?: keys.gnupg.net: Host not found
antony at blazrsoft.com
Thu Oct 8 21:26:39 CEST 2015
On 10/08/2015 02:39 PM, Yuri Kanivetsky wrote:
> First, the domain name resolves to a bunch of IPs:
> And the list of IPs is not fixed (changes over time), so it must be some
> kind of pool (as the name suggests). Then, not all of them ping:
It is a pool. keys.gnupg.net is just an alias for the SKS server
pool, IIRC. I host a server in this pool and it is set to drop all
IPv4 ICMP packets, so will not respond to a ping even though the server
is online. It will respond to ICMPv6 pings however.
> Then, can't it pick the first IP that works? And what's wrong with this
> keyserver? Is it an official one? If such a thing exists, that is. Can
> you recommend any other, that have better uptime. AFAICS, there is at
> least one IP that doesn't work. And finally, why can't I reproduce it on
> the host machine, running Arch Linux with gnupg-2.1.8? The tests in the
> email I did on Ubuntu Vivid.
Only servers running SKS 1.1.5 or higher are allowed in the pool.
Inclusion in the pool is voluntary, so there aren't any "official"
servers, so to speak, but there are criteria for being included in the
main pool. These include having a reverse proxy in front of the sks
server, the hostname of the server must resolve properly, and the server
cannot be missing more than a certain percentage of keys compared to
other servers in the pool. The pool is checked every hour and only
servers meeting the criteria are included. Using a specific keyserver is
generally frowned upon since the pool was created to help distribute the
load evenly over the servers. As far as uptime, if the server did not
respond during the last check of the pool, it will not be included. So,
in rare cases, there may be one or two servers in the pool that are not
currently responding, but did so during the last check of the pool. If
they do not respond at the next check, they are removed from the main pool.
I am also NOT able to reproduce this error on XUbuntu 14.04 x64:
gpg (GnuPG) 2.1.8
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
antony at 050415:~/Desktop$ gpg2 --keyserver hkp://keys.gnupg.net
gpg: key D39DC0E3: public key "Michal Papis (RVM signing)
<mpapis at gmail.com>" imported
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 2 signed: 2 trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: depth: 1 valid: 2 signed: 0 trust: 1-, 0q, 0n, 0m, 1f, 0u
gpg: next trustdb check due at 2016-10-28
gpg: Total number processed: 1
gpg: imported: 1
Key ID: 0xAF3D4087301B1B19
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users