gpg 2.1.15, *no* keyservers found for submit/recv, "DNS query returned an error or no records: No such domain (nxdomain)"

Kristian Fiskerstrand kristian.fiskerstrand at sumptuouscapital.com
Sat Oct 15 13:00:56 CEST 2016


On 10/15/2016 12:51 PM, Kristian Fiskerstrand wrote:
> On 10/15/2016 03:15 AM, Daniel Kahn Gillmor wrote:
>> On Wed 2016-10-12 18:07:07 -0400, Kristian Fiskerstrand wrote:
>>> Well, seems SRV records are causing more issues than they are
>>> useful. They only ever make sense for the geographical sub-pools in
>>> order to distributed the traffic using weights there, for the rest of
>>> the pools they are a noop since allowing specific ports etc is a bad
>>> idea overall.
>>>
>>> This is further complicated by gnupg 2.1 using _hkp , whereby the
>>> consensus in previous implementation has been _pgpkey-http._tcp. So
>>> where SRV is implementere it is using the original identifier.
>>
>> hm, where was _pgpkey-http._tcp initially documented?  /etc/services on
>> my machine has port 11371 registered explicitly as hkp
>>
> 
> It is what is used in gnupg prior to 2.1. See e.g (in stable branch)
> commit 2e835fd6ab70b7d85cfc90d11baa1cc4cb61a8ef
> Author: David Shaw <dshaw at jabberwocky.com>
> Date:   Wed Jul 8 04:01:13 2009 +0000
> 
>     * gpgkeys_hkp.c (main, srv_replace): Minor tweaks to use the DNS-SD
>     names ("pgpkey-http" and "pgpkey-https") in SRV lookups instead of
>     "hkp" and "hkps".
> 
> 

http://dns-sd.org/ServiceTypes.html also does not list "hkp" (but does
list pgpkey-hkp, which doesn't necessarily make sense since the request
is either http or https transport...)

pgpkey-hkp      Horowitz Key Protocol (HKP)
                Marc Horowitz <marc at mit.edu>
                Protocol description:
http://www.mit.edu/afs/net.mit.edu/project/pks/thesis/paper/thesis.html
                Defined TXT keys: None

pgpkey-http     PGP Keyserver using HTTP/1.1
                Jeroen Massar <jeroen at unfix.org>
                Protocol description: RFC 2816
                Defined TXT keys: path=<path on the server where the HKP
applications reside>
                                  normally: "path=/pks/"

pgpkey-https    PGP Keyserver using HTTPS
                Jeroen Massar <jeroen at unfix.org>
                Protocol description: RFC 2818
                Defined TXT keys: path=<path on the server where the HKP
applications reside>
                                  normally: "path=/pks/"

pgpkey-ldap     PGP Keyserver using LDAP
                Jeroen Massar <jeroen at unfix.org>
                Protocol description: RFC 2251
                Defined TXT keys: None

pgpkey-mailto   PGP Key submission using SMTP
                Jeroen Massar <jeroen at unfix.org>
                Protocol description: RFC 2821
                Defined TXT keys: user=<user portion of the mail address>


-- 
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
Ad astra per aspera
To the stars through thorns

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20161015/8edbdbc8/attachment-0001.sig>


More information about the Gnupg-devel mailing list