error searching keyserver: Network is unreachable

Andrew Gallagher andrewg at andrewg.com
Sun Mar 7 11:11:21 CET 2021


Hi, Christian
 >
 > And, actually, we deployed our own (hkp://keyserver.dcc.sib.swiss:80) 
keyserver, which I am trying to access. But can't for some reason I do 
not understand.

I can connect to that server from here, but it appear to contain only 85 
keys. Did you import a dump, or is it meant to be internal-only?

> Desperately searching for hours now… I am NOT able to run following
> command:
 >
> gpg --keyserver hkp://keyserver.dcc.sib.swiss:80 --keyserver-options no-self-sigs-only,no-import-clean --search-keys <any-key> 
 >
> Always getting following output: 
 >
> gpg: error searching keyserver: No keyserver available > gpg: keyserver search failed: No keyserver available

In the title of this thread however, you report "Network is 
unreachable". Are you getting both errors? "Network unreachable" is 
usually a network routing issue.

What happens if you run the following in your terminal?

     host keyserver.dcc.sib.swiss
     ping keyserver.dcc.sib.swiss
     host keys.openpgp.org
     ping keys.openpgp.org

> Changing keyserver does not help. I've tried 
> /ipv4.pool.sks-keyservers.net/ as well. Because the command takes
> some time to return, I would assume that it is still trying to do
> something. What could be the reason? How to fix it?
The pool algorithm doesn't include a test for server capacity, so it is 
common to get directed to a node running a single-threaded SKS instance, 
which can lead to long timeouts. Try testing against pgpkeys.uk, 
pgpkeys.eu and keyserver.trifence.ch instead. If it times out on all of 
those, then I would suspect a network issue, either a bad routing table 
or a firewall DROP rule.

> I am using v2.2.27, installed via Homebrew 
> (https://github.com/Homebrew/homebrew-core/blob/HEAD/Formula/gnupg.rb) on
> Mac OS X Big Sur.
Did you ever install from gpgtools.org or only homebrew?

Andrew



More information about the Gnupg-users mailing list