Re: [Sks-devel] [GnuPG-users] sks-keyservers.net: Changes to pools / SRV Weights

[Jeffrey Johnson]

On May 13, 2012, at 10:26 AM, Gabor Kiss wrote:

>> Easiest way around it is using a properly defined membership file that
>> reference the hostname found in the sksconf. This is one of the
>> reasons I've provided a reference membership file[1].
> 
> It seems to be easy like replacing all domain names by IP
> addresses in configuration files but principally not correct.
> 
> In this case keyserver.uz.sns.it is a symbolic name
> pointing to the actual host doing the job.
> 
> If Giovanni wants to move the service from soyuz.uz.sns.it
> to apollo.uz.sns.it, he can do it transparently
> just changing the CNAME record in DNS. None of his peer
> partners should modify their membership file because these
> contain the alias keyserver.uz.sns.it as Giovanni asked.
> 
> This is why CNAME is invented for. You should not work against
> the world. :-)
> 

I had some of these same issues understanding sks-keyservers.net
displays a few weeks back.

Consistently using the entries found in sksconf/membership is
a sane FQDN (for SKS key servers) that need not interfere with whatever is in 
DNS
and assists in stabilizing SKS server peering and configuration.

However getting "consistently" in place will take some time/effort/focus,
naming and aliasing issues are tricky.

73 de Jeff