gpg 2.1.15, *no* keyservers found for submit/recv, "DNS query returned an error or no records: No such domain (nxdomain)"
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Oct 26 23:36:40 CEST 2016
On Wed 2016-10-26 15:31:27 -0400, lists at ssl-mail.com wrote:
> I don't know. I've not understood the responses here TBH. And am a bit confused that you can apparently reproduced this, but others can't.
> FWIW, it's still fully reproducible here.
I'm not convinced i've fully reproduced this problem.
>> can you provide a more specific summary that would allow other people to
>> reproduce the issue? if so, would you be up for submitting a bug report
>> so that we can try to get it nailed down?
> already did : https://bugs.gnupg.org/gnupg/issue2745
I followed up there with a description of what i tested and what i saw.
The short takeway is:
a) SRV records for the pool (_hkp._tcp.hkps.pool.sks-keyservers.net)
came back NXDOMAIN
b) as soon as that response came back, dirmngr sent out a request for A
records for hkps.pool.sks-keyservers.net, which was fulfilled with 10
c) dirmngr subsequently looked up PTR records for each of those
d) dirmngr was fine continuing to use some of those 10 addresses.
So i'm not seeing anything like "no keyservers found", which is what you
That said, i'm not convinced this is the right DNS resolution strategy
for dirmngr to use. I'll open that question in separate thread on this
mailing list, though.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 930 bytes
Desc: not available
More information about the Gnupg-devel