DRAFT Release notes for IRRD 4.5.0¶
NRTMv4¶
IRRD 4.5 adds support for NRTMv4, a new IRR mirroring protocol based on JSON-ish files over HTTPS. It is now the recommended method of mirroring to/from other databases. It is more reliable, secure, detects errors, has less opportunities for misconfiguration, and recovers automatically from loss of synchronisation.
A single IRRD instance can mix NRTMv3, NRTMv4 and authoritative databases, so gradual upgrades are possible. There are several new settings to enable NRTMv4. You will also need to be aware of key management. For all details, see the mirroring documentation.
New irt and organisation object classes¶
The irt and organisation object classes were added. This means that
in authoritative databases, users can now create these objects, and IRRD
will include these objects when mirroring other sources.
By default, support for these classes is enabled.
To restore the old behaviour, you can use the
sources.{name}.object_class_filter
setting, which now also applies
to authoritative databases.
You can query the templates using the -t
whois query or see all
supported classes in the GraphQL schema.
New Prometheus metrics¶
A Prometheus-compatible metrics page
was added to the HTTP server in IRRD, on /metrics/
.
This page is only accessible to IPs configured
in the access list set in the server.http.status_access_list
setting.
Other changes¶
The
sources.{name}.object_class_filter
setting can now also be used to restrict permitted changes to authoritative objects.The setting
sources.{name}.authoritative_retain_last_modified
was added to skip updating last-modified in authoritative databases, and retain the original value (if any) instead.Deleted objects no longer have to meet all strict validation requirements. This makes it easier to delete objects created under a legacy IRRD that do not meet current validation requirements. Authentication requirements have not been changed.
The
sources.{name}.nrtm_query_serial_days_limit
setting was added to limit the age of the oldest serial that can be requested over NRTMv3.The
irrd_update_database
command now starts counting serials from the serial provided to a previousirrd_load_database
.The combination of
readonly_standby
andsources.{name}.export_destination
is explicitly invalid in the configuration.The
sources.{name}.authoritative_non_strict_mode_dangerous
setting was added, to force an authoritative database into non-strict mode. As it’s name notes, this disables many checks and all referential integrity and is therefore strongly discouraged.