Can't resolve DNS since 2.1.17

Werner Koch wk at gnupg.org
Thu Mar 2 09:02:45 CET 2017


On Tue, 14 Feb 2017 02:01, gabrielfrancosouza at gmail.com said:

> Not bailing out on a FORMERR from a SRV query. Note that my problem
> isn't that my resolver can't handle SRV, but that it gives the wrong
> answer instead of a NXDOMAIN. This marks the keyserver as dead even

I don't think that it is the responsibility of dirmngr to work around
bugs in some rarely used software.  In fact I believe that a box running
such faulty software is security problem in itself because it tricks
users into using all kind of workarounds.

What we could do is to provide a variant of the --nameserver option to
be used in the non-Tor case.  Thus bypassing nsswitch completely.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: </pipermail/attachments/20170302/a0a86d82/attachment.sig>


More information about the Gnupg-devel mailing list