How-To
Services
Internal
Historical
External Tools
This page covers guidance and examples on using RPKI within DN42.
It is recommended to run your own RPKI validator, as this provides you with the most security and control over your routing decisions. However, to get started, or if running your own validator isn’t desirable, a public RPKI RTR server is available. The service supports full RPKI validation for all relevant DN42 and affiliated networks’ prefixes.
DN42’s RPKI RTR service endpoints are hosted by multiple operators. By configuring multiple RTR servers in your BGP daemon, you gain additional resiliency and improved validation coverage.
Server | Port | IPv4/IPv6 |
---|---|---|
rpki.akae.re | 8082 | both |
rpki.dn42.milu.moe | 8082 | both |
To configure the service, connect your BGP software’s RPKI client to one or more of these RTR servers.
protocol rpki roa_dn42_1 {
roa4 { table dn42_roa; };
roa6 { table dn42_roa_v6; };
remote "rpki1.example.com";
port 8082;
refresh 600;
retry 300;
expire 7200;
}
protocol rpki roa_dn42_2 {
roa4 { table dn42_roa; };
roa6 { table dn42_roa_v6; };
remote "rpki2.example.com";
port 8082;
refresh 600;
retry 300;
expire 7200;
}
docker run --name dn42rpki -p 8082:8282 --restart=always -d rpki/stayrtr -verify=false -checktime=false -cache=https://dn42.burble.com/roa/dn42_roa_46.json
services:
stayrtr:
image: rpki/stayrtr:latest
ports:
- "8082:8282"
command: >
-cache https://dn42.burble.com/roa/dn42_roa_46.json
Hosted by: BURBLE-MNT, GRMML-MNT, XUU-MNT, JAN-MNT, LARE-MNT, SARU-MNT, ANDROW-MNT, MARK22K-MNT | Accessible via: dn42, dn42.dev, dn42.eu, wiki.dn42.us, dn42.de (IPv6-only), dn42.cc (wiki-ng), dn42.wiki, dn42.pp.ua, dn42.obl.ong
Last edited by Anonymous, 2025-06-29 04:10:57