On Apr 5, 2010, at 4:04 PM, Kristian Fiskerstrand wrote: > David Shaw wrote, On 04/05/2010 09:25 PM: >> On Apr 1, 2010, at 12:30 AM, Jonathan Oxer wrote: >> >>> On Thu, 2010-04-01 at 00:13 -0400, Daniel Kahn Gillmor wrote: >>> >>> Sorry I can't answer your other questions, but I just had a look in >>> db.log and found ... >>> >>>> * How often >>>> do you see queries? >>> ...about 10k queries / day to keys.keysigning.org, which is in that >>> pool. I assume that since the pool is using round-robin DNS the number >>> should be pretty similar for all machines in the list. >> >> Speaking of round robining - recent versions of GnuPG support more than >> straight round robin. If you want to express more complex things like >> weighting certain servers more heavily (because they have better >> connectivity or hardware, for example), you can do that with a SRV DNS >> record. >> >> This doesn't remove the need for the current pool of A records, as not all >> software supports the SRV yet, but it is supported in GnuPG 1.4.10 and >> 2.0.13 if anyone wants to play with it. As a nice side-benefit, the SRV >> record allows you to run the keyserver on ports other than 11371 and have >> GnuPG automatically hit the right port without having to be configured >> specifically. >> >> David >> >> > > [Resending with a proper sender address] > > Sounds like a good idea to have such a weighting.. I just have to figure > out a way to actually differentiate between the keyservers. Easiest I > guess is a manual relative comparison - but anyone have a better idea? > > For now I just added srv records to the pool with equal weights > > ############# > > [kristi...@localhost Download]$ dig ANY _hkp._tcp.pool.sks-keyservers.net > ;; Truncated, retrying in TCP mode. > > ; <<>> DiG 9.6.0a1 <<>> ANY _hkp._tcp.pool.sks-keyservers.net
This is good, but note the tag is _pgpkey-http._tcp.xxxxx (as per http://www.dns-sd.org/ServiceTypes.html) GPG also understands _pgpkey-https. David _______________________________________________ Sks-devel mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/sks-devel
