diff --git a/.github/actions/setup/action.yml b/.github/actions/setup/action.yml
index 8f3f6391..d8fa2e45 100644
--- a/.github/actions/setup/action.yml
+++ b/.github/actions/setup/action.yml
@@ -67,6 +67,6 @@ runs:
         path: |
           orchestrator/clickhouse/data/udp.csv
           orchestrator/clickhouse/data/tcp.csv
-        key: iana-cache-${{ hashFiles('Makefile', 'nix/ianaServiceNamesHash.txt') }}-${{ github.run_id }}
+        key: iana-cache-${{ hashFiles('Makefile', 'flake.lock') }}-${{ github.run_id }}
         restore-keys: |
-          iana-cache-${{ hashFiles('Makefile', 'nix/ianaServiceNamesHash.txt') }}-
+          iana-cache-${{ hashFiles('Makefile', 'flake.lock') }}-
diff --git a/.github/workflows/update-nix-flake-lock.yml b/.github/workflows/update-nix-flake-lock.yml
index 7d17ec08..cf85e494 100644
--- a/.github/workflows/update-nix-flake-lock.yml
+++ b/.github/workflows/update-nix-flake-lock.yml
@@ -15,6 +15,7 @@ jobs:
         source:
           - nixpkgs
           - asn2org
+          - iana-assignments
     steps:
       - uses: actions/checkout@v5
         with:
diff --git a/flake.lock b/flake.lock
index 80a51b69..303d8f09 100644
--- a/flake.lock
+++ b/flake.lock
@@ -35,6 +35,22 @@
         "type": "github"
       }
     },
+    "iana-assignments": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1761359241,
+        "narHash": "sha256-Q/bkxeQJFELXd+4Ma50PliUimIPiMBeGhC6nFUUDOzc=",
+        "owner": "larseggert",
+        "repo": "iana-assignments",
+        "rev": "597006e11311b3ebee998d86ab862955c5e7d6ce",
+        "type": "github"
+      },
+      "original": {
+        "owner": "larseggert",
+        "repo": "iana-assignments",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1760164275,
@@ -53,6 +69,7 @@
       "inputs": {
         "asn2org": "asn2org",
         "flake-utils": "flake-utils",
+        "iana-assignments": "iana-assignments",
         "nixpkgs": "nixpkgs"
       }
     },
diff --git a/flake.nix b/flake.nix
index 67f0243d..5cebff30 100644
--- a/flake.nix
+++ b/flake.nix
@@ -6,8 +6,12 @@
       url = "github:vincentbernat/asn2org/gh-pages";
       flake = false;
     };
+    iana-assignments = {
+      url = "github:larseggert/iana-assignments";
+      flake = false;
+    };
   };
-  outputs = { self, nixpkgs, flake-utils, asn2org }:
+  outputs = { self, nixpkgs, flake-utils, asn2org, iana-assignments }:
     flake-utils.lib.eachDefaultSystem (system:
       let
         pkgs = import nixpkgs {
@@ -42,17 +46,15 @@
             cp -r ../data/frontend $out/data
           '';
         };
-        ianaServiceNames = pkgs.fetchurl {
-          url = "https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.csv";
-          hash = l.readFile ./nix/ianaServiceNamesHash.txt;
-          # There are many bogus changes in this file. To avoid updating the
-          # hash too often, filter the lines with a service name and a port.
-          downloadToTemp = true;
-          postFetch = ''
-            < $downloadedFile > $out \
-            awk -F, '(NR == 1) {print} ($0 !~ "^ " && $1 != "" && $2 != "" && ($3 == "tcp" || $3 == "udp")) {print}'
-          '';
-        };
+        ianaServiceNames = pkgs.runCommand "service-names-port-numbers.csv" {} ''
+          > $out echo name,port,protocol
+          >> $out \
+          ${pkgs.xmlstarlet}/bin/xmlstarlet sel -t -m "_:registry/_:record[_:name and _:number]" \
+            -v _:name -o , \
+            -v _:number -o , \
+            -v _:protocol -o , -n \
+            ${iana-assignments}/service-names-port-numbers/service-names-port-numbers.xml
+        '';
         backend = pkgs.buildGoModule.override { inherit go; } {
           doCheck = false;
           name = "akvorado";
@@ -103,15 +105,9 @@
                           | ${pkgs.gnused}/bin/sed -nE "s/\s+got:\s+(sha256-.*)/\1/p")
               [[ -z "$sha256" ]] && echo $oldSha256 || echo $sha256 > nix/npmDepsHash.txt
             '';
-            update-ianaServiceNamesHash = ''
-              sha256=$(2>&1 nix build --no-link .#ianaServiceNames \
-                          | ${pkgs.gnused}/bin/sed -nE "s/\s+got:\s+(sha256-.*)/\1/p")
-              [[ -z "$sha256" ]] || echo $sha256 > nix/ianaServiceNamesHash.txt
-            '';
             update = ''
               ${update-vendorHash}
               ${update-npmDepsHash}
-              ${update-ianaServiceNamesHash}
             '';
             # Run nix build depending on TARGETPLATFORM value (for Docker).
             build = ''
@@ -130,7 +126,7 @@
           };
 
         packages = {
-          inherit backend frontend ianaServiceNames;
+          inherit backend frontend;
           default = backend;
         } // (l.optionalAttrs (system == "x86_64-linux")
           (l.attrsets.listToAttrs (l.lists.map
diff --git a/nix/ianaServiceNamesHash.txt b/nix/ianaServiceNamesHash.txt
deleted file mode 100644
index 8c7c2ad5..00000000
--- a/nix/ianaServiceNamesHash.txt
+++ /dev/null
@@ -1 +0,0 @@
-sha256-MMTJRwpFEvXDHxp+OXbpwTa6aUNd0JXvR6KMwymKiTo=