Re: [Sks-devel] Running SKS keyserver on dynamic DNS

[Gabor Kiss]

Dear Pete,

> I already run one SKS keyserver, and am thinking of running a second.
> The caveat is that the public IP address of the second system
> periodically changes. When it does, the DNS name pointing to that
> system is updated automatically (typically within a few seconds).
> 
> How happily could SKS exist in such an environment?
> 
> I have two particular concerns:
> 
> 1. The instructions at
> <https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Peering> state
> that "You should explicitly set all public addresses used...". How can
> I effectively do this if the public address changes on occasion? How
> would things work if I instead listed the internal IPv4 address of the
> server (it's located behind a NAT router) and the public IPv6 address
> for the server in the sksconf file?
> 
> 2. How often would peers query DNS for updates to one's IP address? I

AFAIK every time the membership file is changed.

> don't mind brief loss-of-sync events when the IP address changes, but
> it'd be ideal if peers could adapt to updated IP addresses quickly.

I'm afraid SKS does not work like this.

Does IPv6 address also changes? If not you may own the the "First
IPv6 Only Key Server". It's a challenge for Kristian too. :-)

I suggest you to sync this server with your other one for
a few weeks. You will get useful experiences.

Cheers

Gabor