Page MenuHome GnuPG

DNS back-end reports "gpg: keyserver internal error"
Closed, ResolvedPublic

Description

[as reported in http://thread.gmane.org/gmane.comp.encryption.gpg.devel/16497]

I noticed that attempting to refresh Simon Josefsson's key, via this

gpg --refresh B565716F

always elicits this warning:

gpg: requesting key B565716F from dns:simon.josefsson.org?type=CERT
gpgkeys: no keyserver host provided
gpg: keyserver internal error
gpg: WARNING: unable to refresh key B565716F via

dns:simon.josefsson.org?type=CERT: keyserver error

gpg: refreshing 1 key from hkp://pool.sks-keyservers.net
gpg: requesting key B565716F from hkp server pool.sks-keyservers.net
gpg: key B565716F: "Simon Josefsson <simon <at> josefsson.org>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

Is that expected?

Details

Version
2.0.18

Event Timeline

meyering added projects: gnupg, Bug Report.
meyering added a subscriber: meyering.

One of the problems is that there is no such key in the DNS anymore. Simon has a
preferred keyserver attribute in his key which points to a DNS record. I'll ask
him what happened to this DNS record.

If you want to test the DNS lookups, you may use wk.gnupg.org which currently
returns my old and my current key via DNS round-robin.

Ooops. The key is there but it is longer than the limit we use. I will check
whether we can return a proper error code in this case.

I am currently working on the DNS code in master. I changed the default buffer
size to cope with that large keys. For the other branches the option

--keyserver-options max-cert-size=65536

might be used as a workaround.

I cannot reproduce this with current master. Feel free to reopen this bug if
you manage to reproduce it.

justus claimed this task.