Re: [Sks-devel] New Server

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] New Server

From:	Kristian Fiskerstrand
Subject:	Re: [Sks-devel] New Server
Date:	Sat, 28 Apr 2012 17:59:37 +0200
User-agent:	Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20120312 Thunderbird/11.0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 28.04.2012 17:41, Jeffrey Johnson wrote:
> 

...

> There's also someinconsitency with "proper FQDN"  in
> sks-keyservers.net.
> 
> Let me provide you with details in the current status display.
> 
> I have 2 "public" SKS servers in the sense these were the names
> sent to other SKS operators for inclusion in the membership file: 
> keys.rpm5.org keys.n3npq.net Over time (and due to sloppy ad hoc
> sysadmin) the two active (i.e. running and up-to-date and active
> here) other DNS entries in your status pages are keys.rpm5.org ->
> keys.jbj.org keys.n3npq.net -> mashpee.jbj.org

It might help with some background information regarding how I'm doing
server discovery.

1) I start off with adding keys.kfwebs.net (and if that isn't
available, trying two other keyservers).

2) I iterate through the peer list of (1) and add the servers listed
to the queue. When a keyserver is added two records are set (i)
hostname from sksconf (ii) the actual DNS name that was found in the
peer list of (1), if these differ - it results in an AKA entry in the
meta page.

I repeat (2) recursively for all keyservers.

HOWEVER: While adding servers, if the server is already added, it is
simply discarded. That means that for a given server A that is also
accessible using B and C. If I find B in the peer list first, (i) = A,
(ii) = B. But it will not add C to (ii) as (i) is already in the list
(always the identifier) and the addition gets discarded. If I
want/need to do this, I need to construct a proper alias table
recording ALL, and that probably won't serve any purpose (except
getting correct cross-peering results - but this is mostly for
convenience to the server operators)

> 
> You are also carrying an entry for an older VM instance of 
> keys.n3npq.net -> keys.pmman.com I have no idea (nor interest)
> where that DNS record points currently.

keys.pmman.com shows up in the list due to being in the membership
file for
        * keyserver.kjsl.org    
        * keyserver.siccegge.de

This is of no issue, it just increase the list of servers not in the
pool. In the event that it actually did return a result it would be
added based on (i) from above, and not create a duplicate entry.

> 
> You are occasionally (not recently) picking up other *.jbj.org
> servers in the pool. That's perfectly okay with me, but perhaps not
> what you/others want.

This should be corrected with the change to using sksconf Hostname, so
shouldn't be an issue going forwards.

- -- 
- ----------------------------
Kristian Fiskerstrand
http://www.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Corruptissima re publica plurimæ leges
The greater the degeneration of the republic, the more of its laws
- ----------------------------
This email was digitally signed using the OpenPGP
standard. If you want to read more about this
The book: Sending Emails - The Safe Way: An
introduction to OpenPGP security is now
available in both Amazon Kindle and Paperback
format at
http://www.amazon.com/dp/B006RSG1S4/
- ----------------------------
Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJPnBPoAAoJEBbgz41rC5UI7Z8QAJ0BFB7+kz47tcY5mwIGRGgn
k8nqswGFS0KLBLZgT6PxSUnBAyWuFSrFhJVfAxkdAKFzNxaKLcT6GnWXRyRkmNW9
PuhFlKg2gLenzSi5eAwr+q4IZql5/MnPINvJfKSzLHyW8fm5YKHTkqnI8v0oOHZe
YFZ+0pg6U8za7hPfdZZazdAyRQzp8GbiYBo+78ZWTfdL06bPiUnse5kFP+8CqlYl
YvhN1TPJX7QtIwYX2wvnCNaLRHC9U4I4O9xN29OC6LGi8D2vZoU1lDES63Ns93xp
KWw2jAfLeqSypmrO5BApgSkn8drUrlsoQmfwMpU+7NzUMw6CE2NgtcLQDR45i0W/
ajcc1ZOSY0uaD7iMykqWC1uXEYX0hyxCpNkWXCpTQqDq9iJ6R90jHqh8ICySFtra
13M40thkwi98JHRpk8BDduqRn8yyO05giDcXH3TfcOXWijzF4jjHK7qIpBUN6+AC
nMnnmveqSPO7mQK3eLyqQUqx4rkN80QEQllWUwe7IF4Yv2juY91wSQhJw7uVkvHb
BIqE4zW0cv7+sEbV9XDUyxwLZcnWzuX46XzdMTSJPaqZHITYQ8omGEVwC+ToSHPb
3wZins5Klg7X3qiArSJv3ZvwCejisQsBP5AxK0Vkw+7UBGiBs01TtZGQ5qsQ9Gx0
n6XBlbT+L5ZMBHYSA0bV
=r7jY
-----END PGP SIGNATURE-----

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Sks-devel] Reverse Proxy, (continued)
- Re: [Sks-devel] New Server, Jeffrey Johnson, 2012/04/28
  - Re: [Sks-devel] New Server, Kristian Fiskerstrand, 2012/04/28
    - Re: [Sks-devel] New Server, Jeffrey Johnson, 2012/04/28
    - Re: [Sks-devel] New Server, Kristian Fiskerstrand, 2012/04/28
    - Re: [Sks-devel] New Server, Kristian Fiskerstrand, 2012/04/28
    - Re: [Sks-devel] New Server, Jeffrey Johnson, 2012/04/28
    - Re: [Sks-devel] New Server, Kristian Fiskerstrand <=
  - [Sks-devel] RFE for sks-keyservers.net (was Re: New Server), Jeffrey Johnson, 2012/04/28
    - Re: [Sks-devel] RFE for sks-keyservers.net (was Re: New Server), Kristian Fiskerstrand, 2012/04/28
    - Re: [Sks-devel] RFE for sks-keyservers.net (was Re: New Server), Kristian Fiskerstrand, 2012/04/28
    - Re: [Sks-devel] RFE for sks-keyservers.net (was Re: New Server), Kristian Fiskerstrand, 2012/04/28

Prev by Date: Re: [Sks-devel] New Server
Next by Date: Re: [Sks-devel] RFE for sks-keyservers.net (was Re: New Server)
Previous by thread: Re: [Sks-devel] New Server
Next by thread: [Sks-devel] RFE for sks-keyservers.net (was Re: New Server)
Index(es):
- Date
- Thread