Changes in b5dc604: Fix some trivial language and formatting issues

				FAQ.md
			
          @@ -58,7 +58,7 @@ Prior to using ASNs in the new private ASN range 4200000000-4294967294 ([RFC6996

           By default, Docker overlaps with the entire DN42 range and then some. (172.16.0.0/12 == 172.16.0.0 - 172.31.255.255)

          -In order to prevent this, you need to supply a different subnet range to the Docker daemon. This can be done by creating or updating `/etc/docker/daemon.json` with something along the following (this will use 192.168.128.0/18 == 192.168.128.0 - 192.168.128.0 - 192.168.191.255)

          +In order to prevent this, you need to supply a different subnet range to the Docker daemon. This can be done by creating or updating `/etc/docker/daemon.json` with something along the following (this will use 192.168.128.0/18 == 192.168.128.0 - 192.168.191.255)

           ```json

           {

             "default-address-pools" : [

				howto/IPv6-Multicast.md
			
          @@ -99,7 +99,7 @@ $ ip -6 route add ff7e:230:fdd5:69d5:c530::/96 dev eth0 table local

           $ ping6 -t 16 ff7e:230:fdd5:69d5:c530::123

           ```

          -The "-t 16", a hop-limit of 16, is important here as **by default all multicast traffic is usually send with a hop-limit of just 1**.

          +The "-t 16", a hop-limit of 16, is important here as **by default all multicast traffic is usually sent with a hop-limit of just 1**.

           ---

				howto/nixos.md
			
          @@ -1,10 +1,10 @@

           # NixOS

          -NixOS is a declarative Linux distribution based on the Nix package Manager. In this post I'll explain how I setup dn42 in this environment. I currently only peer with wireguard and use bird2. NixOS uses configuration files to manage the system state and has a builtin container module.

          +NixOS is a declarative Linux distribution based on the Nix package Manager. In this post I'll explain how I set up dn42 in this environment. I currently only peer with wireguard and use bird2. NixOS uses configuration files to manage the system state and has a builtin container module.

           ## container disclaimer

          -I had a spare IPv4 Address so I decided to use a container without a NAT and keep my host "clean" from dn42 Wireguard Interfaces and IP routes. However it's pain full to debug since nixos-rebuild restarts the container on every minor change. So every time you change a firewall rule or debug a DNS setting nixos-rebuild restarts the container before the change takes effect and since BGP is BGP, it can be really frustrating. 

          +I had a spare IPv4 Address so I decided to use a container without a NAT and keep my host "clean" from dn42 Wireguard Interfaces and IP routes. However it's painful to debug since nixos-rebuild restarts the container on every minor change. So every time you change a firewall rule or debug a DNS setting nixos-rebuild restarts the container before the change takes effect and since BGP is BGP, it can be really frustrating.

           You may also want to have a look at this [Issue](https://github.com/NixOS/nixpkgs/issues/43652) and [Pull Request](https://github.com/NixOS/nixpkgs/pull/80169)

          @@ -26,7 +26,7 @@ containers.dn42 = {

               config = { config, pkgs, ... }: {

                   imports = [

                       ./peers # Folder with a config for every Peer

          -            ./dns.nix # Bind with the litschi.dn42 zone deligated

          +            ./dns.nix # Bind with the litschi.dn42 zone delegated

                       ./bird.nix # Bird config for BGP Routing

                       ./networking.nix # Static Network configuration (with firewall)

                       ./nginx.nix # nginx config for litschi.dn42

          @@ -65,7 +65,7 @@ containers.dn42 = {

           ### Network Setup 

          -As mentioned above, I got a spare public IPv4 Address, but by adding it as ```localAddress```, the container Part is configured static enough. But to forward traffic between Intferfaces ```/proc/sys/net/``` should configured

          +As mentioned above, I got a spare public IPv4 Address, but by adding it as ```localAddress```, the container Part is configured static enough. But to forward traffic between Interfaces the following ```/proc/sys/net/``` parameters should be configured:

           ```nix

           boot.kernel.sysctl = {

          @@ -73,7 +73,7 @@ boot.kernel.sysctl = {

               "net.ipv6.conf.all.forwarding" = 1;

           };

           ```

          -This allows our firewall to configure forwarding between peers and other tunnels. What is allowed to be forwarded can be configured in the firewall. Ferm has only few NixOS Options, but is pretty basic. Its configured with the ```services.ferm.config``` options, that contains just a string. Within this string there's standard plain ferm config. Example config is attached below. 

          +This allows our firewall to configure forwarding between peers and other tunnels. What is allowed to be forwarded can be configured in the firewall. Ferm has only few NixOS Options, but is pretty basic. It's configured with the ```services.ferm.config``` option, that contains just a string. Within this string there's standard plain ferm config. Example config is attached below.

