2.1.2: keyserver route failure

Werner Koch wk at gnupg.org
Thu Feb 19 11:03:01 CET 2015


On Wed, 18 Feb 2015 20:13, dkg at fifthhorseman.net said:

> Reasonable IPv6 stacks should return an ENETUNREACH (Network is
> unreachable) error message when trying to connect() to an address for
> which there is no route, which should already cause dirmngr to failover

The error handler after a connect does this:

  switch (gpg_err_code (err))
    {
    case GPG_ERR_ECONNREFUSED:
    case GPG_ERR_ENETUNREACH:
    case GPG_ERR_UNKNOWN_HOST:
    case GPG_ERR_NETWORK:
      if (mark_host_dead (request) && *tries_left)
        retry = 1;
      break;
 
By setting RETRY the connect will be retried after selecting another
random host.  However tehre is a retry limit of 3.  Thus if we happen to
select 3 v6 hosts the keyserver action will fail but the next time it
should work.

Need to replicate the problem and check that we really receive the right
error code.

> Should gnupg also try to detect whether the IPv4 networking
> configuration is actually correct?  That seems like an operating system

Better error reporting would be useful, though.

> level task.  I certainly don't want all of my client software to always
> try to second-guess my netwoking stack, that sounds like a recipe for

dirmngr is a bit special in that it does its own host selection from the
DNS pool instead of leaving it to the usual round-robin scheme.  We want
that to recover from host failures without waiting for the resolver
cache to expire.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-users mailing list