[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Fwd: Re: [Sks-devel] Alternative to round-robin (was Re: pool.sks-k
From: |
David Shaw |
Subject: |
Re: [Fwd: Re: [Sks-devel] Alternative to round-robin (was Re: pool.sks-keyservers.net having trouble?)] |
Date: |
Mon, 5 Apr 2010 16:50:45 -0400 |
On Apr 5, 2010, at 4:04 PM, Kristian Fiskerstrand wrote:
> David Shaw wrote, On 04/05/2010 09:25 PM:
>> On Apr 1, 2010, at 12:30 AM, Jonathan Oxer wrote:
>>
>>> On Thu, 2010-04-01 at 00:13 -0400, Daniel Kahn Gillmor wrote:
>>>
>>> Sorry I can't answer your other questions, but I just had a look in
>>> db.log and found ...
>>>
>>>> * How often
>>>> do you see queries?
>>> ...about 10k queries / day to keys.keysigning.org, which is in that
>>> pool. I assume that since the pool is using round-robin DNS the number
>>> should be pretty similar for all machines in the list.
>>
>> Speaking of round robining - recent versions of GnuPG support more than
>> straight round robin. If you want to express more complex things like
>> weighting certain servers more heavily (because they have better
>> connectivity or hardware, for example), you can do that with a SRV DNS
>> record.
>>
>> This doesn't remove the need for the current pool of A records, as not all
>> software supports the SRV yet, but it is supported in GnuPG 1.4.10 and
>> 2.0.13 if anyone wants to play with it. As a nice side-benefit, the SRV
>> record allows you to run the keyserver on ports other than 11371 and have
>> GnuPG automatically hit the right port without having to be configured
>> specifically.
>>
>> David
>>
>>
>
> [Resending with a proper sender address]
>
> Sounds like a good idea to have such a weighting.. I just have to figure
> out a way to actually differentiate between the keyservers. Easiest I
> guess is a manual relative comparison - but anyone have a better idea?
>
> For now I just added srv records to the pool with equal weights
>
> #############
>
> address@hidden Download]$ dig ANY _hkp._tcp.pool.sks-keyservers.net
> ;; Truncated, retrying in TCP mode.
>
> ; <<>> DiG 9.6.0a1 <<>> ANY _hkp._tcp.pool.sks-keyservers.net
This is good, but note the tag is _pgpkey-http._tcp.xxxxx (as per
http://www.dns-sd.org/ServiceTypes.html)
GPG also understands _pgpkey-https.
David
- [Fwd: Re: [Sks-devel] Alternative to round-robin (was Re: pool.sks-keyservers.net having trouble?)], Kristian Fiskerstrand, 2010/04/05
- Re: [Fwd: Re: [Sks-devel] Alternative to round-robin (was Re: pool.sks-keyservers.net having trouble?)],
David Shaw <=
- Re: [Fwd: Re: [Sks-devel] Alternative to round-robin (was Re: pool.sks-keyservers.net having trouble?)], Kristian Fiskerstrand, 2010/04/05
- Re: [Fwd: Re: [Sks-devel] Alternative to round-robin (was Re: pool.sks-keyservers.net having trouble?)], David Shaw, 2010/04/06
- Re: [Fwd: Re: [Sks-devel] Alternative to round-robin (was Re: pool.sks-keyservers.net having trouble?)], Jeff Johnson, 2010/04/06
- Re: [Fwd: Re: [Sks-devel] Alternative to round-robin (was Re: pool.sks-keyservers.net having trouble?)], David Shaw, 2010/04/06
- Re: [Fwd: Re: [Sks-devel] Alternative to round-robin (was Re: pool.sks-keyservers.net having trouble?)], Jeff Johnson, 2010/04/06
- Re: [Fwd: Re: [Sks-devel] Alternative to round-robin (was Re: pool.sks-keyservers.net having trouble?)], David Shaw, 2010/04/06