Whither DNS SRV in 2.1.0?
john.marshall at riverwillow.com.au
Wed Dec 10 04:46:25 CET 2014
I have just upgraded a desktop to GnuPG 2.1.0. I rely upon DNS SRV
domain names for keyserver selection. Since upgrading from 2.0.26
keyserver (SRV) selection appears to be broken. Note that the only RR's
at the hkp://<keyserver> DNS domain label in use are SRV records (no A
or AAAA). GnuPG 2.0 retrieves and processes the SRV RR's. GnuPG 2.1
(dirmngr) ignores them and gives up due to lack of address records:
gpg: error searching keyserver: Unknown host
gpg: keyserver search failed: Unknown host
There is no indication that SRV support has been removed from GnuPG.
At the end of configure I see:
GnuPG v2.1.0 has been configured as follows:
Revision: e22b459 (57899)
Platform: FreeBSD (i386-portbld-freebsd10.1)
Protect tool: (default)
LDAP wrapper: (default)
Default agent: (default)
Default pinentry: (default)
Default scdaemon: (default)
Default dirmngr: (default)
Dirmngr auto start: yes
Readline support: yes
LDAP support: no
DNS SRV support: yes <------------
TLS support: gnutls
config.log finishes up with:
#define USE_DNS_SRV 1 <------------
but dirmngr just ignores SRV records. I did some digging and found the
following in dirmngr/ks-engine-hkp.c:
815: /*fixme_do_srv_lookup ()*/
I suppose that this regression was not intentional since I cannot find
any mention of it in the ChangeLog or README or Release Announcement.
In fact, the only mention I can find in ChangeLog is:
2014-06-26 Werner Koch <wk at gnupg.org>
Enable DNS SRV records again.
* configure.ac (GPGKEYS_HKP, GPGKEYS_FINGER): Remove ac_subst.
(use_dns_srv): Make test work.
Am I missing something or is my only option to revert to GnuPG 2.0?
Will SRV support be provided in later 2.1 releases or will it be removed
Thank you again for maintaining this wonderful software.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 181 bytes
Desc: not available
More information about the Gnupg-devel