[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] [PATCH] auto-refresh membership DNS
From: |
Kim Minh Kaplan |
Subject: |
Re: [Sks-devel] [PATCH] auto-refresh membership DNS |
Date: |
Mon, 23 Mar 2009 21:29:41 +0000 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/23.0.60 (gnu/linux) |
Phil Pennock writes:
> So, the IP addresses will be held internally after all?
Yes. In fact they are already.
> How long for? When do they expire?
Until the next time sks recon process tries to connect to a partner, at
which point a knew DNS lookup is done for *this* particular partner and
it refreshes this partner's cache entry.
> How is this different in effect on DNS being
> cached unreasonably from using -membership_reload_interval with a value
> similarly sized (0.5 or whatever)?
When connecting to a partner as a client a fresh lookup is used.
On incoming connections stale IPs may still occur but the client recon
will still refresh maintain the cache in acceptable freshness.
Ultimately the authentication of peers should be done in another way.
I just posted a fix for the DoS possibility you mentionned in the
original thread.
Kim Minh.
- [Sks-devel] [PATCH] auto-refresh membership DNS, Phil Pennock, 2009/03/22
- Re: [Sks-devel] [PATCH] auto-refresh membership DNS, Kim Minh Kaplan, 2009/03/22
- Re: [Sks-devel] [PATCH] auto-refresh membership DNS, Phil Pennock, 2009/03/22
- Re: [Sks-devel] [PATCH] auto-refresh membership DNS, Kim Minh Kaplan, 2009/03/22
- Re: [Sks-devel] [PATCH] auto-refresh membership DNS, Phil Pennock, 2009/03/22
- Re: [Sks-devel] [PATCH] auto-refresh membership DNS, Yaron Minsky, 2009/03/22
- Re: [Sks-devel] [PATCH] auto-refresh membership DNS, Phil Pennock, 2009/03/23
- Re: [Sks-devel] [PATCH] auto-refresh membership DNS, Yaron Minsky, 2009/03/23
- Re: [Sks-devel] [PATCH] auto-refresh membership DNS, Kim Minh Kaplan, 2009/03/23
- Re: [Sks-devel] [PATCH] auto-refresh membership DNS, Phil Pennock, 2009/03/23
- Re: [Sks-devel] [PATCH] auto-refresh membership DNS,
Kim Minh Kaplan <=