Re: [Sks-devel] Re: IPv6 SKS Pool
Ok.. I've worked a bit on sks-keyservers.net lately and added some IPv6 checking. Anyone care to test the ipv6.pool.sks-keyservers.net pool? I also added IPv6 flag at http://www.sks-keyservers.net/status/ Hopefully it works a bit better now than last time :) Folks, Until SKS has no native IPv6 support you can run this command in the background: socat TCP6-LISTEN:hkp,ipv6only=1,reuseaddr,fork \ TCP4:YOUR.SERVERS.NAME.OR.IPV4.ADDRESS:hkp This will listen on IPv6 hkp port and redirects incoming TCP connection to IPv4 port. Gabor ___ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel
[Sks-devel] Re: IPv6 SKS Pool
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Ryan Hunt wrote, On 10/17/2008 07:50 AM: First, thanks to everyone who peered w/me, had no idea I'd get as many responses and so quickly. Neat community here. Anyhow, I dug through all the SKS servers I could find and found a total of 5 (including myself) Syncing KeyServers that support IPv6. I put all those servers into a pool and setup my monitoring software to keep an eye on them encase a server disappears, allowing me to ensure the pool only contains active hosts. the address for this IPv6 only pool is: x-hks://pool.ipv6.keys.nayr.net pool.ipv6.keys.nayr.net has IPv6 address 2001:470:1f05:429:420:420:420:420 pool.ipv6.keys.nayr.net has IPv6 address 2001:5c0:8a8a:40::51 pool.ipv6.keys.nayr.net has IPv6 address 2001:638:204:10::2:1 pool.ipv6.keys.nayr.net has IPv6 address 2001:738:0:1:209:6bff:fe8c:845a pool.ipv6.keys.nayr.net has IPv6 address 2001:1418:1d7:1::1 I'll check every few months to see if any new IPv6 supported keyservers pop up and add them to the list, feel free to use this pool if you find it useful. If you want your server added or removed from this list shoot me an email. This is actually not too bad an idea, so I implemented ipv6 to sks-keyservers.net as well. the pool is available at x-hkp://ipv6.pool.sks-keyservers.net and uses the same data as for the original synchronization test, just checks if the same servers have records. in theory this could result in a situation where server responds to ipv4 requests and not ipv6 requests, but for now that seems like an unlikely issue, which I'll rather counter with blacklist if it happens. Status is currently BETA on ipv6, so please come with comments. IPv6 support will be added to keys.kfwebs.net and possibly keys2.kfwebs.net over the next couple of weeks as well. - -- - Kristian Fiskerstrand http://www.kfwebs.net - Ad astra per aspera To the stars through thorns - http://www.secure-my-email.com http://www.secure-my-internet.com -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iQIcBAEBCAAGBQJJAxEsAAoJEBbgz41rC5UIb8YP/1QqKmmDAbbYBxqNXuXWSTuZ lXa4QMhuxTu+wDy1vAQI3+7Bh+MDR4vhcUenen+Ws17sVhdVBXwIgrfmfAoRBqze iBhCLf/VaBmwW7jc42PJDsMdQifIZrQcZAYUeHDXaoxgLL3dn0lD1piYwn9zOBOP GlVTPY/nRvfypKSEpIp843FSHmg3EzUBSY+Mt2hfGTm5J46Gtp2JPZggTE+7x8sn SBMNCHHnqs70u/avbgjoc3X87GBjGBu18qTm6rqkuNIRZ8aMa70IowpQGjdj57Qn sO14S8p0V8LsXx7U4l3mom9icIxhIUkfqZXgKc1zhZMITI0yvJNxpzxXD9BA9meC kZAdH7cIfj/ljhJz9nGGRzEgv8jgkXIb60Uo8ukpkC0YSp47vtNy9C2LKCI0G1CG hAw5fylAKuQbrR+00wID0mXuE5Ht3ivjnOz13k8D3W+jJMlN978YDNNW5tXlLtzs fRoZ6jfgk2w0PqhcXR6ojgGBkxESwb2MiLuOZx9g1vWkwcOKMH8ARY7T5IpgRsxp /9Lc8WN8g7DVyiP7b1pjrvuzJorgCAJTmnlkB4oEtMRt66VyXSz1ivp/+/kYE14/ cZnPFQatzbKcfi04lUa+2RcpEclJbIRZDClC1/Ww9lnDF43/Ty/1fqCOsBNBxFmu 5lgJi1esQZtIM3khBt9d =NFgq -END PGP SIGNATURE- ___ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Re: IPv6 SKS Pool
