That you can have an empty trusted_key_servers config option is non-obvious

[anoadragon453]

Sometimes you're running Synapse and not wanting to trust any other Synapse server as a keyserver (either for privacy reasons or you're running in a private federation).

In this case, it's not obvious that the way that you specify "No external key server please" is to set trusted_key_servers to an empty array []. Commenting out the block will just default to matrix.org.

We should add a line in the config help for this option to state that contacting 3rd party trusted key servers can be disabled by setting trusted_key_servers to [].

Synapse v1.11.1

[turt2live]

Opting for no key servers would potentially make some rooms unjoinable for you. It's less of a risk in private federations as the keys get bootstrapped and gossiped elsewhere (though Synapse doesn't do this: #6086 ), however if disabled for privacy reasons it's entirely possible that you won't get someone's key and be forced to (soft) reject all their events.

[dylangerdaly]

FYI it's possible to prefer asking HS's first, then fall back to matrix.org, solving the above issues.

Just apply this patch -> c9b7d97

You can also drop all of your current cached keys via postgres

synapse=# DELETE FROM server_keys_json;
DELETE 3097
synapse=# DELETE FROM server_signature_keys;
DELETE 3093

This will cause synapse to fetch all keys directly from servers, if the server is offline, it'll then fallback to matrix.org