Re: [Sks-devel] Running SKS keyserver on dynamic DNS

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] Running SKS keyserver on dynamic DNS

From:	Kristian Fiskerstrand
Subject:	Re: [Sks-devel] Running SKS keyserver on dynamic DNS
Date:	Wed, 27 Apr 2016 09:32:21 +0200
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.0

On 04/27/2016 06:45 AM, Gabor Kiss wrote:
> Dear Pete,
> 
>> I already run one SKS keyserver, and am thinking of running a second.
>> The caveat is that the public IP address of the second system
>> periodically changes. When it does, the DNS name pointing to that
>> system is updated automatically (typically within a few seconds).
>>
>> How happily could SKS exist in such an environment?
>>
>> I have two particular concerns:
>>
>> 1. The instructions at
>> <https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Peering> state
>> that "You should explicitly set all public addresses used...". How can
>> I effectively do this if the public address changes on occasion? How
>> would things work if I instead listed the internal IPv4 address of the
>> server (it's located behind a NAT router) and the public IPv6 address
>> for the server in the sksconf file?
>>
>> 2. How often would peers query DNS for updates to one's IP address? I
> 
> AFAIK every time the membership file is changed.

its more often than that with later versions of SKS (see [0] that landed
in 1.1.1)
> 
>> don't mind brief loss-of-sync events when the IP address changes, but
>> it'd be ideal if peers could adapt to updated IP addresses quickly.
> 
> I'm afraid SKS does not work like this.
> 

It does actually (for various definitions of quickly)

> Does IPv6 address also changes? If not you may own the the "First
> IPv6 Only Key Server". It's a challenge for Kristian too. :-)

We've had those before, but it is explicitly restricted in the pool

References
[0]
https://bitbucket.org/skskeyserver/sks-keyserver/commits/b46d923bfc9f478f8455ef6c56893193071f0992
-- 
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP key at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
Aquila non capit muscas
The eagle does not hunt flies

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Sks-devel] Running SKS keyserver on dynamic DNS, Pete Stephenson, 2016/04/26
- Re: [Sks-devel] Running SKS keyserver on dynamic DNS, Gabor Kiss, 2016/04/27
  - Re: [Sks-devel] Running SKS keyserver on dynamic DNS, Kristian Fiskerstrand <=
    - Re: [Sks-devel] Running SKS keyserver on dynamic DNS, Pete Stephenson, 2016/04/27
    - Re: [Sks-devel] Running SKS keyserver on dynamic DNS, Kristian Fiskerstrand, 2016/04/27
    - Re: [Sks-devel] Running SKS keyserver on dynamic DNS, Pete Stephenson, 2016/04/28
    - Re: [Sks-devel] Running SKS keyserver on dynamic DNS, Brian Minton, 2016/04/28
    - Re: [Sks-devel] Running SKS keyserver on dynamic DNS, Kristian Fiskerstrand, 2016/04/28

Prev by Date: Re: [Sks-devel] Running SKS keyserver on dynamic DNS
Next by Date: Re: [Sks-devel] Running SKS keyserver on dynamic DNS
Previous by thread: Re: [Sks-devel] Running SKS keyserver on dynamic DNS
Next by thread: Re: [Sks-devel] Running SKS keyserver on dynamic DNS
Index(es):
- Date
- Thread