[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Kristian is alvie :-)
|
From: |
Daniel Kahn Gillmor |
|
Subject: |
Re: [Sks-devel] Kristian is alvie :-) |
|
Date: |
Fri, 18 Mar 2011 13:45:52 -0400 |
|
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.15) Gecko/20110309 Icedove/3.1.9 |
On 03/18/2011 12:52 PM, Sebastian Urbach wrote:
> Got a mail from Kristian a few seconds ago. He sais something
> about hardware trouble.
perhaps this concept of the pool needs some or all of the following to
avoid future SPOFs:
0) hardware redundancy for the authoritative nameservers for
sks-keyservers.net
1) automated monitoring of the relevant NS records reported by the .net
zone, to make sure that those don't break
2) automated monitoring of the whois record for sks-keyservers.net (to
avoid DNS registration expiration)
3) automated monitoring of redundant nameservers for the zone, to make
sure that their returned data seems to match.
Kristian, i would happily offer zimmermann.mayfirst.org as a redundant
authoritative DNS server -- we'd just need to coordinate how the pool
gets published.
Or, i could use the same scripts you use to generate the zone and serve
it authoritatively. If you could point me to (or send me a copy of)
those scripts, i will go ahead and set up such an authoritative
nameserver on zimmermann.
Then you can inspect it, and (if you find it suitable) add it as an
additional namerserver for the sks-keyservers.net zone.
Thanks for all your work keeping this service going! hopefully we can
spread some of the responsibility around :)
Regards,
--dkg
signature.asc
Description: OpenPGP digital signature