sks-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Fwd: Re: [Sks-devel] Alternative to round-robin (was Re: pool.sks-keyse

From: Kristian Fiskerstrand
Subject: [Fwd: Re: [Sks-devel] Alternative to round-robin (was Re: pool.sks-keyservers.net having trouble?)]
Date: Mon, 05 Apr 2010 22:04:26 +0200
User-agent: Thunderbird 2.0.0.12 (X11/20080305) 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

David Shaw wrote, On 04/05/2010 09:25 PM:
> On Apr 1, 2010, at 12:30 AM, Jonathan Oxer wrote:
>
>> On Thu, 2010-04-01 at 00:13 -0400, Daniel Kahn Gillmor wrote:
>>
>> Sorry I can't answer your other questions, but I just had a look in
>> db.log and found ...
>>
>>> * How often
>>> do you see queries?
>> ...about 10k queries / day to keys.keysigning.org, which is in that
>> pool. I assume that since the pool is using round-robin DNS the number
>> should be pretty similar for all machines in the list.
>
> Speaking of round robining - recent versions of GnuPG support more than 
> straight round robin.  If you want to express more complex things like 
> weighting certain servers more heavily (because they have better connectivity 
> or hardware, for example), you can do that with a SRV DNS record.
>
> This doesn't remove the need for the current pool of A records, as not all 
> software supports the SRV yet, but it is supported in GnuPG 1.4.10 and 2.0.13 
> if anyone wants to play with it.  As a nice side-benefit, the SRV record 
> allows you to run the keyserver on ports other than 11371 and have GnuPG 
> automatically hit the right port without having to be configured specifically.
>
> David
>
>

[Resending with a proper sender address]

Sounds like a good idea to have such a weighting.. I just have to figure
out a way to actually differentiate between the keyservers. Easiest I
guess is a manual relative comparison - but anyone have a better idea?

For now I just added srv records to the pool with equal weights

#############

address@hidden Download]$ dig ANY _hkp._tcp.pool.sks-keyservers.net
;; Truncated, retrying in TCP mode.

; <<>> DiG 9.6.0a1 <<>> ANY _hkp._tcp.pool.sks-keyservers.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18403
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 15, AUTHORITY: 2, ADDITIONAL: 5

;; QUESTION SECTION:
;_hkp._tcp.pool.sks-keyservers.net. IN  ANY

;; ANSWER SECTION:
_hkp._tcp.pool.sks-keyservers.net. 28800 IN SRV 0 50000 11371
keys.wuschelpuschel.org.
_hkp._tcp.pool.sks-keyservers.net. 28800 IN SRV 0 50000 11371
keyserver.ccc-hanau.de.
_hkp._tcp.pool.sks-keyservers.net. 28800 IN SRV 0 50000 11371
keyserver.fabbione.net.
_hkp._tcp.pool.sks-keyservers.net. 28800 IN SRV 0 50000 11371
keyserver.noreply.org.
_hkp._tcp.pool.sks-keyservers.net. 28800 IN SRV 0 50000 11371
keyserver.rainydayz.org.
_hkp._tcp.pool.sks-keyservers.net. 28800 IN SRV 0 50000 11371
keyserver.stack.nl.
_hkp._tcp.pool.sks-keyservers.net. 28800 IN SRV 0 50000 11371 pgp.net.nz.
_hkp._tcp.pool.sks-keyservers.net. 28800 IN SRV 0 50000 11371
pgp.rediris.es.
_hkp._tcp.pool.sks-keyservers.net. 28800 IN SRV 0 50000 11371
pgp.ugcs.caltech.edu.
_hkp._tcp.pool.sks-keyservers.net. 28800 IN SRV 0 50000 11371
pgp.uni-mainz.de.
_hkp._tcp.pool.sks-keyservers.net. 28800 IN SRV 0 50000 11371 sks.es.net.
_hkp._tcp.pool.sks-keyservers.net. 28800 IN SRV 0 50000 11371
sks.karotte.org.
_hkp._tcp.pool.sks-keyservers.net. 28800 IN SRV 0 50000 11371 sks.pkqs.net.
_hkp._tcp.pool.sks-keyservers.net. 28800 IN SRV 0 50000 11371 key.adeti.org.
_hkp._tcp.pool.sks-keyservers.net. 28800 IN SRV 0 50000 11371
keys.kfwebs.net.

;; AUTHORITY SECTION:
sks-keyservers.net.     28800   IN      NS      ns2.kfwebs.net.
sks-keyservers.net.     28800   IN      NS      ns1.kfwebs.net.

;; ADDITIONAL SECTION:
keys.kfwebs.net.        86400   IN      A       213.161.224.2
keys.kfwebs.net.        86400   IN      AAAA    2001:16d8:ee30::4
ns1.kfwebs.net.         38105   IN      A       213.161.224.2
ns2.kfwebs.net.         30782   IN      A       84.215.23.53
ns2.kfwebs.net.         21182   IN      AAAA
2001:16d8:ee3d:ee30:219:b9ff:fed6:4db8

;; Query time: 0 msec
;; SERVER: 192.168.0.6#53(192.168.0.6)
;; WHEN: Mon Apr  5 22:01:18 2010
;; MSG SIZE  rcvd: 745





- --
- ----------------------------
Kristian Fiskerstrand
address@hidden
http://www.sumptuouscapital.com
- ----------------------------
Veni vidi velcro
I came, I saw, I got stuck
- ----------------------------
This email was digitally signed using the OpenPGP
standard. If you want to read more about this, visit:
http://www.secure-my-email.com
- ----------------------------
Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (GNU/Linux)

iQIcBAEBCAAGBQJLukJKAAoJEAt/i2Dj7frjmiMQAJnd7aEdtihjOE2KTjdLIZ+q
1IddWZJB7ie/koicSyFS94QZwVRBrXxBOo50G5fNBDFaJAcN6FJZgU0E+ydC7d72
5wORsG+fVtiTcKHDXnGC692qMT4oP2hj1l3uX/Fm/vAdVUs4SBJqLsmWdAXviuvz
1NgFghtc0XXYzITM4db+e5Jzo3NmX3R5ReS2z0wonVQe3hj51vqqSnbihwmJuotB
CrmYOnRHDo25ruduxAzH1XpSGP0G0EyFY5k2YEGSNqNglrMmqCSMf2PddPbqVeIU
4xtCj2C6NDKvFnqEgXKxT6ki+AwGkXqNukB78bGrXPW2vLiRkr5Tuu2il5f9E7Vy
nHbasJV8un1Uo+myIYYdHuhxmf10og3jt6M18e/tTBKYy0J/rWHKogNt63EiDiES
fJdFbs5/a4CxPfanNoLmGe8/L6x9EbsWxPBAMO5AhU+FQt+KT5hfCGZrs0uWNjgF
w3xKIC77g2GeHMygyUDJ5Sd3B89F+2aFKZP4qavYzWeDmTdbxOj40pJBW1drcpv9
bUF9IeHlJW0o/rDBByyVVIWdRpK8UMuZFzs3Ec3aQjRBi8b2dok2HDUXLNo3Ncwr
nmgOBwbJxOTTWcOqykh+POWjNMSoiICgxVvgkXK2Hv96qCmrhtfI3oug6SEUsKKv
O7uHDIsQ6rPymgz3BKxn
=YrW8
-----END PGP SIGNATURE-----
reply via email to
[Prev in Thread] Current Thread [Next in Thread]