On 04/27/2016 06:45 AM, Gabor Kiss wrote: > Dear Pete, > >> I already run one SKS keyserver, and am thinking of running a second. >> The caveat is that the public IP address of the second system >> periodically changes. When it does, the DNS name pointing to that >> system is updated automatically (typically within a few seconds). >> >> How happily could SKS exist in such an environment? >> >> I have two particular concerns: >> >> 1. The instructions at >> <https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Peering> state >> that "You should explicitly set all public addresses used...". How can >> I effectively do this if the public address changes on occasion? How >> would things work if I instead listed the internal IPv4 address of the >> server (it's located behind a NAT router) and the public IPv6 address >> for the server in the sksconf file? >> >> 2. How often would peers query DNS for updates to one's IP address? I > > AFAIK every time the membership file is changed.
its more often than that with later versions of SKS (see [0] that landed in 1.1.1) > >> don't mind brief loss-of-sync events when the IP address changes, but >> it'd be ideal if peers could adapt to updated IP addresses quickly. > > I'm afraid SKS does not work like this. > It does actually (for various definitions of quickly) > Does IPv6 address also changes? If not you may own the the "First > IPv6 Only Key Server". It's a challenge for Kristian too. :-) We've had those before, but it is explicitly restricted in the pool References [0] https://bitbucket.org/skskeyserver/sks-keyserver/commits/b46d923bfc9f478f8455ef6c56893193071f0992 -- ---------------------------- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk ---------------------------- Public OpenPGP key at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 ---------------------------- Aquila non capit muscas The eagle does not hunt flies
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