           If the dn42 address is not bound at any other Interface, you need to add it to the lo Interface to use it as source IP when routing via peers with dedicated transfer net. 

           ```nix

           networking.interfaces.lo = {

          @@ -126,8 +126,8 @@ services.ferm = {

                           interface intern-+ outerface dn42-+ ACCEPT;

                           # but dn42 -> intern only with execptions

                           interface dn42-+ outerface intern-+ {

          -                    proto (ipv6-icmp icmp) ACCEPT; # Allow SSH Access from dn42 to devices behind intern-+ Interfaces

          -                    proto tcp dport (ssh) ACCEPT;

          +                    proto (ipv6-icmp icmp) ACCEPT;

          +                    proto tcp dport (ssh) ACCEPT; # Allow SSH Access from dn42 to devices behind intern-+ Interfaces

                               mod state state (ESTABLISHED) ACCEPT;

                           }

                       }

          @@ -138,7 +138,7 @@ services.ferm = {

           ### Peering with wireguard

          -Explained above, every peer gets a dedicated wireguard Interface and so a dedicated file. In the container config folder theres a peer subfolder and within a folder for dn42- (extern) Peers and intern- configs e.g. my Home Router or mobile devices. 

          +As explained above, every peer gets a dedicated wireguard Interface and so a dedicated file. In the container config folder there's a peer subfolder and within a folder for dn42- (extern) Peers and intern- configs e.g. my Home Router or mobile devices.

           A sample wireguard config may look like this:

           ```nix

          @@ -215,7 +215,7 @@ in

           ### Bird Looking Glass

          -There is now (thanks to [Tchekda](https://github.com/NixOS/nixpkgs/pull/153481)) a direct way to setup a looking glass for bird on Nixos. [Documentation](https://github.com/NixOS/nixpkgs/blob/3aab5ebd436023ca8343a84804d51cd227dd01dd/nixos/modules/services/networking/bird-lg.nix) and sample : 

          +There is now (thanks to [Tchekda](https://github.com/NixOS/nixpkgs/pull/153481)) a direct way to set up a looking glass for bird on Nixos. [Documentation](https://github.com/NixOS/nixpkgs/blob/3aab5ebd436023ca8343a84804d51cd227dd01dd/nixos/modules/services/networking/bird-lg.nix) and sample:

           ```nix

           bird-lg = {

          @@ -234,9 +234,8 @@ bird-lg = {

           ### Services

          -I also run services like a nameserver for .litschi.dn42 zones and a nginx webserver within this container. Since Host path for ```/var/www/dn42``` and ```/var/dns/dn42``` are booth binded into the container, zone config and e.g. website and be edited directly from Host without need the rebuild the hole container. 

          +I also run services like a nameserver for .litschi.dn42 zones and a nginx webserver within this container. Since Host paths for ```/var/www/dn42``` and ```/var/dns/dn42``` are both bound into the container, zone config and e.g. website can be edited directly from Host without rebuilding the whole container.

           ### Sample configuration

          -You can find a sample Wireguard + Bird configuration made by Tchekda ready for dn42 on [this](https://github.com/Tchekda/nixos-configuration/tree/master/llitt/dn42) repository

          -

          +You can find a sample Wireguard + Bird configuration made by Tchekda ready for dn42 in [this](https://github.com/Tchekda/nixos-configuration/tree/master/llitt/dn42) repository.

				services/New-DNS.md
			
          @@ -6,7 +6,7 @@ After frequent issues with the [Old Hierarchical DNS](/services/Old-Hierarchical

           # End Users

           It is **strongly recommended** to run your own resolver for security and privacy reasons. Setting it up and maintaining it should be easy, see [services/dns/Configuration](/services/dns/Configuration).

          -If running your own resolver is not possible or undesirable, you can choose one or more instances from [dns/recursive-servers.dn42 in the registry](https://git.dn42.dev/dn42/registry/src/master/data/dns/recursive-servers.dn42). Please make sure you fully understand the consequences and fully trust these operators.

          +If running your own resolver is not possible or desirable, you can choose one or more instances from [dns/recursive-servers.dn42 in the registry](https://git.dn42.dev/dn42/registry/src/master/data/dns/recursive-servers.dn42). Please make sure you fully understand the consequences and fully trust these operators.

           You can also use the globally anycasted a.recursive-servers.dn42 but you won't have any control over which instance you get. This is a **very bad idea** from a security standpoint.

