Re: [Sks-devel] pool.sks-keyservers.net having trouble?

Wed, 31 Mar 2010 21:45:42 -0700 

Couple thoughts, first of all if you have several machines doing regular 
queries you might look into running a local keyserver for your servers to sync 
off of.. if thats not a possibility you might locate your closest server and 
point it at them.

Another idea might be run your own DNS pool to your select servers, give you 
the benefits of hitting multiple servers but still the control over which 
actual servers get hit. If you doing a TON of queries to a single server you 
might let the admin know your intentions before hand. 

You can use many external tools such as netstat to see your local/remote socket 
connections, just look for something hitting a remote hkp port.

I serve on average ~16.5k keys a day but I haven't been in the 
sks-keyservers.net pool for some time now.. I am running 2 keyservers and load 
balancing across the both of them, this is mainly for high-avability as the 
load impact of a single keyserver is minimal.

Good Luck,
-R


On Mar 31, 2010, at 10:13 PM, Daniel Kahn Gillmor wrote:

> hey folks--
> 
> i have some machines which make regular queries against
> pool.sks-keyservers.net using gpg, and report when those queries fail
> (return a non-zero status).
> 
> I've noticed intermittent failures from pool.sks-keyservers.net (gpg
> returns status code 2) over the last few days, but i'm not sure which IP
> addresses are actually queried in the failed queries.
> 
> FWIW, the queries are all exact matches. that is, they use the form:
> 
>  --search ='Full User ID <u...@example.net>'
> 
> So i guess i'm wondering about a few things:
> 
> * is anyone else seeing the same behavior?
> 
> * does anyone know of a way to get gpg to report the actual IP
> addresses queried?  (this is happening with both gpg 1.4.9 and 1.4.10)
> 
> * are any keyserver operators doing client rate-limiting or something
> similar which might respond poorly to a batch of closely-spaced requests?
> 
> * what kind of reliability do folks expect from this pool?  How often
> do you see queries?
> 
> Regards,
> 
>       --dkg
> 
> _______________________________________________
> Sks-devel mailing list
> Sks-devel@nongnu.org
> http://lists.nongnu.org/mailman/listinfo/sks-devel

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Attachment: PGP.sig
Description: This is a digitally signed message part

_______________________________________________
Sks-devel mailing list
Sks-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/sks-devel

Reply via email to