-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 David Shaw wrote, On 04/05/2010 09:25 PM: > On Apr 1, 2010, at 12:30 AM, Jonathan Oxer wrote: > >> On Thu, 2010-04-01 at 00:13 -0400, Daniel Kahn Gillmor wrote: >> >> Sorry I can't answer your other questions, but I just had a look in >> db.log and found ... >> >>> * How often >>> do you see queries? >> ...about 10k queries / day to keys.keysigning.org, which is in that >> pool. I assume that since the pool is using round-robin DNS the number >> should be pretty similar for all machines in the list. > > Speaking of round robining - recent versions of GnuPG support more than > straight round robin. If you want to express more complex things like > weighting certain servers more heavily (because they have better connectivity > or hardware, for example), you can do that with a SRV DNS record. > > This doesn't remove the need for the current pool of A records, as not all > software supports the SRV yet, but it is supported in GnuPG 1.4.10 and 2.0.13 > if anyone wants to play with it. As a nice side-benefit, the SRV record > allows you to run the keyserver on ports other than 11371 and have GnuPG > automatically hit the right port without having to be configured specifically. > > David > >
[Resending with a proper sender address] Sounds like a good idea to have such a weighting.. I just have to figure out a way to actually differentiate between the keyservers. Easiest I guess is a manual relative comparison - but anyone have a better idea? For now I just added srv records to the pool with equal weights ############# [kristi...@localhost Download]$ dig ANY _hkp._tcp.pool.sks-keyservers.net ;; Truncated, retrying in TCP mode. ; <<>> DiG 9.6.0a1 <<>> ANY _hkp._tcp.pool.sks-keyservers.net ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18403 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 15, AUTHORITY: 2, ADDITIONAL: 5 ;; QUESTION SECTION: ;_hkp._tcp.pool.sks-keyservers.net. IN ANY ;; ANSWER SECTION: _hkp._tcp.pool.sks-keyservers.net. 28800 IN SRV 0 50000 11371 keys.wuschelpuschel.org. _hkp._tcp.pool.sks-keyservers.net. 28800 IN SRV 0 50000 11371 keyserver.ccc-hanau.de. _hkp._tcp.pool.sks-keyservers.net. 28800 IN SRV 0 50000 11371 keyserver.fabbione.net. _hkp._tcp.pool.sks-keyservers.net. 28800 IN SRV 0 50000 11371 keyserver.noreply.org. _hkp._tcp.pool.sks-keyservers.net. 28800 IN SRV 0 50000 11371 keyserver.rainydayz.org. _hkp._tcp.pool.sks-keyservers.net. 28800 IN SRV 0 50000 11371 keyserver.stack.nl. _hkp._tcp.pool.sks-keyservers.net. 28800 IN SRV 0 50000 11371 pgp.net.nz. _hkp._tcp.pool.sks-keyservers.net. 28800 IN SRV 0 50000 11371 pgp.rediris.es. _hkp._tcp.pool.sks-keyservers.net. 28800 IN SRV 0 50000 11371 pgp.ugcs.caltech.edu. _hkp._tcp.pool.sks-keyservers.net. 28800 IN SRV 0 50000 11371 pgp.uni-mainz.de. _hkp._tcp.pool.sks-keyservers.net. 28800 IN SRV 0 50000 11371 sks.es.net. _hkp._tcp.pool.sks-keyservers.net. 28800 IN SRV 0 50000 11371 sks.karotte.org. _hkp._tcp.pool.sks-keyservers.net. 28800 IN SRV 0 50000 11371 sks.pkqs.net. _hkp._tcp.pool.sks-keyservers.net. 28800 IN SRV 0 50000 11371 key.adeti.org. _hkp._tcp.pool.sks-keyservers.net. 28800 IN SRV 0 50000 11371 keys.kfwebs.net. ;; AUTHORITY SECTION: sks-keyservers.net. 28800 IN NS ns2.kfwebs.net. sks-keyservers.net. 28800 IN NS ns1.kfwebs.net. ;; ADDITIONAL SECTION: keys.kfwebs.net. 86400 IN A 213.161.224.2 keys.kfwebs.net. 86400 IN AAAA 2001:16d8:ee30::4 ns1.kfwebs.net. 38105 IN A 213.161.224.2 ns2.kfwebs.net. 30782 IN A 84.215.23.53 ns2.kfwebs.net. 21182 IN AAAA 2001:16d8:ee3d:ee30:219:b9ff:fed6:4db8 ;; Query time: 0 msec ;; SERVER: 192.168.0.6#53(192.168.0.6) ;; WHEN: Mon Apr 5 22:01:18 2010 ;; MSG SIZE rcvd: 745 - -- - ---------------------------- Kristian Fiskerstrand [email protected] http://www.sumptuouscapital.com - ---------------------------- Veni vidi velcro I came, I saw, I got stuck - ---------------------------- This email was digitally signed using the OpenPGP standard. If you want to read more about this, visit: http://www.secure-my-email.com - ---------------------------- Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.10 (GNU/Linux) iQIcBAEBCAAGBQJLukJKAAoJEAt/i2Dj7frjmiMQAJnd7aEdtihjOE2KTjdLIZ+q 1IddWZJB7ie/koicSyFS94QZwVRBrXxBOo50G5fNBDFaJAcN6FJZgU0E+ydC7d72 5wORsG+fVtiTcKHDXnGC692qMT4oP2hj1l3uX/Fm/vAdVUs4SBJqLsmWdAXviuvz 1NgFghtc0XXYzITM4db+e5Jzo3NmX3R5ReS2z0wonVQe3hj51vqqSnbihwmJuotB CrmYOnRHDo25ruduxAzH1XpSGP0G0EyFY5k2YEGSNqNglrMmqCSMf2PddPbqVeIU 4xtCj2C6NDKvFnqEgXKxT6ki+AwGkXqNukB78bGrXPW2vLiRkr5Tuu2il5f9E7Vy nHbasJV8un1Uo+myIYYdHuhxmf10og3jt6M18e/tTBKYy0J/rWHKogNt63EiDiES fJdFbs5/a4CxPfanNoLmGe8/L6x9EbsWxPBAMO5AhU+FQt+KT5hfCGZrs0uWNjgF w3xKIC77g2GeHMygyUDJ5Sd3B89F+2aFKZP4qavYzWeDmTdbxOj40pJBW1drcpv9 bUF9IeHlJW0o/rDBByyVVIWdRpK8UMuZFzs3Ec3aQjRBi8b2dok2HDUXLNo3Ncwr nmgOBwbJxOTTWcOqykh+POWjNMSoiICgxVvgkXK2Hv96qCmrhtfI3oug6SEUsKKv O7uHDIsQ6rPymgz3BKxn =YrW8 -----END PGP SIGNATURE----- _______________________________________________ Sks-devel mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/sks-devel
