Re: [Sks-devel] [PATCH] auto-refresh membership DNS

[Kim Minh Kaplan]

Phil Pennock:

> ----------------------------8< cut here >8------------------------------
> =item -membership_reload_interval
>
> Maximum interval (in hours) at which membership file is reloaded.
> ----------------------------8< cut here >8------------------------------
>
> There are supposed to be *two* triggers for reload -- one is mtime
> change, one is -membership_reload_interval expiring.  This works in the
> dbserver, not in the reconserver.  Ironic.
>
> Thus I stand by the intent of my patches.
>
> With this fixed, people who change DNS won't have to post to lists
> asking people to touch their membership files to pick up the DNS change,
> and I will be able to get rid of my cron job which touches the
> membership file, as sks will do The Right Thing.

I see what you mean here...  Except that periodic DNS lookups are *not*
The Right Thing.  This is one area where I think SKS got it wrong: it
should call out to the resolver each time it needs to connect to a
server and let the caching happen in normal ways (DNS TTL).  Please have
a look at my other message "Keep DNS mappings fresh"[1]

> The additional load is an extra couple of DNS lookups per peer, every
> reload interval; it's a float, but I doubt many people set this to less
> than 1, so it's pretty light.

With my patch the "additional load" is bigger but it will still be
minuscule when compared to the rest of the traffic needed for the
reconciliation protocol anyway.  This is not where we should look for
optimization.

OTOH if the membership reload takes more than the gossip_interval and
reconciliation_config_timeout setting (typically one minute) then the
loading never finishes and the server never reconciles.  It happened to
me when three of my partners' nameservers went out of service.  Making
the lookup as needed solves this problem.

Regards,
Kim Minh.
[1] http://lists.gnu.org/archive/html/sks-devel/2009-03/msg00085.html