How-To
Services
Internal
Historical
External Tools
A Route Origination Authorization details which AS is authorised to advertise which originating IP prefixes. A ROA may also include prefix length information.
Resource Public Key Infrastructure is basically a framework for securing the routing infrastructure.
It provides a way to connect number resource information to a trust anchor.
The Resource Public Key Infrastructure (RPKI) to Router Protocol provides a way for a router to access RPKI validation information.
It provides the router with validity information regarding prefix origination:
On dn42 we generate ROA information from the dn42 registry.
ROA json/bird files can be generated using dn42regsrv.
It is also possible to integrate this with a RTR cache server such as gortr.
You can find a hosted example of dn42regsrv at https://explorer.burble.com/
Instructions on how to host dn42regsrv yourself can be found on the git repo of dn42regsrv.
You can also run dn42regsrv via docker (then available at 127.0.0.1:8042):
git checkout https://git.burble.com/burble.dn42/dn42regsrv.git .
cd contrib/docker
./build.sh
docker-compose up -d
Documentation for the api endpoints can be found here: https://git.burble.com/burble.dn42/dn42regsrv/src/master/API.md
burble kindly provides ready-to-use files for gortr here:
https://dn42.burble.com/roa/dn42_roa_46.json
You can use these to simply run gortr via docker:
docker run -ti -p 8082:8082 cloudflare/gortr -cache https://dn42.burble.com/roa/dn42_roa_46.json -verify=false -checktime=false -bind :8082
rtrtr is a RTR server from NLNet Labs. It's compatible with the dn42regsrv ROA-JSON or burbles provided one (https://dn42.burble.com/roa/dn42_roa_46.json) too.
NLNet Labs provides an official docker image. You just have to bind mount a suitable configuration file:
docker run -d -v /etc/rtrtr.conf:/etc/rtrtr.conf -p 323:323/tcp nlnetlabs/rtrtr -c /etc/rtrtr.conf
This is a working configuration file for dn42. Maybe change the listen addresses:
log_level = "debug"
log_target = "stderr"
http-listen = []
[units.dn42-json]
type = "json"
uri = "https://dn42.burble.com/roa/dn42_roa_46.json"
refresh = 600
[targets.dn42-rtr]
type = "rtr"
listen = ["0.0.0.0:323", "[::]:323"]
unit = "dn42-json"
For more information cosult the official documentation: https://rtrtr.docs.nlnetlabs.nl/en/stable/
DN42 Registry Wizard is a comprehensive tool for DN42 registry interactions. Unlike other solutions, it can parse the registry and host an RTR server all-in-one without requiring separate components.
# Clone the DN42 registry
git clone https://git.dn42.dev/dn42/registry.git
# Start RTR server directly from registry
./registry_wizard <path to registry> rtr
# Setup a cronjob to continously update the registry and notify registry_wizard
git fetch --all
git reset --hard origin/master
kill -SIGUSR1 "$(pidof 'registry_wizard')"
Usage: registry_wizard <registry_root> rtr [OPTIONS]
Options:
-p, --port <port> Port to listen on [default: 9323]
--refresh <refresh> RTR refresh timing [default: 3600]
--expire <expire> RTR expire timing [default: 7200]
--retry <retry> RTR retry timing [default: 600]
-h, --help Print help
TODO: Publish docker-compose-yml to git for gortr+dn42regsrv
You have to consult the documentation of your implementation for that. We will provide configuration examples on the specific pages.
Hosted by: BURBLE-MNT, GRMML-MNT, XUU-MNT, JAN-MNT, LARE-MNT, SARU-MNT, ANDROW-MNT, MARK22K-MNT | Accessible via: dn42, dn42.dev, dn42.eu, wiki.dn42.us, dn42.de (IPv6-only), dn42.cc (wiki-ng), dn42.wiki, dn42.pp.ua, dn42.obl.ong
Last edited by Anonymous, 2025-07-29 10:44:37