-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Addendum I noticed this in my logs: 2014-05-05 01:06:25 Reconciliation attempt from unauthorized host <ADDR_INET [94.23.11.46]:58500>. Ignoring And it resolved to a host similar to yours, so your outgoing IP address isn't the one it should be. $ host 94.23.11.46 46.11.23.94.in-addr.arpa domain name pointer business-ip-94-23-11-46.static.lu. Martin On 05/05/2014 01:50 AM, Martin Papik wrote: > > I'm somewhat new myself, but here goes. > > To me it looks like one or more of your peers doesn't have you > configured. To find out which one you have a few choices. > > 1) look at the logs to see which peers you do receive keys from, > the ones you don't are probably broken > > 2) tcpdump > > 3) iptables rules for statistics of how many bytes are exchanged > with the IP addresses that are resolved, you have them in the > snippet you sent. > > Also make sure you do receive some keys for someone, recon.log, > you should see entries like this: > > > 2014-05-03 07:00:57 Requesting 1 missing keys from <ADDR_INET > [162.17.206.197]:11372>, starting with > 299E952D7F78266B1C33B4C618ABA111 2014-05-03 07:00:58 1 keys > received > > I've looked through my log, I have your server configured, but I > don't see anything coming from your side, which possibly means > you're not receiving any keys from anyone. I don't see any traffic > from you, so perhaps you have a more fundamental problem. Are there > any firewall, routing or NAT-ing restrictions? > > For starters, check if this works: > > telnet sks-server.randala.com 11370 -b 89.46.222.116 > > It should connect, and you should see a line with some binary and > some text, the text will contain words like bitquantum > yminsky.dedup,yminsky.merge http port mbar, so if you see that > your outgoing connections are okay. > > I tried connecting to your server and it seems to close down. Do > you have multiple IPs on the server? Do you have a firewall? > > PS my server is sks-server.randala.com > > I hope this helped. > > Martin > > On 05/05/2014 12:10 AM, Martin A. wrote: >> Hi, > >> I hope someone could help me... I'm new to sks keyserver and have >> several problems... As you could see at >> http://sks.static.lu/pks/lookup?op=stats the "Statistics" are >> broken... I don't know why :( At 7 AM - 2014-05-04 I was not >> working on the server. If I do a cat /var/log/sks/recon.log I got >> the following log: > > >> 2014-05-04 22:45:11 DB closed 2014-05-04 22:45:28 Opening log >> 2014-05-04 22:45:28 sks_recon, SKS version 1.1.3 2014-05-04 >> 22:45:28 Copyright Yaron Minsky 2002-2003 2014-05-04 22:45:28 >> Licensed under GPL. See COPYING file for details 2014-05-04 >> 22:45:28 Opening PTree database 2014-05-04 22:45:28 Setting up >> PTree data structure 2014-05-04 22:45:28 PTree setup complete >> 2014-05-04 22:46:29 address for sks-server.randala.com:11370 >> changed from [] to [<ADDR_INET [85.195.123.236]:11370>, >> <ADDR_INET [2a01:7a0:2:153::252]:11370>] 2014-05-04 22:46:29 >> address for keyserver.ut.mephi.ru:11370 changed from [] to >> [<ADDR_INET [85.143.112.59]:11370>] 2014-05-04 22:46:29 address >> for sks.disunitedstates.com:11370 changed from [] to [<ADDR_INET >> [91.205.174.236]:11370>, <ADDR_INET >> [2a02:c200:0:10::404:211]:11370>] 2014-05-04 22:46:29 address for >> keyserver.serviz.fr:11370 changed from [] to [<ADDR_INET >> [37.187.1.147]:11370>, <ADDR_INET [2001:41d0:a:193::1]:11370>] >> 2014-05-04 22:46:29 address for pgp.freiwuppertal.de:11370 >> changed from [] to [<ADDR_INET [109.239.48.152]:11370>, >> <ADDR_INET [2a00:1158:3::1a2]:11370>] 2014-05-04 22:46:29 <recon >> as client> error in callback.: Sys_error("Connection reset by >> peer") 2014-05-04 22:47:29 <recon as client> error in callback.: >> Sys_error("Connection reset by peer") 2014-05-04 22:48:31 >> <recon as client> error in callback.: Sys_error("Connection reset >> by peer") 2014-05-04 