Service discovery (was Re: [Sks-devel] pool.sks-keyservers.net DNS unres

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Service discovery (was Re: [Sks-devel] pool.sks-keyservers.net DNS unres

From:	David Shaw
Subject:	Service discovery (was Re: [Sks-devel] pool.sks-keyservers.net DNS unresponsive?)
Date:	Mon, 6 Jul 2009 12:04:32 -0400

On Jul 2, 2009, at 11:31 PM, Phil Pennock wrote:

On 2009-07-02 at 14:00 -0400, Daniel Kahn Gillmor wrote:
I appear to be getting no A records for pool.sks-keyservers.net.this
seems like a Bad Thing.
is anyone else seeing this? it's forcing my nameservice resolutiontofall back to IPv6, which is link-local only for a number of mymachines
which don't have connections to any of the IPv6 tunnel brokers.
I see it too.
FWIW, which isn't that much, if you want a temporary workaround youcan
use keys.sks.pool.globnix.net -- however, that makes no attempt to
subset the results, so DNS will fall back to TCP.  It does not include
1.0.10 servers.  There's also keys.ipv4.sks.pool.globnix.net and
keys.ipv6.sks.pool.globnix.net.  I didn't bother coming up with nicer
names as this was just me exploring what I could do and coming up with
names which exist but aren't so likely to be memorable and detractfrom
the existing pools.

On the subject of the various "pool" keyserver addresses, I'm workingon (re) adding SRV support to GPG using DNS service discovery. Thiswill allow for a much richer pool description, as it is possible togroup servers in tiers and also to weight servers within a given tier,unlike the current system which is strictly round-robin. (You can saythings like "Here are 10 servers, grouped in 3 tiers of 3, plus anadditional tier of 1. Pick such-and-such server from such-and-suchtier 50% of the time, and the other two in that tier 25% of the timeeach. Only go to the next tier if everything in the initial tier isdown."). It means that the pool creator can bias the server choicetowards faster/better-connected machines. Also useful is that itallows servers to run on something other than port 11371 withouthaving to tell everyone about the new port as the service discoveryreturns the port as part of the lookup.


David

[Prev in Thread]

Current Thread

[Next in Thread]

[Sks-devel] pool.sks-keyservers.net DNS unresponsive?, Daniel Kahn Gillmor, 2009/07/02
- Re: [Sks-devel] pool.sks-keyservers.net DNS unresponsive?, Joseph Oreste Bruni, 2009/07/02
  - Re: [Sks-devel] pool.sks-keyservers.net DNS unresponsive?, Daniel Kahn Gillmor, 2009/07/02
- Re: [Sks-devel] pool.sks-keyservers.net DNS unresponsive?, Phil Pennock, 2009/07/02
  - Service discovery (was Re: [Sks-devel] pool.sks-keyservers.net DNS unresponsive?), David Shaw <=
    - Re: Service discovery (was Re: [Sks-devel] pool.sks-keyservers.net DNS unresponsive?), Daniel Kahn Gillmor, 2009/07/06
    - Re: Service discovery (was Re: [Sks-devel] pool.sks-keyservers.net DNS unresponsive?), David Shaw, 2009/07/06
    - Re: Service discovery (was Re: [Sks-devel] pool.sks-keyservers.net DNS unresponsive?), Daniel Kahn Gillmor, 2009/07/06

Prev by Date: Re: [Sks-devel] On-demand SKS Statistics Generation?
Next by Date: Re: [Sks-devel] [Fwd: Re: pgp.mit.edu upgrading to SKS]
Previous by thread: Re: [Sks-devel] pool.sks-keyservers.net DNS unresponsive?
Next by thread: Re: Service discovery (was Re: [Sks-devel] pool.sks-keyservers.net DNS unresponsive?)
Index(es):
- Date
- Thread