[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Sks-devel] Issue caused by recon process using IP address instead of ho
|
From: |
Rob Debouter |
|
Subject: |
[Sks-devel] Issue caused by recon process using IP address instead of hostname |
|
Date: |
Tue, 13 Jun 2017 14:24:38 -0400 |
Hello,
I might be having an issue with key replication from my new node and don't
believe I'm the only one.
A month ago before my node [1] was setup, I had posted an updated key through
one of the SKS pool nodes. I don't know which server the key was actually
posted to. After several hours, the key had not replicated to any of the other
servers in the pool. I ended up picking a specific server, uploaded the same
key and it started appearing on other servers after about 10 minutes. Today,
I'm seeing the same issue with my own node. If I understand the recon
replication process, it might be related to my reverse proxy and possibly
others out there.
If I understand the recon process correctly, it reads the peers from the
membership file, performs a DNS lookup to retrieve the IP and uses the IP
address for all communications. The TCP connection from client to server is
done on port 11370, receives a list possible key changes by hash values and the
client then attempts to connect to the server by IP:11371.
In my case, my reverse proxy returns an http 400 - invalid hostname response
during the recon process. I'm using [2] as a reverse proxy instead of
something local on my node because it's a Raspberry Pi 3 and I didn't want to
take resources away from SKS. I'm also already using this reverse proxy for
other applications so I'm using it for SKS as well.
Since the recon process is sending my peers to IP:11371, my peers are not able
to retrieve any new or updated keys from my node. My node is now asking and
retrieving the same (old) key from my peers every few minutes because the key
hash changed when it was updated. Luckily I saw it today with only one key and
not a month from now with 100 keys.
Is there a setting somewhere that I can set to tell my peers' recon process to
use the hostname of my node instead of IP address when connecting to port 11371?
If not, is there any chance of adding something to correct this?
For now, I have removed my reverse proxy from the path of port 11371 so I don't
annoy my peers. This has allowed my peers to grab the new and updated keys
from my server. Hopefully there is a way to resolve this other than setting up
another device to act as a reverse proxy for SKS.
[1] http://sks.funkymonkey.org:11371/pks/lookup?op=stats
[2]
https://docs.microsoft.com/en-us/windows-server/remote/remote-access/web-application-proxy/web-application-proxy-windows-server
Thanks.
Rob D
pgppEwbdNi1_2.pgp
Description: PGP signature
- [Sks-devel] Issue caused by recon process using IP address instead of hostname,
Rob Debouter <=