Whither DNS SRV in 2.1.0?

John Marshall john.marshall at riverwillow.com.au
Wed Dec 10 04:46:25 CET 2014

I have just upgraded a desktop to GnuPG 2.1.0.  I rely upon DNS SRV
domain names for keyserver selection.  Since upgrading from 2.0.26
keyserver (SRV) selection appears to be broken.  Note that the only RR's
at the hkp://<keyserver> DNS domain label in use are SRV records (no A
or AAAA).  GnuPG 2.0 retrieves and processes the SRV RR's.  GnuPG 2.1
(dirmngr) ignores them and gives up due to lack of address records:

  gpg: error searching keyserver: Unknown host
  gpg: keyserver search failed: Unknown host

There is no indication that SRV support has been removed from GnuPG.
At the end of configure I see:

        GnuPG v2.1.0 has been configured as follows:

        Revision:  e22b459  (57899)
        Platform:  FreeBSD (i386-portbld-freebsd10.1)

        OpenPGP:   yes
        S/MIME:    yes
        Agent:     yes
        Smartcard: no 
        G13:       yes
        Dirmngr:   yes
        Gpgtar:    yes

        Protect tool:      (default)
        LDAP wrapper:      (default)
        Default agent:     (default)
        Default pinentry:  (default)
        Default scdaemon:  (default)
        Default dirmngr:   (default)

        Dirmngr auto start:  yes
        Readline support:    yes
        LDAP support:        no
        DNS SRV support:     yes     <------------
        TLS support:         gnutls

config.log finishes up with:

  #define USE_DNS_SRV 1              <------------

but dirmngr just ignores SRV records.  I did some digging and found the
following in dirmngr/ks-engine-hkp.c:

  813:  else
  814:    {
  815:      /*fixme_do_srv_lookup ()*/
  816:    }

I suppose that this regression was not intentional since I cannot find
any mention of it in the ChangeLog or README or Release Announcement.
In fact, the only mention I can find in ChangeLog is:

2014-06-26  Werner Koch  <wk at gnupg.org>

        Enable DNS SRV records again.
        * configure.ac (GPGKEYS_HKP, GPGKEYS_FINGER): Remove ac_subst.
        (use_dns_srv): Make test work.

Am I missing something or is my only option to revert to GnuPG 2.0?
Will SRV support be provided in later 2.1 releases or will it be removed

Thank you again for maintaining this wonderful software.

John Marshall
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: </pipermail/attachments/20141210/25128058/attachment.sig>

More information about the Gnupg-devel mailing list