packaged gpg 2.1.x can't retrieve any keys from keyservers.. is there any upstream fix or progress?

Daniel Kahn Gillmor dkg at
Sat Nov 19 01:14:57 CET 2016

On Fri 2016-11-11 09:45:13 -0500, lists at wrote:
> I've lost track of where the end of any thread on this is :-/

thanks for starting a new thread.  for your reference, the old thread
began at Message-ID:
1476027783.1522252.750391089.07374952 at

> At the moment, none of our package-installed GPG 2.1.x are able to retrieve keys.

I don't know what you mean "package-installed", and i don't know what
version of 2.1.x you're talking about (though you mention 2.1.15 below).
can you be more specific?

> What's the status on the bug
> gpg 2.1.15, *no* keyservers found for submit/recv, "DNS query returned an error or no records: No such domain (nxdomain)"  
> I've tried to provide every bit of requested info so far.  If there's more needed let me know exactly what.

that bug report suggests that after your SRV lookups fail, dirmngr
doesn't bother to continue with the A and AAAA lookups.  This isn't what
happens on systems that i use.

Perhaps you could try increasing the logging for dirmngr ("log-level
guru" and "log-file /path/to/wherever/dirmngr.log" in
~/.gnupg/dirmngr.conf) and review the output?  If that doesn't give you
more pointers, could you attatch to dirmngr (with debug symbols
installed) and see what it's doing inside dirmngr/http.c,
dirmngr/ks-engine-hkp.c, and dirmngr/dns-stuff.c, where the actual SRV
lookups (and A and AAAA lookups) are generated.


More information about the Gnupg-devel mailing list