sks-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] Fwd: sks-keyserver unavailable

From: Kristian Fiskerstrand
Subject: Re: [Sks-devel] Fwd: sks-keyserver unavailable
Date: Wed, 27 Feb 2013 22:07:08 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130221 Thunderbird/17.0.3 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 02/26/2013 11:17 PM, Phil Pennock wrote:
> On 2013-02-26 at 11:16 +0100, Niels Laukens wrote:
>> I'm having trouble getting keys of the pools on
>> sks-keyservers.net. I've just retried with the suggested
>> debug-option with following result:
> 
> Okay, I ran: unbound-control local_data
> hkps.pool.sks-keyservers.net. A 84.215.15.221 to talk to the same
> server.  This is keys2.kfwebs.net, Kristian's server.
> 
> Kristian: do you have some kind of content-examining firewall
> setup, or kernel-based early acceptors, or something else weird in
> place?
> 
> 

...

> 
> I can only see a problem when the GET and the first header are in
> one packet and the later headers in the next, which I can't
> duplicate with telnet(1)
> 
> Thus my thoughts turn to some kind of anti-slow-request DoS
> protection in a firewall ... I don't have a better explanation.
> 

OK, finally back home so will look at this over the next few days.
Thanks for the additional information Phil. I haven't yet been able to
replicate the problem from my external servers so will have to try to
figure out a test-case for it over the next few days. keys2 shouldn't
have any particular firewall setup on 11371 for state matching, it is
only a standard nginx reverse proxy setup.

Is the problem still persisting on your setup? Otherwise it might've
been a temporary glitch at my ISP.


- -- 
- ----------------------------
Kristian Fiskerstrand
Twitter: @krifisk
- ----------------------------
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
"Every country has the government it deserves."
(Joseph de Maistre)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.0-beta145 (GNU/Linux)

iQIcBAEBCAAGBQJRLnV7AAoJEAt/i2Dj7frj0B8P/1tkEFuFns3M3x4D8qum3S90
lf6AonnMMVWxokAPR5nmsxcy3OiyUv1Kgg94c+UhmCT0mPNFfkB3LcSP2R/XS+ha
L0Es7qW0wf5aYeQC/6tLriKLNnbPXptVSFnZ/x5SHxXlTgrb34lVTIfDBSvuWfwx
kdq3DJnp3q6zydO/jBXjkvJla3MsEO1DbK/ivYuA4l2QXTu2iwtj+KUvP9MPf9iK
lvatLiH9bVm/6HCpTXL5S1q/oSipEI8Wx5ccD7EtBRZKHguMmxXb5LOpAmUDTPa2
0PUrCwDnIr2l8iViTvMLoZUHXEltjrSwFBWcJ0m8oIDyzLYqsEG5o3w9nCY2kV/e
EMdYaBRF9CesYcVaqHaKc2dBbHGADOE0fqP+GLVFoflw2fBTOqyDsptE+OG7Hp8k
mDDZOMXuBSa+pvnTk78liKMuD+RDxj85OeG43gAFabP9q9bjRyhVrIxAEzh5N0MR
HANHW0FGtGN92j1cHTtw98dJtEQvXdVWv5aw811JYx1bGrwq+97Sl5nazcRy47w7
83VWxmIPd/alNj4CAA9OG/kx/GUiPevrWFHnwY5ZK9mrNP9Tujx+iZvJQeUPujLH
UzoAuWaqDP+6FWEas1xWM6YpYJdALmYWU2zIanHq0ItRShaNRg5tNXNv7ozhIzPL
norXzO/a5Yyyp3c8ECxl
=dLBB
-----END PGP SIGNATURE-----
reply via email to
[Prev in Thread] Current Thread [Next in Thread]