diff --git a/projects/alamesh/dn42_notes.md b/projects/alamesh/dn42_notes.md
new file mode 100644
index 0000000..d3811bf
--- /dev/null
+++ b/projects/alamesh/dn42_notes.md
@@ -0,0 +1,53 @@
+# A big dynamic VPN
+
+dn42 is essentially what we want to setup, albeit much, much larger.
+
+They use tunnels for the peering (OpenVPN, WireGuard, GRE, etc), BGP for routing, and private AS numbers.
+
+We can cannibalize most of what they have; I'll summarize here.
+
+# Requirements
+
+* One router running 24/7. Any linux box can be turned into a router (even OpenWRT home routers!).
+* Can establish a tunnel. Not too hard, but dn42 does not that that traffic may be filtered.
+* Are generally knowledgable about networking (_right_, right, _yep_, definitely). They mainly say
+you should have _heard of_ BGP/routing and are willing to set things up.
+
+# Actually connecting
+
+There's a [registry](https://git.dn42.dev/dn42/registry) that needs some "objects" in it. It's just a git repo! So we
+can essentially just copy them or be inspired by them (don't need things to be automated that heavily just yet).
+
+I didn't want to create an account to look at the repo just yet, but here's a summary from the page.
+
+There are:
+* **maintainer** objects, which are authenticated which only you can edit.
+* **person** objects, which describe people or orgs (too much for us for now).
+* **resource** objects, which are AS numbers, subnets, DNS zones, etc. The meat and potatoes of what we're doing.
+
+Auth is done through SSH or PGP keys and it looks like it's checked on each commit. I guess resource objects are just
+signed by a special key and that's it...? We can use our peering keys for this if we want (bad idea?).
+
+So in order you:
+* Create a **maintainer** object that has auth keys.
+* Create a **person** object. I think we'd skip this.
+* Choose and register an **AS number**. We should choose an empty range and just use values in there.
+* Register an **IPv6** prefix.
+* Create a **route** object which let's you announce your prefix to others. This is I believe more of an auth
+step, so it may not be as necessary for us. (?)
+
+Now you just need to peer!
+* Just means you need to establish tunnels.
+
+Then you gotta speak BGP with your peers. They have a [guide](https://wiki.dn42.us/howto/Bird) for bird
+that we will probably heavily use. Doesn't look too bad... (right)
+
+Then you just need to configure DNS. They recommend hosting your own for security and privacy reasons. We can think
+about what we want to do. We could use anycast and have some DNS reliablity, that'd be pretty interesting.
+
+# Conclusion
+
+Seems pretty doable! Definitely should manually peer for now with a couple of us, then maybe spec out some way to 
+automate peering and go from there.
+
+Time to get a cheap linux box in some cloud now...
\ No newline at end of file