gpg: keyserver receive failed: No name - for gpg --keyserver hkp://pool.sks-keyservers.net
andrewg at andrewg.com
Fri Jun 25 00:59:32 CEST 2021
On 24/06/2021 22:39, Brandon Anderson via Gnupg-users wrote:
>> $ host pool.sks-keyservers.net <http://pool.sks-keyservers.net>
>> Host pool.sks-keyservers.net <http://pool.sks-keyservers.net> not
>> found: 3(NXDOMAIN)
>> Did these names get permanently deleted? Any workarounds or
>> suggestions would be appreciated.
> Hey Alex,
> From what I can tell a lot of the keyservers are being shutdown. Take a
> look at the message on the SKS site (the SSL cert is expired)
The keyserver *pools* at sks-keyservers.net are no longer maintained for
legal reasons. sks-keyservers.net was receiving GDPR requests, e.g. for
RTBF, that it could not satisfy because the pools had no formal
structure that could compel individual operators to comply with legal
requests. While sks-keyservers.net did not host personal data, it was
providing a DNS round-robin service for keyservers that did, and the
distinction was poorly understood.
Most of the individual keyservers that used to be in the pools are still
working, however. There is a service at https://sks-status.gwolf.org/
that monitors the known keyservers. Scroll to the bottom and click on
the latest "Success" link to see a graph of keyservers that are
What to do next depends on your use case. If your CI is searching for a
key that is under your own control, then you have more freedom of
choice. If it is searching for someone else's key then you may need to
use whatever keyserver they use.
keys.openpgp.org is the default keyserver for most new installs, and
many long-time users have also switched to it. If you don't have a
particular reason to choose one, this is probably the safest bet. The
main caveat is that it does not serve third-party sigs, and so you won't
be able to verify a downloaded key by its signatures.
keyserver.ubuntu.com is reliable, but is not widely used outside the
Ubuntu developer community. It doesn't get key updates particularly
often, so you may find yourself with a stale copy of your
If you need continuity of dataset with the sks-keyservers pool, then you
may prefer to use a Hockeypuck server that was formerly part of the
pool, such as pgpkeys.eu, keyserver.trifence.ch or keys.andreas-puls.de
(other keyservers are available, see https://sks-status.gwolf.org/).
Note that Hockeypuck is generally more reliable than SKS due to
limitations in SKS's design.
Due to the fragmented nature of the keyserver ecosystem at the moment,
you may want to try all of the above. And as mentioned in an earlier
reply, you should probably also search WKD.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users