[Sks-devel] Running a non-pool keyserver & identifying offline peers

[Pete Stephenson]

Dear all,

I have two questions regarding running a keyserver:

1. Is it possible to run an SKS keyserver that stays in sync with the
pool, without actually being a member of the pool and responding to
public queries?

That is, I (as of yesterday) operate a public keyserver that is part of
the pool. In addition, I want to operate a local, private keyserver for
testing purposes. This server should stay in sync with my public
keyserver (and thus the rest of the pool) but which is not available to
the public and which does not show up on the keyserver status page at
<https://sks-keyservers.net/status/> (or other similar pages).

I could simply set the firewall on the private system to only permit
recon connections from the public server, but it would still show up in
the public server's membership file, and thus in the public stats page.

Is there a way to have the public and private systems stay in sync, but
privately?

2. I have recently observed lines such as the following appearing in my
recon.log:

2014-08-01 07:21:36 <recon as client> error in callback.:
Sys_error("Connection reset by peer")
2014-08-01 07:23:38 <recon as client> error in callback.: Unix error:
Connection refused - connect()

I assume this means that a remote keyserver peer is offline or otherwise
not responding to recon attempts. However, the recon log does not
indicate which peer is not responding, which makes diagnosing the issue
a bit difficult.

Is there a way of determining which peer(s) are having issues?

Cheers!
-Pete