2.1.2: keyserver route failure

Werner Koch wk at gnupg.org
Thu Feb 19 11:03:01 CET 2015

On Wed, 18 Feb 2015 20:13, dkg at fifthhorseman.net said:

> Reasonable IPv6 stacks should return an ENETUNREACH (Network is
> unreachable) error message when trying to connect() to an address for
> which there is no route, which should already cause dirmngr to failover

The error handler after a connect does this:

  switch (gpg_err_code (err))
      if (mark_host_dead (request) && *tries_left)
        retry = 1;
By setting RETRY the connect will be retried after selecting another
random host.  However tehre is a retry limit of 3.  Thus if we happen to
select 3 v6 hosts the keyserver action will fail but the next time it
should work.

Need to replicate the problem and check that we really receive the right
error code.

> Should gnupg also try to detect whether the IPv4 networking
> configuration is actually correct?  That seems like an operating system

Better error reporting would be useful, though.

> level task.  I certainly don't want all of my client software to always
> try to second-guess my netwoking stack, that sounds like a recipe for

dirmngr is a bit special in that it does its own host selection from the
DNS pool instead of leaving it to the usual round-robin scheme.  We want
that to recover from host failures without waiting for the resolver
cache to expire.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list