk '{print $2}' | cut -d/ -f1)

# Add route for doxx.net services
ip route add 10.0.0.0/8 via $VPN_IP

# Add any other routes you want to go through VPN
# Example: Route specific subnet through VPN
# ip route add 192.168.1.0/24 via $VPN_IP
  1. Update systemd service to use routing script:
[Service]
ExecStart=/usr/local/bin/doxx.net -server tcp-encrypted.mia.us.doxx.net:443 -token YOUR_TUNNEL_TOKEN -no-routing
ExecStartPost=/usr/local/bin/doxx-routes.sh

Common Use Cases

  1. Split Tunneling: Route only specific traffic through VPN
# Route specific subnet through VPN
ip route add 192.168.1.0/24 via $VPN_IP

# Route specific host through VPN
ip route add 192.168.1.100/32 via $VPN_IP
  1. Selective Privacy: Choose which applications use VPN
# Route specific ports through VPN
ip route add 192.168.1.0/24 via $VPN_IP table 100
ip rule add fwmark 1 table 100
iptables -t mangle -A OUTPUT -p tcp --dport 80 -j MARK --set-mark 1

Troubleshooting

  1. Check Routes:
ip route show
ip route show table all
  1. Verify Connectivity:
# Test doxx.net connectivity
ping 10.1.0.1

# Check route being used
traceroute 10.1.0.1
  1. Common Issues:
  • If you lose connection to doxx.net services, verify the 10.0.0.0/8 route is present
  • If routes disappear after reboot, ensure the routing script is being executed
  • Check systemd logs: journalctl -u doxx.net -f

Remember to replace YOUR_TUNNEL_TOKEN with your actual tunnel token from a0x13.doxx.net portal.

Last updated on 1 Jan 2024
Published on 1 Jan 2024