gpg 2.1.15, *no* keyservers found for submit/recv, "DNS query returned an error or no records: No such domain (nxdomain)"

Kristian Fiskerstrand kristian.fiskerstrand at
Sat Oct 15 12:51:47 CEST 2016

On 10/15/2016 03:15 AM, Daniel Kahn Gillmor wrote:
> On Wed 2016-10-12 18:07:07 -0400, Kristian Fiskerstrand wrote:
>> Well, seems SRV records are causing more issues than they are
>> useful. They only ever make sense for the geographical sub-pools in
>> order to distributed the traffic using weights there, for the rest of
>> the pools they are a noop since allowing specific ports etc is a bad
>> idea overall.
>> This is further complicated by gnupg 2.1 using _hkp , whereby the
>> consensus in previous implementation has been _pgpkey-http._tcp. So
>> where SRV is implementere it is using the original identifier.
> hm, where was _pgpkey-http._tcp initially documented?  /etc/services on
> my machine has port 11371 registered explicitly as hkp

It is what is used in gnupg prior to 2.1. See e.g (in stable branch)
commit 2e835fd6ab70b7d85cfc90d11baa1cc4cb61a8ef
Author: David Shaw <dshaw at>
Date:   Wed Jul 8 04:01:13 2009 +0000

    * gpgkeys_hkp.c (main, srv_replace): Minor tweaks to use the DNS-SD
    names ("pgpkey-http" and "pgpkey-https") in SRV lookups instead of
    "hkp" and "hkps".

Kristian Fiskerstrand
Twitter: @krifisk
Public OpenPGP keyblock at hkp://
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
Fabricando fit faber
Practice makes perfect

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20161015/ba0ed2d7/attachment.sig>

More information about the Gnupg-devel mailing list