22:49:29 <recon as client> error in >> callback.: Sys_error("Connection reset by peer") 2014-05-04 >> 22:50:27 <recon as client> error in callback.: >> Sys_error("Connection reset by peer") 2014-05-04 22:51:26 <recon >> as client> error in callback.: Sys_error("Connection reset by >> peer") 2014-05-04 22:52:25 <recon as client> error in callback.: >> Sys_error("Connection reset by peer") 2014-05-04 22:53:26 <recon >> as client> error in callback.: Sys_error("Connection reset by >> peer") 2014-05-04 22:54:26 <recon as client> error in callback.: >> Sys_error("Connection reset by peer") 2014-05-04 22:55:26 <recon >> as client> error in callback.: Sys_error("Connection reset by >> peer") 2014-05-04 22:56:27 <recon as client> error in callback.: >> Sys_error("Connection reset by peer") 2014-05-04 22:57:30 <recon >> as client> error in callback.: Sys_error("Connection reset by >> peer") 2014-05-04 22:58:29 <recon as client> error in callback.: >> Sys_error("Connection reset by peer") 2014-05-04 22:59:30 <recon >> as client> error in callback.: Sys_error("Connection reset by >> peer") 2014-05-04 23:00:30 <recon as client> error in callback.: >> Sys_error("Connection reset by peer") 2014-05-04 23:01:29 <recon >> as client> error in callback.: Sys_error("Connection reset by >> peer") 2014-05-04 23:02:30 <recon as client> error in callback.: >> Sys_error("Connection reset by peer") 2014-05-04 23:03:29 <recon >> as client> error in callback.: Sys_error("Connection reset by >> peer") > > >> Maybe someone would help this to get this server working... Also >> I have added my sksconf file... > > >> # /etc/sks/sksconf # # The configuration file for your SKS >> server. # You can find more options in sks(8) manpage. > >> # Set server hostname hostname: sks.static.lu > >> # Set recon binding address recon_address: 0.0.0.0 > >> # Set recon port number recon_port: 11370 > >> # Set hkp binding address hkp_address: 0.0.0.0 > >> # Set hkp port number hkp_port: 11371 > >> # Have the HKP interface listen on port 80, as well as the >> hkp_port #use_port_80: > >> # From address used in synchronization emails used to communicate >> with PKS from_addr: i...@rdns.cc > >> # Command used for sending mail (you can use -f option to specify >> the # envelope sender address, if your MTA trusts the sks user) >> #sendmail_cmd: /usr/lib/sendmail -t -oi > >> # Runs database statistics calculation on boot (time and cpu >> expensive) initial_stat: membership_reload_interval: 1 stat_hour: >> 23 > >> # bdb's db_tune program suggests a pagesize of 65536 for >> [K]DB/key. In practice # this caused page deadlocks. I found 8K >> (16) and 16K (32) to be better values pagesize: 16 # # >> The tuner recommended 4096 (8) for the pagesize for PTree/ptree. >> I have had # very good results with 8196 ptree_pagesize: 16 > > >> Thank you for your help :) > >> kind regards Martin > >> _______________________________________________ Sks-devel mailing >> list Sks-devel@nongnu.org >> https://lists.nongnu.org/mailman/listinfo/sks-devel > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCgAGBQJTZshYAAoJELsEaSRwbVYri70QAJDbBWZKPZk7U98vhwXA4kgC BSJJ/g3NqtOFMPe8VOeSeoHB+OpKOSObke6IH2JbcKAjCbT2lW2M4WhdXSbBbgzj QFz7OgdhFf60daz8a2K06zmUM3MT4N5F3oA1jhM7r5Vfy5IdeBApZGStjuEWJxKD iR1OOM8XIQDfG5qIi5fFXbQ+YOTTMlgt30jdQrDSaSiagbwFfJeUGe2TSpCL91/Z oTjXdJGBJ5coNzoqAuuXdTrWEZ8Zu6s7D18f9uG6Yo460TAPv+eNfHqTzF1ECTG9 vDTo0lUCWQRu9ODEm+PWEPjZPKVgzUlUSp6LQpd/2/hXhL8TmNvP5SrjHTrmSyJZ BG0r7fVngpr3JkkT+jvRPNP4haYmbtIOHcEOYCLZqTWbhWSDFsU8GBoG30lYFWhQ cQS3ZUErzBjI1mI3GlZzqY3ZzzynpQCNWLp79sdSv5AyPsR7liyCwsK6jMsUkgmR cDQMwKwR8stbdc7ipHxiNBXOYCbKRDjEewkRRL+NIPtqPUgRSA9Y8opbvybttLNG mkuJYSTQvrm4dYFkIY/RLpfUf4BBVB1IPmAsSrLdLlWQXecRnHMJvyV3FF63+rRR 5PaqtegZSRsVKiCDpGdsScbbczxXY3Nonn4FhB5RpTkh5e8BepqHUBMMywby66xr kM36w++TfN8+l5pcSAjV =jv05 -----END PGP SIGNATURE----- _______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
