?: keys.gnupg.net: Host not found
Yuri Kanivetsky
yuri.kanivetsky at gmail.com
Thu Oct 8 20:39:24 CEST 2015
Hi,
First, the domain name resolves to a bunch of IPs:
$ dig +noall +answer keys.gnupg.net
keys.gnupg.net. 62665 IN CNAME pool.sks-keyservers.net.
pool.sks-keyservers.net. 60 IN A 209.135.211.141
pool.sks-keyservers.net. 60 IN A 223.252.21.101
pool.sks-keyservers.net. 60 IN A 5.45.99.106
pool.sks-keyservers.net. 60 IN A 5.135.158.148
pool.sks-keyservers.net. 60 IN A 78.46.223.54
pool.sks-keyservers.net. 60 IN A 94.142.242.225
pool.sks-keyservers.net. 60 IN A 137.158.82.7
pool.sks-keyservers.net. 60 IN A 161.53.2.219
pool.sks-keyservers.net. 60 IN A 176.9.51.79
pool.sks-keyservers.net. 60 IN A 198.84.249.106
And the list of IPs is not fixed (changes over time), so it must be some
kind of pool (as the name suggests). Then, not all of them ping:
$ dig +noall +answer keys.gnupg.net | awk '$4 == "A" { print $5 }' |
while IFS= read -r; do echo '#################'; ping -c 1 "$REPLY"; done
#################
PING 137.158.82.7 (137.158.82.7) 56(84) bytes of data.
--- 137.158.82.7 ping statistics ---
-> 1 packets transmitted, 0 received, 100% packet loss, time 0ms
#################
PING 94.142.242.225 (94.142.242.225) 56(84) bytes of data.
64 bytes from 94.142.242.225: icmp_seq=1 ttl=52 time=39.1 ms
--- 94.142.242.225 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 39.127/39.127/39.127/0.000 ms
#################
PING 78.46.223.54 (78.46.223.54) 56(84) bytes of data.
--- 78.46.223.54 ping statistics ---
-> 1 packets transmitted, 0 received, 100% packet loss, time 0ms
#################
PING 5.135.158.148 (5.135.158.148) 56(84) bytes of data.
64 bytes from 5.135.158.148: icmp_seq=1 ttl=54 time=44.9 ms
--- 5.135.158.148 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 44.999/44.999/44.999/0.000 ms
#################
PING 5.45.99.106 (5.45.99.106) 56(84) bytes of data.
64 bytes from 5.45.99.106: icmp_seq=1 ttl=56 time=37.3 ms
--- 5.45.99.106 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 37.300/37.300/37.300/0.000 ms
#################
PING 223.252.21.101 (223.252.21.101) 56(84) bytes of data.
64 bytes from 223.252.21.101: icmp_seq=1 ttl=46 time=367 ms
--- 223.252.21.101 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 367.836/367.836/367.836/0.000 ms
#################
PING 209.135.211.141 (209.135.211.141) 56(84) bytes of data.
64 bytes from 209.135.211.141: icmp_seq=1 ttl=46 time=136 ms
--- 209.135.211.141 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 136.886/136.886/136.886/0.000 ms
#################
PING 198.84.249.106 (198.84.249.106) 56(84) bytes of data.
64 bytes from 198.84.249.106: icmp_seq=1 ttl=50 time=141 ms
--- 198.84.249.106 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 141.682/141.682/141.682/0.000 ms
#################
PING 176.9.51.79 (176.9.51.79) 56(84) bytes of data.
64 bytes from 176.9.51.79: icmp_seq=1 ttl=52 time=38.8 ms
--- 176.9.51.79 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 38.858/38.858/38.858/0.000 ms
#################
PING 161.53.2.219 (161.53.2.219) 56(84) bytes of data.
64 bytes from 161.53.2.219: icmp_seq=1 ttl=48 time=50.7 ms
--- 161.53.2.219 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 50.793/50.793/50.793/0.000 ms
Also, I experimented with different versions of gnupg:
1.4.18:
$ gpg --version
gpg (GnuPG) 1.4.18
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <
http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
vagrant at vagrant-ubuntu-vivid-64:~/build/gnupg-2.0.29$ gpg
--keyserver-options verbose,debug --keyserver
gpg: Missing argument for option "--keyserver"
$ gpg --keyserver-options verbose,debug --keyserver hkp://keys.gnupg.net
--recv-key 0x409B6B1796C275462A1703113804BB82D39DC0E3
gpg: requesting key D39DC0E3 from hkp server keys.gnupg.net
gpgkeys: curl version = GnuPG curl-shim
* HTTP proxy is "null"
* HTTP URL is "
http://keys.gnupg.net:11371/pks/lookup?op=get&options=mr&search=0x409B6B1796C275462A1703113804BB82D39DC0E3
"
* SRV tag is "pgpkey-http": host and port may be overridden
* HTTP auth is "null"
* HTTP method is GET
?: keys.gnupg.net: Host not found
gpgkeys: HTTP fetch error 7: couldn't connect: Success
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
2.0.29:
$ gpg2 --version
gpg (GnuPG) 2.0.29
libgcrypt 1.6.4
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <
http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA, RSA, ELG, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB
$ gpg2 --keyserver-options verbose,debug --keyserver hkp://
keys.gnupg.net --recv-key 0x409B6B1796C275462A1703113804BB82D39DC0E3
gpg: requesting key D39DC0E3 from hkp server keys.gnupg.net
gpgkeys: curl version = GnuPG curl-shim
* HTTP proxy is "null"
* HTTP URL is "
http://keys.gnupg.net:11371/pks/lookup?op=get&options=mr&search=0x409B6B1796C275462A1703113804BB82D39DC0E3
"
* SRV tag is "pgpkey-http": host and port may be overridden
* HTTP auth is "null"
* HTTP method is GET
gpgkeys: can't connect to `keys.gnupg.net': host not found
gpgkeys: HTTP fetch error 7: couldn't connect: Not found
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: keyserver communications error: Unknown host
gpg: keyserver communications error: No public key
gpg: keyserver receive failed: No public key
2.1.8:
$ gpg2 --version
gpg (GnuPG) 2.1.8
libgcrypt 1.6.4
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <
http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB
$ gpg2 --keyserver hkp://keys.gnupg.net --recv-key
0x409B6B1796C275462A1703113804BB82D39DC0E3
gpg: keyserver receive failed: No keyserver available
And we can see that error messages change over time, but doesn't get much
better. Or so I think. Moreover, I've found the last message here:
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgpg-error.git;a=blob;f=src/err-codes.h.in;h=e05d41fe4193090aff91c220ce621435688dd80c;hb=HEAD#l218
So, the culprit must be gnupg. As such, the first question is, "Do you
think the message clearly describes what happened?"
Then, can't it pick the first IP that works? And what's wrong with this
keyserver? Is it an official one? If such a thing exists, that is. Can you
recommend any other, that have better uptime. AFAICS, there is at least one
IP that doesn't work. And finally, why can't I reproduce it on the host
machine, running Arch Linux with gnupg-2.1.8? The tests in the email I did
on Ubuntu Vivid.
Regards,
Yuri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20151008/4822453e/attachment-0001.html>
More information about the Gnupg-users
mailing list