gpg 2.1.15, *no* keyservers found for submit/recv, "DNS query returned an error or no records: No such domain (nxdomain)"

[Daniel Kahn Gillmor]

On Wed 2016-10-26 15:31:27 -0400, lists at ssl-mail.com wrote:
> I don't know.  I've not understood the responses here TBH.  And am a bit confused that you can apparently reproduced this, but others can't.
>
> FWIW, it's still fully reproducible here.

I'm not convinced i've fully reproduced this problem.

>> can you provide a more specific summary that would allow other people to
>> reproduce the issue?  if so, would you be up for submitting a bug report
>> so that we can try to get it nailed down?
>
> already did : https://bugs.gnupg.org/gnupg/issue2745

I followed up there with a description of what i tested and what i saw.

The short takeway is:

 a) SRV records for the pool (_hkp._tcp.hkps.pool.sks-keyservers.net)
    came back NXDOMAIN
   
 b) as soon as that response came back, dirmngr sent out a request for A
    records for hkps.pool.sks-keyservers.net, which was fulfilled with 10
    addresses

 c) dirmngr subsequently looked up PTR records for each of those
    addressses

 d) dirmngr was fine continuing to use some of those 10 addresses.


So i'm not seeing anything like "no keyservers found", which is what you
reported.

That said, i'm not convinced this is the right DNS resolution strategy
for dirmngr to use.  I'll open that question in separate thread on this
mailing list, though.

    --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 930 bytes
Desc: not available
URL: </pipermail/attachments/20161026/3f321489/attachment.sig>