services/RPKI

  • Search
  • Home
  • All
  • Files
  • History
  • Latest Changes
  • Home

    • Getting Started
    • Registry Authentication
    • Address Space
    • BGP communities
    • FAQ
  • How-To

    • Wireguard
    • Openvpn
    • IPsec With Public Keys
    • Tinc
    • GRE on FreeBSD
    • GRE on OpenBSD
    • IPv6 Multicast (PIM-SM)
    • SSM Multicast
    • MPLS
    • Bird2
    • FRRouting
    • OpenBGPD
    • Mikrotik RouterOS
    • EdgeRouter
    • Static routes on Windows
    • Universal Network Requirements
    • VyOS
    • NixOS
  • Services

    • IRC
    • Whois registry
    • DNS
    • RPKI
    • IX Collection
    • Public DNS
    • Looking Glasses
    • Automatic Peering
    • Repository Mirrors
    • Distributed Wiki
    • Certificate Authority
    • Route Collector
    • Registry
  • Internal

    • Internal services
    • Interconnections
    • APIs
    • Show and Tell
    • Historical services
  • Historical

    • Bird 1
    • Quagga
  • External Tools

    • Paste Board
    • HedgeDoc
    • Git Repositories
    • Registry

dn42

DN42 RPKI

This page covers guidance and examples on using RPKI within DN42.

Quick Start

It is recommended to run your own RPKI validator, as this provides you with the most security and control over your routing decisions. However, to get started, or if running your own validator isn’t desirable, a public RPKI RTR server is available. The service supports full RPKI validation for all relevant DN42 and affiliated networks’ prefixes.

Using Public RPKI Services

DN42’s RPKI RTR service endpoints are hosted by multiple operators. By configuring multiple RTR servers in your BGP daemon, you gain additional resiliency and improved validation coverage.

Server Port IPv4/IPv6
rpki.akae.re 8082 both
rpki.dn42.milu.moe 8082 both

To configure the service, connect your BGP software’s RPKI client to one or more of these RTR servers.

Example Configuration (Bird 2)

protocol rpki roa_dn42_1 {
        roa4 { table dn42_roa; };
        roa6 { table dn42_roa_v6; };
        remote "rpki1.example.com";
        port 8082;
        refresh 600;
        retry 300;
        expire 7200;
}

protocol rpki roa_dn42_2 {
        roa4 { table dn42_roa; };
        roa6 { table dn42_roa_v6; };
        remote "rpki2.example.com";
        port 8082;
        refresh 600;
        retry 300;
        expire 7200;
}

Running Your Own RPKI Server

With Docker

docker run --name dn42rpki -p 8082:8282 --restart=always -d rpki/stayrtr -verify=false -checktime=false -cache=https://dn42.burble.com/roa/dn42_roa_46.json

With Docker Compose

services:
  stayrtr:
    image: rpki/stayrtr:latest
    ports:
      - "8082:8282"
    command: >
      -cache https://dn42.burble.com/roa/dn42_roa_46.json

Hosted by: BURBLE-MNT, GRMML-MNT, XUU-MNT, JAN-MNT, LARE-MNT, SARU-MNT, ANDROW-MNT, MARK22K-MNT | Accessible via: dn42, dn42.dev, dn42.eu, wiki.dn42.us, dn42.de (IPv6-only), dn42.cc (wiki-ng), dn42.wiki, dn42.pp.ua, dn42.obl.ong

Last edited by Anonymous, 2025-06-29 04:10:57