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Unfortunately there are alot of servers that have records but are not listening on IPv6... I went through the hosts currently in your pool and all the following were not IPv6 capable [EMAIL PROTECTED]:~$ telnet 2001:41d0:1:e812:1c:c0ff:fe65:2cd4 11371 Trying 2001:41d0:1:e812:1c:c0ff:fe65:2cd4... telnet: Unable to connect to remote host: Connection refused [EMAIL PROTECTED]:~$ telnet 2a01:198:200:20a::2 11371 Trying 2a01:198:200:20a::2... telnet: Unable to connect to remote host: Connection refused [EMAIL PROTECTED]:~$ telnet 2001:610:1108:5011:230:48ff:fe12:2794 11371 Trying 2001:610:1108:5011:230:48ff:fe12:2794... telnet: Unable to connect to remote host: Connection refused [EMAIL PROTECTED]:~$ telnet 2001:748:100:1::32 11371 Trying 2001:748:100:1::32... telnet: Unable to connect to remote host: Connection refused - -Ryan Kristian Fiskerstrand wrote: Ryan Hunt wrote, On 10/17/2008 07:50 AM: First, thanks to everyone who peered w/me, had no idea I'd get as many responses and so quickly. Neat community here. Anyhow, I dug through all the SKS servers I could find and found a total of 5 (including myself) Syncing KeyServers that support IPv6. I put all those servers into a pool and setup my monitoring software to keep an eye on them encase a server disappears, allowing me to ensure the pool only contains active hosts. the address for this IPv6 only pool is: x-hks://pool.ipv6.keys.nayr.net pool.ipv6.keys.nayr.net has IPv6 address 2001:470:1f05:429:420:420:420:420 pool.ipv6.keys.nayr.net has IPv6 address 2001:5c0:8a8a:40::51 pool.ipv6.keys.nayr.net has IPv6 address 2001:638:204:10::2:1 pool.ipv6.keys.nayr.net has IPv6 address 2001:738:0:1:209:6bff:fe8c:845a pool.ipv6.keys.nayr.net has IPv6 address 2001:1418:1d7:1::1 I'll check every few months to see if any new IPv6 supported keyservers pop up and add them to the list, feel free to use this pool if you find it useful. If you want your server added or removed from this list shoot me an email. This is actually not too bad an idea, so I implemented ipv6 to sks-keyservers.net as well. the pool is available at x-hkp://ipv6.pool.sks-keyservers.net and uses the same data as for the original synchronization test, just checks if the same servers have records. in theory this could result in a situation where server responds to ipv4 requests and not ipv6 requests, but for now that seems like an unlikely issue, which I'll rather counter with blacklist if it happens. Status is currently BETA on ipv6, so please come with comments. IPv6 support will be added to keys.kfwebs.net and possibly keys2.kfwebs.net over the next couple of weeks as well. ___ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkkDR+MACgkQIcAiq3SnceGxXgCcCZssCQ99YcatrkH/9pLfR4J/ vkwAniQpU/Bs4bYmhNpXjsCl8YYzArX3 =jKno -END PGP SIGNATURE- ___ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Re: IPv6 SKS Pool
Ryan Hunt wrote: [EMAIL PROTECTED]:~$ telnet 2001:610:1108:5011:230:48ff:fe12:2794 11371 Trying 2001:610:1108:5011:230:48ff:fe12:2794... telnet: Unable to connect to remote host: Connection refused This is an address of my server (keyserver.stack.nl). However the IPv6 address isn't advertised for this hostname (I thought). But I might as well add it... From this moment on, the keyserver should be reachable on this IPv6 address as well. Ciao, Johan pgpzRVlAD05Fm.pgp Description: PGP signature ___ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel