?: keys.gnupg.net: Host not found

Yuri Kanivetsky yuri.kanivetsky at gmail.com
Sat Oct 10 12:09:55 CEST 2015


>
> It is a pool. keys.gnupg.net is just an alias for the SKS server
> pool[1], IIRC. I host a server in this pool and it is set to drop all
> IPv4 ICMP packets, so will not respond to a ping even though the server
> is online. It will respond to ICMPv6 pings however.



> I am also NOT able to reproduce this error on XUbuntu 14.04 x64:


Okay, let us do this the other way around. That's what I'm getting on host
machine:

    $ dig +noall +answer keys.gnupg.net | awk '$4 == "A" { print $5 }' |
while IFS= read -r; do echo "### $REPLY"; gpg --keyserver "hkp://$REPLY"
--recv-key 409B6B1796C275462A1703113804BB82D39DC0E3; done
    ### 62.210.74.32
    gpg: keyserver receive failed: No keyserver available
    ### 78.157.209.9
    gpg: key D39DC0E3: "Michal Papis (RVM signing) <mpapis at gmail.com>" not
changed
    gpg: Total number processed: 1
    gpg:              unchanged: 1
    ### 132.248.241.99
    gpg: key D39DC0E3: "Michal Papis (RVM signing) <mpapis at gmail.com>" not
changed
    gpg: Total number processed: 1
    gpg:              unchanged: 1
    ### 154.127.60.51
    gpg: keyserver receive failed: No keyserver available
    ### 176.9.100.87
    gpg: keyserver receive failed: No data
    ### 178.33.187.175
    gpg: keyserver receive failed: No keyserver available
    ### 206.176.170.195
    gpg: key D39DC0E3: "Michal Papis (RVM signing) <mpapis at gmail.com>" not
changed
    gpg: Total number processed: 1
    gpg:              unchanged: 1
    ### 209.135.211.141
    gpg: key D39DC0E3: "Michal Papis (RVM signing) <mpapis at gmail.com>" not
changed
    gpg: Total number processed: 1
    gpg:              unchanged: 1
    ### 212.71.252.8
    gpg: keyserver receive failed: No keyserver available
    ### 5.9.143.170
    gpg: key D39DC0E3: "Michal Papis (RVM signing) <mpapis at gmail.com>" not
changed
    gpg: Total number processed: 1
    gpg:              unchanged: 1


> Inclusion in the pool is voluntary, so there aren't any "official"
> servers, so to speak, but there are criteria for being included in the
> main pool. [...] As far as uptime, if the server did not
> respond during the last check of the pool, it will not be included. So,
> in rare cases, there may be one or two servers in the pool that are not
> currently responding, but did so during the last check of the pool. If
> they do not respond at the next check, they are removed from the main pool.


Correct me if I'm wrong. Anybody can add a machine to a pool on condition
that it meets some specific criteria.

Speaking of official servers, I meant this. There's also
keyserver.ubuntu.com, keyring.debian.org. Surely there's no official
servers among those in the keys.gnupg.net pool. I meant, is keys.gnupg.net pool
an official source of keys? Can you recommend where to submit a key?



> both of these are using curl-shim, what happens if you try the full
> curl version (how to do that is distro-specific, iirc debian et al
> have a separate gnupg-curl package)?
>

After installing gnupg-curl:

     $ gpg --version
    gpg (GnuPG) 1.4.18
    Copyright (C) 2014 Free Software Foundation, Inc.
    License GPLv3+: GNU GPL version 3 or later <
http://gnu.org/licenses/gpl.html>
    This is free software: you are free to change and redistribute it.
    There is NO WARRANTY, to the extent permitted by law.

    Home: ~/.gnupg
    Supported algorithms:
    Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
    Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
            CAMELLIA128, CAMELLIA192, CAMELLIA256
    Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
    Compression: Uncompressed, ZIP, ZLIB, BZIP2

    $ gpg --keyserver-options verbose,debug --keyserver hkp://keys.gnupg.net
--recv-key 409B6B1796C275462A1703113804BB82D39DC0E3
    gpg: requesting key D39DC0E3 from hkp server keys.gnupg.net
    gpgkeys: curl version = libcurl/7.38.0 GnuTLS/3.3.8 zlib/1.2.8
libidn/1.28 librtmp/2.3
    * Hostname was NOT found in DNS cache
    * Could not resolve host: keys.gnupg.net
    * Closing connection 0
    gpgkeys: HTTP fetch error 6: Could not resolve host: keys.gnupg.net
    gpg: no valid OpenPGP data found.
    gpg: Total number processed: 0

Tell me, if you need output of `gnupg-2.0.29` as well.

What are the known schematas listed for:
> $ echo "KEYSERVER --help" | gpg-connect-agent --dirmngr
>

    $ echo "KEYSERVER --help" | gpg-connect-agent --dirmngr
    gpg-connect-agent: no running Dirmngr - starting
'/usr/local/bin/dirmngr'
    gpg-connect-agent: waiting for the dirmngr to come up ... (5s)
    gpg-connect-agent: connection to the dirmngr established
    S # Known schemata:
    S #   hkp
    S #   http
    S #   finger
    S #   kdns
    S # (Use an URL for engine specific help.)
    OK


How was this 2.1 version built?
>

`./configure && make && sudo make install` in the previous email, and
`./configure CFLAGS='-g -O0' CXXFLAGS='-g -O0' && make && sudo make
install` in this one.

AFAICS, it's the dirmngr who does the request. Can I reproduce it with
dirmngr alone, not involving gpg binary?

Regards,
Yuri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20151010/875435fa/attachment-0001.html>


More information about the Gnupg-users mailing list