<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<br>
<blockquote type="cite"
cite="mid:CALeiixV2y+-29gHsx6BFzoHcMX-USei0Rc-6v+zsbyfa9d3kaA@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">Starting on the morning of June 21 between ~6am and
9am PDT, one of our CI jobs which fetches gpg keys with:
<div><br>
</div>
<div><span style="color:rgb(0,0,0);font-family:monospace,monospace;font-size:13px;letter-spacing:0.1px;white-space:pre-wrap">gpg --keyserver hkp://<a href="http://pool.sks-keyservers.net" moz-do-not-send="true">pool.sks-keyservers.net</a> --recv-keys ...</span><br>
</div>
<div><span style="color:rgb(0,0,0);font-family:monospace,monospace;font-size:13px;letter-spacing:0.1px;white-space:pre-wrap">
</span></div>
<div>.... started failing because of what looks like a failure
to resolve the pool name.</div>
<div><br>
</div>
<div>FWIW the following also fails in the same way:</div>
<div><br>
</div>
<div><span style="color:rgb(0,0,0);font-family:monospace,monospace;font-size:13px;letter-spacing:0.1px;white-space:pre-wrap">gpg --keyserver hkp://<a href="http://ipv4.pool.sks-keyservers.net" moz-do-not-send="true">ipv4.pool.sks-keyservers.net</a> --recv-keys ...</span></div>
<div><br>
</div>
<div>And testing from my machine, it looks like these names now
get NXDOMAIN when attempting to resolveĀ in DNS:</div>
<div><br>
</div>
<div>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span
class="gmail-s1"
style="font-variant-ligatures:no-common-ligatures">$ host
<a href="http://ipv4.pool.sks-keyservers.net"
moz-do-not-send="true">ipv4.pool.sks-keyservers.net</a></span></p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span
class="gmail-s1"
style="font-variant-ligatures:no-common-ligatures">Host <a
href="http://ipv4.pool.sks-keyservers.net"
moz-do-not-send="true">ipv4.pool.sks-keyservers.net</a>
not found: 3(NXDOMAIN)</span></p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span
class="gmail-s1"
style="font-variant-ligatures:no-common-ligatures"><br>
</span></p>
<p class="gmail-p1" style="margin:0px;font:11px
Menlo;color:rgb(0,0,0)"><span class="gmail-s1"
style="font-variant-ligatures:no-common-ligatures">$ host
<a href="http://pool.sks-keyservers.net"
moz-do-not-send="true">pool.sks-keyservers.net</a></span></p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span
class="gmail-s1"
style="font-variant-ligatures:no-common-ligatures">
</span></p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span
class="gmail-s1"
style="font-variant-ligatures:no-common-ligatures">Host <a
href="http://pool.sks-keyservers.net"
moz-do-not-send="true">pool.sks-keyservers.net</a> not
found: 3(NXDOMAIN)</span></p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><br>
</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal"><br>
</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal"><br>
</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal">Did
these names get permanently deleted? Any workarounds or
suggestions would be appreciated.</p>
<p class="gmail-p1"
style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;line-height:normal"><br>
</p>
</div>
</div>
</blockquote>
<p><br>
</p>
<p>Hey Alex,</p>
<p>From what I can tell a lot of the keyservers are being shutdown.
Take a look at the message on the SKS site (the SSL cert is
expired) <a class="moz-txt-link-freetext" href="https://sks-keyservers.net/">https://sks-keyservers.net/</a>.</p>
<p>You can read about some of whats going on from here
<a class="moz-txt-link-freetext" href="https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f">https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f</a>.</p>
<p>Sincerely,</p>
<p>Brandon Anderson</p>
</body>
</html>