gpg 2.1.15, *no* keyservers found for submit/recv, "DNS query returned an error or no records: No such domain (nxdomain)"
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Oct 12 16:33:30 CEST 2016
Hi lists--
tanks for the packet grab!
On Wed 2016-10-12 09:28:05 -0400, lists at ssl-mail.com wrote:
> gpgconf --kill dirmngr
> sudo tcpdump -s 1024 -w dns-from-dirmngr.pcap 'udp port 53' &
> gpg --recv 0x0EE5BE979282D80B9F7540F1CCD2ED94D21739E9
> kill %1
>
> 2 packets captured
> 2 packets received by filter
> 0 packets dropped by kernel
>
> Here's the 2 packets' export as text:
> ----------------------------------------
> No. Time Source Destination Protocol Length Info
> 1 0.000000 10.19.2.7 10.19.2.100 DNS 98 Standard query 0x311f SRV _hkp._tcp.hkps.pool.sks-keyservers.net
>
> Frame 1: 98 bytes on wire (784 bits), 98 bytes captured (784 bits)
> Ethernet II, Src: AsustekC_19:c3:26 (00:26:18:19:c3:26), Dst: Trendnet_c4:11:d9 (d8:eb:97:c4:11:d9)
> Internet Protocol Version 4, Src: 10.19.2.7, Dst: 10.19.2.100
> User Datagram Protocol, Src Port: 51597, Dst Port: 53
> Domain Name System (query)
>
> No. Time Source Destination Protocol Length Info
> 2 0.544341 10.19.2.100 10.19.2.7 DNS 148 Standard query response 0x311f No such name SRV _hkp._tcp.hkps.pool.sks-keyservers.net SOA ns2.kfwebs.net
>
> Frame 2: 148 bytes on wire (1184 bits), 148 bytes captured (1184 bits)
> Ethernet II, Src: Trendnet_c4:11:d9 (d8:eb:97:c4:11:d9), Dst: AsustekC_19:c3:26 (00:26:18:19:c3:26)
> Internet Protocol Version 4, Src: 10.19.2.100, Dst: 10.19.2.7
> User Datagram Protocol, Src Port: 53, Dst Port: 51597
> Domain Name System (response)
> ----------------------------------------
so it looks like you're doing an SRV lookup for the server in question.
do you see anything other than an NXDOMAIN when you query for this same
SRV from the command line?
fwiw, i'm seeing NXDOMAIN for this as well from my network perspective:
>> ; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> -t srv _hkp._tcp.hkps.pool.sks-keyservers.net
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 48410
>> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
>>
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags:; udp: 4096
>> ;; QUESTION SECTION:
>> ;_hkp._tcp.hkps.pool.sks-keyservers.net. IN SRV
>>
>> ;; AUTHORITY SECTION:
>> sks-keyservers.net. 60 IN SOA ns2.kfwebs.net. kf.kfwebs.net. 3161012162 600 14400 172800 60
>>
>> ;; Query time: 368 msec
>> ;; SERVER: 192.168.XXX.YYY#53(192.168.XXX.YYY)
>> ;; WHEN: Wed Oct 12 10:31:08 EDT 2016
>> ;; MSG SIZE rcvd: 117
Kristian, are you expecting the SRV records to be published at this
point in the DNS?
I wonder why my dirmngr (also 2.1.15 using stock adns) requests A and
AAAA records intstead of srv records :/ … Werner, what are you expecting
to happen here?
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 930 bytes
Desc: not available
URL: </pipermail/attachments/20161012/ca893f62/attachment.sig>
More information about the Gnupg-devel
mailing list