sks-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] [PATCH] auto-refresh membership DNS

From: Kim Minh Kaplan
Subject: Re: [Sks-devel] [PATCH] auto-refresh membership DNS
Date: Mon, 23 Mar 2009 21:29:41 +0000
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.60 (gnu/linux) 
Phil Pennock writes:

> So, the IP addresses will be held internally after all?

Yes.  In fact they are already.

> How long for?  When do they expire?

Until the next time sks recon process tries to connect to a partner, at
which point a knew DNS lookup is done for *this* particular partner and
it refreshes this partner's cache entry.

> How is this different in effect on DNS being
> cached unreasonably from using -membership_reload_interval with a value
> similarly sized (0.5 or whatever)?

When connecting to a partner as a client a fresh lookup is used.

On incoming connections stale IPs may still occur but the client recon
will still refresh maintain the cache in acceptable freshness.
Ultimately the authentication of peers should be done in another way.

I just posted a fix for the DoS possibility you mentionned in the
original thread.

Kim Minh.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]