y dump did not help. And
given the current state of the SKS network, it just wasn't worth
bothering about debugging the root cause.
All the best, everyone!
Yours truly,
John Zaitseff
--
John Zaitseff ,--_|\The ZAP Group
Telephone: +61 2 9643 7737 / \ Sydney, Austr
- [L,G]
> (BTW: look at this key: 0xD7FFC063B40A2294B966DB47FF80AE9D1DEC358D [...])
Nice signatures :-) We're playing "whack-a-mole" here.
I went through my Apache logs for the last month or so, searching
for very large keys being requested, and added these (and ce
Hi, all again,
Slight bug fix: replace:
RewriteCond "%{QUERY_STRING}" "search=([^&]+)&?"
with:
RewriteCond "%{QUERY_STRING}" "search=([^&]+)(&|$)"
John Zaitseff
--
John Zaitseff
ex)"
RewriteCond "%{QUERY_STRING}" "search=([^&]+)&?"
RewriteCond "${badkeys:${lc:%1}|ok}" "!=ok"
RewriteRule ^/pks/lookup- [L,G]
Yours truly,
John Zaitseff
--
John Zaitseff ,--_|\The ZAP Group
. And I can add to the apache-badkeys file any
time I like...
Yours truly,
John Zaitseff
--
John Zaitseff ,--_|\The ZAP Group
Telephone: +61 2 9643 7737 / \ Sydney, Australia
Email: j.zaits...@zap.org.au \_,--._* https://www.zap.org.au/
days
ago):
pagesize: 32
ptree_pagesize:16
command_timeout: 600
max_recover: 150
I fear, however, that increasing the timeouts simply pushes the
problem slightly further down the track...
Yours truly,
John Zaitseff
--
John Zaitseff
something like this, but if not, well, now you can :-)
Both files are officially released into the public domain.
Yours truly,
John Zaitseff
--
John Zaitseff,--_|\The ZAP Group
Phone: +61 2 9643 7737 / \ Sydney, Australia
E-mail: j.zaits...@zap.org.au
> then.
Ah, yes, I forgot to mention that I had done this as well.
Actually, I just created a DB_CONFIG file in /var/lib/sks/DB with
one line, "set_flags DB_LOG_AUTOREMOVE". I put the same file in
/var/lib/sks/PTree as well, although I don't think it's needed
there.
Yours truly,
/sbin/sks pbuild -cache 50 -ptree_cache 100
> >>
> >> SKS restarted fine; so far so good! I'll be keeping an eye on it
> >> over the next few days, so I'll report back as needed.
> [...]
>
> Unfortunately the issues is still not resolved. Is nobody else
> experiencing this?
dering whether someone has found yet another way to take
down SKS servers worldwide. It's a bit disappointing that the SKS
keyserver source code available on bitbucket.org has not been
touched in over a year... is anyone actually working on it?
Yours truly,
John Zaitseff
--
John Zaitseff
urce code.
By the way, I tried Phil Pennock's suggestion of removing peers that
were significantly behind mine in terms of number of keys, but that
made no difference to the situation.
Yours truly,
John Zaitseff
--
John Zaitseff,--_|\The ZAP Group
Phone: +61 2 9643 7737
robably don't need to do this for
my own keyserver; I'm just catching up on such peer's requests!
Yours truly,
John Zaitseff
--
John Zaitseff,--_|\The ZAP Group
Phone: +61 2 9643 7737 / \ Sydney, Australia
E-mail: j.zaits...@zap.org.au \_,--._* htt
is:
keyserver.zap.org.au 11370 # John Zaitseff
0xB0F6BC7F46D30F1432FC46190D254111C4EE569B
Yours truly,
John Zaitseff
--
John Zaitseff,--_|\The ZAP Group
Phone: +61 2 9643 7737 / \ Sydney, Australia
E-mail: j.zaits...@zap.org.au \_,--._* http://www.zap.org.au
[2-6] \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch MSIE [17-9] ssl-unclean-shutdown
/VirtualHost
--
John Zaitseff,--_|\The ZAP Group
Phone: +61 2 9643 7737
/Peering
Yours truly,
John Zaitseff
--
John Zaitseff,--_|\The ZAP Group
Phone: +61 2 9643 7737 / \ Sydney, Australia
E-mail: j.zaits...@zap.org.au \_,--._* http://www.zap.org.au/
v
to happen. If you send
patches to 678...@bugs.debian.org, it'll make it much more likely
to happen sooner!
Another small note: the directory should be /var/backups/sks (plural
backups, not singular backup) for consistency with the FHS.
John
--
John Zaitseff,--_|\The ZAP
the contents of /var/lib/sks/www should be
conffiles, too...
John
--
John Zaitseff,--_|\The ZAP Group
Phone: +61 2 9643 7737 / \ Sydney, Australia
E-mail: j.zaits...@zap.org.au \_,--._* http://www.zap.org.au/
v
/apt/sources.list,
then:
apt-get source sks
cd sks-1.1.5
dpkg-buildpackage -us -uc -b
cd ..
dpkg -i sks_1.1.5-1~zg1_amd64.deb
(You will need the dpkg-dev package installed for dpkg-buildpackage).
Yours truly,
John Zaitseff
--
John Zaitseff,--_|\The ZAP Group
-generated certificates, but is it
possible to do this within the SAME VirtualHost block, based on
environment variables, etc.?
Yours truly,
John Zaitseff
--
John Zaitseff,--_|\The ZAP Group
Phone: +61 2 9643 7737 / \ Sydney, Australia
E-mail: j.zaits
-keyservers.net
certificate when queries come to *.sks-keyservers.net. Can I do
this with ONE VirtualHost block in Apache, or must I use two?
Yours truly,
John Zaitseff
--
John Zaitseff,--_|\The ZAP Group
Phone: +61 2 9643 7737 / \ Sydney, Australia
E
Yours truly,
John Zaitseff
--
John Zaitseff,--_|\The ZAP Group
Phone: +61 2 9643 7737 / \ Sydney, Australia
E-mail: j.zaits...@zap.org.au \_,--._* http://www.zap.org.au/
v
! By all means, contact me directly for
any operational issues.
keyserver.zap.org.au 11370 # John Zaitseff j.zaits...@zap.org.au
0x0D254111C4EE569B
Yours truly,
John Zaitseff
- --
John Zaitseff,--_|\The ZAP Group
Phone: +61 2 9643 7737 / \ Sydney, Australia
E
22 matches
Mail list logo