...	...	@@ -99,7 +99,7 @@ $ ip -6 route add ff7e:230:fdd5:69d5:c530::/96 dev eth0 table local
99	99	$ ping6 -t 16 ff7e:230:fdd5:69d5:c530::123
100	100	```
101	101
102		-The "-t 16", a hop-limit of 16, is important here as by default all multicast traffic is usually send with a hop-limit of just 1.
	102	+The "-t 16", a hop-limit of 16, is important here as by default all multicast traffic is usually sent with a hop-limit of just 1.
103	103
104	104	---
105	105

...	...	@@ -58,7 +58,7 @@ Prior to using ASNs in the new private ASN range 4200000000-4294967294 ([RFC6996
58	58
59	59	By default, Docker overlaps with the entire DN42 range and then some. (172.16.0.0/12 == 172.16.0.0 - 172.31.255.255)
60	60
61		-In order to prevent this, you need to supply a different subnet range to the Docker daemon. This can be done by creating or updating `/etc/docker/daemon.json` with something along the following (this will use 192.168.128.0/18 == 192.168.128.0 - 192.168.128.0 - 192.168.191.255)
	61	+In order to prevent this, you need to supply a different subnet range to the Docker daemon. This can be done by creating or updating `/etc/docker/daemon.json` with something along the following (this will use 192.168.128.0/18 == 192.168.128.0 - 192.168.191.255)
62	62	```json
63	63	{
64	64	"default-address-pools" : [

...	...	@@ -1,10 +1,10 @@
1	1	# NixOS
2	2
3		-NixOS is a declarative Linux distribution based on the Nix package Manager. In this post I'll explain how I setup dn42 in this environment. I currently only peer with wireguard and use bird2. NixOS uses configuration files to manage the system state and has a builtin container module.
	3	+NixOS is a declarative Linux distribution based on the Nix package Manager. In this post I'll explain how I set up dn42 in this environment. I currently only peer with wireguard and use bird2. NixOS uses configuration files to manage the system state and has a builtin container module.
4	4
5	5	## container disclaimer
6	6
7		-I had a spare IPv4 Address so I decided to use a container without a NAT and keep my host "clean" from dn42 Wireguard Interfaces and IP routes. However it's pain full to debug since nixos-rebuild restarts the container on every minor change. So every time you change a firewall rule or debug a DNS setting nixos-rebuild restarts the container before the change takes effect and since BGP is BGP, it can be really frustrating.
	7	+I had a spare IPv4 Address so I decided to use a container without a NAT and keep my host "clean" from dn42 Wireguard Interfaces and IP routes. However it's painful to debug since nixos-rebuild restarts the container on every minor change. So every time you change a firewall rule or debug a DNS setting nixos-rebuild restarts the container before the change takes effect and since BGP is BGP, it can be really frustrating.
8	8
9	9	You may also want to have a look at this [Issue](https://github.com/NixOS/nixpkgs/issues/43652) and [Pull Request](https://github.com/NixOS/nixpkgs/pull/80169)
10	10
...	...	@@ -26,7 +26,7 @@ containers.dn42 = {
26	26	config = { config, pkgs, ... }: {
27	27	imports = [
28	28	./peers # Folder with a config for every Peer
29		- ./dns.nix # Bind with the litschi.dn42 zone deligated
	29	+ ./dns.nix # Bind with the litschi.dn42 zone delegated
30	30	./bird.nix # Bird config for BGP Routing
31	31	./networking.nix # Static Network configuration (with firewall)
32	32	./nginx.nix # nginx config for litschi.dn42
...	...	@@ -65,7 +65,7 @@ containers.dn42 = {
65	65
66	66	### Network Setup
67	67
68		-As mentioned above, I got a spare public IPv4 Address, but by adding it as ```localAddress```, the container Part is configured static enough. But to forward traffic between Intferfaces ```/proc/sys/net/``` should configured
	68	+As mentioned above, I got a spare public IPv4 Address, but by adding it as ```localAddress```, the container Part is configured static enough. But to forward traffic between Interfaces the following ```/proc/sys/net/``` parameters should be configured:
69	69
70	70	```nix
71	71	boot.kernel.sysctl = {
...	...	@@ -73,7 +73,7 @@ boot.kernel.sysctl = {
73	73	"net.ipv6.conf.all.forwarding" = 1;
74	74	};
75	75	```
76		-This allows our firewall to configure forwarding between peers and other tunnels. What is allowed to be forwarded can be configured in the firewall. Ferm has only few NixOS Options, but is pretty basic. Its configured with the ```services.ferm.config``` options, that contains just a string. Within this string there's standard plain ferm config. Example config is attached below.
	76	+This allows our firewall to configure forwarding between peers and other tunnels. What is allowed to be forwarded can be configured in the firewall. Ferm has only few NixOS Options, but is pretty basic. It's configured with the ```services.ferm.config``` option, that contains just a string. Within this string there's standard plain ferm config. Example config is attached below.
77	77	If the dn42 address is not bound at any other Interface, you need to add it to the lo Interface to use it as source IP when routing via peers with dedicated transfer net.
78	78	```nix
79	79	networking.interfaces.lo = {
...	...	@@ -126,8 +126,8 @@ services.ferm = {
126	126	interface intern-+ outerface dn42-+ ACCEPT;
127	127	# but dn42 -> intern only with execptions
128	128	interface dn42-+ outerface intern-+ {
129		- proto (ipv6-icmp icmp) ACCEPT; # Allow SSH Access from dn42 to devices behind intern-+ Interfaces
130		- proto tcp dport (ssh) ACCEPT;
	129	+ proto (ipv6-icmp icmp) ACCEPT;
	130	+ proto tcp dport (ssh) ACCEPT; # Allow SSH Access from dn42 to devices behind intern-+ Interfaces
131	131	mod state state (ESTABLISHED) ACCEPT;
132	132	}
133	133	}
...	...	@@ -138,7 +138,7 @@ services.ferm = {
138	138
139	139	### Peering with wireguard
140	140
141		-Explained above, every peer gets a dedicated wireguard Interface and so a dedicated file. In the container config folder theres a peer subfolder and within a folder for dn42- (extern) Peers and intern- configs e.g. my Home Router or mobile devices.
	141	+As explained above, every peer gets a dedicated wireguard Interface and so a dedicated file. In the container config folder there's a peer subfolder and within a folder for dn42- (extern) Peers and intern- configs e.g. my Home Router or mobile devices.
142	142
143	143	A sample wireguard config may look like this:
144	144	```nix
...	...	@@ -215,7 +215,7 @@ in
215	215
216	216	### Bird Looking Glass
217	217
218		-There is now (thanks to [Tchekda](https://github.com/NixOS/nixpkgs/pull/153481)) a direct way to setup a looking glass for bird on Nixos. [Documentation](https://github.com/NixOS/nixpkgs/blob/3aab5ebd436023ca8343a84804d51cd227dd01dd/nixos/modules/services/networking/bird-lg.nix) and sample :
	218	+There is now (thanks to [Tchekda](https://github.com/NixOS/nixpkgs/pull/153481)) a direct way to set up a looking glass for bird on Nixos. [Documentation](https://github.com/NixOS/nixpkgs/blob/3aab5ebd436023ca8343a84804d51cd227dd01dd/nixos/modules/services/networking/bird-lg.nix) and sample:
219	219
220	220	```nix
221	221	bird-lg = {
...	...	@@ -234,9 +234,8 @@ bird-lg = {
234	234
235	235	### Services
236	236
237		-I also run services like a nameserver for .litschi.dn42 zones and a nginx webserver within this container. Since Host path for ```/var/www/dn42``` and ```/var/dns/dn42``` are booth binded into the container, zone config and e.g. website and be edited directly from Host without need the rebuild the hole container.
	237	+I also run services like a nameserver for .litschi.dn42 zones and a nginx webserver within this container. Since Host paths for ```/var/www/dn42``` and ```/var/dns/dn42``` are both bound into the container, zone config and e.g. website can be edited directly from Host without rebuilding the whole container.
238	238
239	239	### Sample configuration
240	240
241		-You can find a sample Wireguard + Bird configuration made by Tchekda ready for dn42 on [this](https://github.com/Tchekda/nixos-configuration/tree/master/llitt/dn42) repository
242		-
	241	+You can find a sample Wireguard + Bird configuration made by Tchekda ready for dn42 in [this](https://github.com/Tchekda/nixos-configuration/tree/master/llitt/dn42) repository.

...	...	@@ -6,7 +6,7 @@ After frequent issues with the [Old Hierarchical DNS](/services/Old-Hierarchical
6	6	# End Users
7	7	It is strongly recommended to run your own resolver for security and privacy reasons. Setting it up and maintaining it should be easy, see [services/dns/Configuration](/services/dns/Configuration).
8	8
9		-If running your own resolver is not possible or undesirable, you can choose one or more instances from [dns/recursive-servers.dn42 in the registry](https://git.dn42.dev/dn42/registry/src/master/data/dns/recursive-servers.dn42). Please make sure you fully understand the consequences and fully trust these operators.
	9	+If running your own resolver is not possible or desirable, you can choose one or more instances from [dns/recursive-servers.dn42 in the registry](https://git.dn42.dev/dn42/registry/src/master/data/dns/recursive-servers.dn42). Please make sure you fully understand the consequences and fully trust these operators.
10	10
11	11	You can also use the globally anycasted a.recursive-servers.dn42 but you won't have any control over which instance you get. This is a very bad idea from a security standpoint.
12	12