[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Running SKS keyserver on dynamic DNS
From: |
Kristian Fiskerstrand |
Subject: |
Re: [Sks-devel] Running SKS keyserver on dynamic DNS |
Date: |
Wed, 27 Apr 2016 09:32:21 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.0 |
On 04/27/2016 06:45 AM, Gabor Kiss wrote:
> Dear Pete,
>
>> I already run one SKS keyserver, and am thinking of running a second.
>> The caveat is that the public IP address of the second system
>> periodically changes. When it does, the DNS name pointing to that
>> system is updated automatically (typically within a few seconds).
>>
>> How happily could SKS exist in such an environment?
>>
>> I have two particular concerns:
>>
>> 1. The instructions at
>> <https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Peering> state
>> that "You should explicitly set all public addresses used...". How can
>> I effectively do this if the public address changes on occasion? How
>> would things work if I instead listed the internal IPv4 address of the
>> server (it's located behind a NAT router) and the public IPv6 address
>> for the server in the sksconf file?
>>
>> 2. How often would peers query DNS for updates to one's IP address? I
>
> AFAIK every time the membership file is changed.
its more often than that with later versions of SKS (see [0] that landed
in 1.1.1)
>
>> don't mind brief loss-of-sync events when the IP address changes, but
>> it'd be ideal if peers could adapt to updated IP addresses quickly.
>
> I'm afraid SKS does not work like this.
>
It does actually (for various definitions of quickly)
> Does IPv6 address also changes? If not you may own the the "First
> IPv6 Only Key Server". It's a challenge for Kristian too. :-)
We've had those before, but it is explicitly restricted in the pool
References
[0]
https://bitbucket.org/skskeyserver/sks-keyserver/commits/b46d923bfc9f478f8455ef6c56893193071f0992
--
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP key at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
Aquila non capit muscas
The eagle does not hunt flies
signature.asc
Description: OpenPGP digital signature
- [Sks-devel] Running SKS keyserver on dynamic DNS, Pete Stephenson, 2016/04/26
- Re: [Sks-devel] Running SKS keyserver on dynamic DNS, Gabor Kiss, 2016/04/27
- Re: [Sks-devel] Running SKS keyserver on dynamic DNS,
Kristian Fiskerstrand <=
- Re: [Sks-devel] Running SKS keyserver on dynamic DNS, Pete Stephenson, 2016/04/27
- Re: [Sks-devel] Running SKS keyserver on dynamic DNS, Kristian Fiskerstrand, 2016/04/27
- Re: [Sks-devel] Running SKS keyserver on dynamic DNS, Pete Stephenson, 2016/04/28
- Re: [Sks-devel] Running SKS keyserver on dynamic DNS, Brian Minton, 2016/04/28
- Re: [Sks-devel] Running SKS keyserver on dynamic DNS, Kristian Fiskerstrand, 2016/04/28