Setup and Configure IRRd 2.3.6 on Fedora 13

IRRd 2.3.6 on Fedora 13

Install Fedora 13 fresh, and use a “minimal/minimum install”

Once Fedora has installed, log in as root, and configure and turn up the network interface

Install the fastest mirror plugin for yum, gcc, flex, make, byacc, and wget, mlocate, telnet, bison, xinetd, mailx, jwhois, and man, then update everything.

yum install yum-plugin-fastestmirror -y
yum install gcc flex make byacc wget mlocate telnet bison xinetd mailx jwhois man -y
yum update -y

download and un tar/gunzip the irr daemon to root’s home dir

cd ~
wget http://www.irrd.net/irrd2.3.9.tgz
tar -zxf irrd2.3.9.tgz

configure, make, and install the irr daemon

cd irrd2.3.9/src
./configure
make
make install

copy the irrd.conf.sample to /etc/irrd.conf and open it for editing

uncomment the “password” line and change the password (default is foo, this is a cleartext value)

!
password testpass123
uii_port 5673
!

comment out the radb mirroring

!
!irr_database radb mirror whois.radb.net 43
!

change the default db to something more attractive

!
irr_database switchnap authoritative
!

save the config

edit /etc/services and add the following lines

# IRRd Service Port
irrd 5673/tcp

create a pgp directory somewhere

mkdir /var/spool/irr_database/.pgp

add the following line to /etc/irrd.conf

pgp_dir /var/spool/irr_database/.pgp

using the ~/irrd2.3.6/src/irr_util/crypt_gen program, generate an encrypted override password

~/irrd2.3.6/src/irr_util/crypt_gen test (where test is the password you want to use)
encrypted passwd is "pfHKv25Fdk7bA"

now add the following line to the end of your /etc/irrd.conf

override_cryptpw pfHKv25Fdk7bA

finally add the dbadmin’s email to the /etc/irrd.conf

db_admin db-admin@yourdomain.com

start the irrd daemon

/usr/local/sbin/irrd

add the following line to /etc/aliases

# IRRd Auto Submit
auto-dbm: "|/usr/local/sbin/irr_rpsl_submit"

then save and close the file, and run the following command

[root@irrd irr_util]# newaliases
/etc/aliases: 77 aliases, longest 65 bytes, 838 bytes total

create /etc/xinetd.d/irr_rpsl_submit-stream and populate it with the following:

service irr_rpsl_submit
{
# This is for quick on or off of the service
disable		= no

# The next attributes are mandatory for all services
id		= irr_rpsl_submit-stream
type		= UNLISTED
wait		= no
socket_type	= stream
#	protocol	=  socket type is usually enough

# External services must fill out the following
user		= root
#	group		=
server		= /usr/local/sbin/irr_rpsl_submit
server_args	= -D

# External services not listed in /etc/services must fill out the next one
port		= 8888

# RPC based services must fill out these
#	rpc_version	=
#	rpc_number	=

# Logging options
#	log_type	=
#	log_on_success	=
#	log_on_failure	=

# Networking options
#	flags		=
#	bind		=
#	redirect	=
#	v6only		=

# Access restrictions
#	only_from	=
#	no_access	=
#	access_times	=
#	cps		= 50 10
#	instances	= UNLIMITED
#	per_source	= UNLIMITED
#	max_load	= 0
#	deny_time	= 120
#	mdns		= yes

# Environmental options
#	env		=
#	passenv		=
#	nice		= 0
#	umask		= 022
#	groups		= yes
#	rlimit_as	=
#	rlimit_cpu	=
#	rlimit_data	=
#	rlimit_rss	=
#	rlimit_stack	=

# Banner options. (Banners aren't normally used)
#	banner		=
#	banner_success	=
#	banner_fail	=
}

then restart xinetd

service xinetd restart

now we have to add irr_rpsl_submit to the allowed sendmail programs

cd /etc/smrsh
ln -s /path/to/irr_rpsl_submit
service sendmail restart

now test, it should function!

09/28/2010
Phil Pillera <ppillera [ a t ] gmail [ d o t ] com>