gpg 2.1.15, *no* keyservers found for submit/recv, "DNS query returned an error or no records: No such domain (nxdomain)"

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sat Oct 15 03:15:25 CEST 2016


On Wed 2016-10-12 18:07:07 -0400, Kristian Fiskerstrand wrote:
> Well, seems SRV records are causing more issues than they are
> useful. They only ever make sense for the geographical sub-pools in
> order to distributed the traffic using weights there, for the rest of
> the pools they are a noop since allowing specific ports etc is a bad
> idea overall.
>
> This is further complicated by gnupg 2.1 using _hkp , whereby the
> consensus in previous implementation has been _pgpkey-http._tcp. So
> where SRV is implementere it is using the original identifier.

hm, where was _pgpkey-http._tcp initially documented?  /etc/services on
my machine has port 11371 registered explicitly as hkp

(though it also has hkp registered with 11371/udp, which doesn't make
much sense, but the comment at the top justifies it with an argument for
symmetry between udp and tcp.  meh)

> Not having SRV should certainly not result in failure of operation
> when A and AAAA records are returned though..

Agreed.  Is this the same as the issues raised here
https://bugs.gnupg.org/gnupg/issue2451 ?  or should someone™ open a
distinct issue about it?

         --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 930 bytes
Desc: not available
URL: </pipermail/attachments/20161014/0d8fcc33/attachment.sig>


More information about the Gnupg-devel mailing list