dirmngr logging confusion when trying to connect to a local keyserver (more reverse DNS?)
Werner Koch
wk at gnupg.org
Tue Nov 14 17:06:35 CET 2017
On Mon, 13 Nov 2017 15:43, dkg at fifthhorseman.net said:
> where do you imagine such a fix landing? in libdns.c ?
Yes. Or as a hack in dns-stuff.c. But I believe it belongs into
libdns, proper.
> I don't understand this. Why would a hostname be relevant to anyone,
> given the configuration that the user asked for? Are you talking about
Let's look at code used add a new host
if (is_pool)
{
/* For a pool immediately convert the address to a string. */
tmperr = resolve_dns_addr (ai->addr, ai->addrlen,
(DNS_NUMERICHOST | DNS_WITHBRACKET), &tmphost);
}
else if (!is_ip_address (name))
{
/* This is a hostname. Use the name as given without going
* through resolve_dns_addr. */
tmphost = xtrystrdup (name);
}
else
{
/* Do a PTR lookup on AI. If a name was not found the function
* returns the numeric address (with brackets). */
tmperr = resolve_dns_addr (ai->addr, ai->addrlen,
DNS_WITHBRACKET, &tmphost);
}
If that is a host from a pool the name indeed makes no sense and thus we
shore the IP address. If the user has configured a host by name, we use
that verbatim. If the host has been specified by IP address we map it
back to a name. My original code was refactor in November 2015 and I
would need to dig deeper into the history to see why this was done. So
this is a guess:
The idea was probably to avoid duplicate entries in the hosttable.
Given that keyservers are more commonly configured by name it is
plausible to map an IP to a name. That IP address might be from a
preferred keyserver entry.
Anyway, this third case (keyserver given by IP address) is not very
common and this popped up only due to a missing entry for localhost in
/etc/hosts. Thus having a fallback for 127/8 (and all the v6 local
addresses) in the case of a missing /etc/hosts would solve the problem.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20171114/cfed40c7/attachment.sig>
More information about the Gnupg-devel
mailing list