dirmngr logging confusion when trying to connect to a local keyserver (more reverse DNS?)

Werner Koch wk at gnupg.org
Tue Nov 14 17:06:35 CET 2017

On Mon, 13 Nov 2017 15:43, dkg at fifthhorseman.net said:
> where do you imagine such a fix landing?  in libdns.c ?

Yes.  Or as a hack in dns-stuff.c.  But I believe it belongs into
libdns, proper.

> I don't understand this.  Why would a hostname be relevant to anyone,
> given the configuration that the user asked for?  Are you talking about

Let's look at code used add a new host

  if (is_pool)
      /* For a pool immediately convert the address to a string.  */
      tmperr = resolve_dns_addr (ai->addr, ai->addrlen,
                                 (DNS_NUMERICHOST | DNS_WITHBRACKET), &tmphost);
  else if (!is_ip_address (name))
      /* This is a hostname.  Use the name as given without going
       * through resolve_dns_addr.  */
      tmphost = xtrystrdup (name);
      /* Do a PTR lookup on AI.  If a name was not found the function
       * returns the numeric address (with brackets).  */
      tmperr = resolve_dns_addr (ai->addr, ai->addrlen,
                                 DNS_WITHBRACKET, &tmphost);

If that is a host from a pool the name indeed makes no sense and thus we
shore the IP address.  If the user has configured a host by name, we use
that verbatim.  If the host has been specified by IP address we map it
back to a name.  My original code was refactor in November 2015 and I
would need to dig deeper into the history to see why this was done.  So
this is a guess:

The idea was probably to avoid duplicate entries in the hosttable.
Given that keyservers are more commonly configured by name it is
plausible to map an IP to a name.  That IP address might be from a
preferred keyserver entry.

Anyway, this third case (keyserver given by IP address) is not very
common and this popped up only due to a missing entry for localhost in
/etc/hosts.  Thus having a fallback for 127/8 (and all the v6 local
addresses) in the case of a missing /etc/hosts would solve the problem.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20171114/cfed40c7/attachment.sig>

More information about the Gnupg-devel mailing list