_hkp_tcp SRV record doesn't work
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	zhsj
	Aug 29 2016, 8:00 PM

Description

Sorry this bug I tested with 2.1.11 and 2.1.15. I don't know whether it's proper to say in one bug.

I find dirmngr won't use the server in SRV record.

I tested with domain t1.zhsj.me and t2.zhsj.me
$ dig _hkp._tcp.t1.zhsj.me SRV +short
1 10 11372 sks.ustclug.org.
1 1 11371 sks.ustclug.org.
$ dig _hkp._tcp.t2.zhsj.me SRV +short
1 1 11371 sks.ustclug.org.

For version 2.1.15(build from source):
I tested with gnupg2 and wireshark to catch the DNS query.
I find gnupg2 never query _hkp._tcp SRV record.

For version 2.1.11(the version on Debian testing)
It queries SRV records for both t1.zhsj.me and t2.zhsj.me
But only t1.zhsj.me(which has two SRV record) can actually contact the sks server.

$ gpg2 --keyserver hkp://t1.zhsj.me --recv-keys 7DFBB2F2
gpg: key 7DFBB2F2: "Shengjing Zhu <i@zhsj.me>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1

$ gpg2 --keyserver hkp://t2.zhsj.me --recv-keys 7DFBB2F2
gpg: keyserver receive failed: No keyserver available

Details

Version: 2.1.15

Related Objects

Mentioned In: T2745: gpg 2.1.15, *no* keyservers found for submit/recv, "DNS query returned an error or no records: No such domain (nxdomain)"
Mentioned Here: rGc2cbe2f87c48: dirmngr: Do not use a SRV record for HKP if a port was specified.
rG0cc975d8a1cd: dirmngr: Use "pgpkey-hkps" and "pgpkey-hkp" for SRV record lookups.

Event Timeline

zhsj added projects: dirmngr, Bug Report.Aug 29 2016, 8:00 PM

zhsj set Version to 2.1.15.

zhsj added a subscriber: zhsj.

Please run

gpg-connect-agent --dirmngr 'getinfo dnsinfo' /bye

For version 2.1.15

root@47b54eb8e5bb:~/gnupg-2.1.15# gpg2 --version
gpg (GnuPG) 2.1.15
libgcrypt 1.7.3-beta
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later https://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /root/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,

CAMELLIA128, CAMELLIA192, CAMELLIA256

Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
root@47b54eb8e5bb:~/gnupg-2.1.15# gpg-connect-agent --dirmngr 'getinfo dnsinfo' /bye
OK - System resolver w/o Tor support
root@47b54eb8e5bb:~/gnupg-2.1.15# gpg2 --keyserver hkp://t1.zhsj.me --recv-keys 7DFBB2F2
gpg: keyserver receive failed: End of file
root@47b54eb8e5bb:~/gnupg-2.1.15# gpg2 --keyserver hkp://t2.zhsj.me --recv-keys 7DFBB2F2
gpg: keyserver receive failed: No keyserver available

For version 2.1.11
zsj@debian ~ $ gpg2 --version
gpg (GnuPG) 2.1.11
libgcrypt 1.7.3-beta
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,

CAMELLIA128, CAMELLIA192, CAMELLIA256

Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
zsj@debian ~ $ gpg-connect-agent --dirmngr 'getinfo dnsinfo' /bye
OK - System resolver w/o Tor support
zsj@debian ~ $ gpg2 --keyserver hkp://t1.zhsj.me --recv-keys 7DFBB2F2
gpg: key 7DFBB2F2: "Shengjing Zhu <i@zhsj.me>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
zsj@debian ~ $ gpg2 --keyserver hkp://t2.zhsj.me --recv-keys 7DFBB2F2
gpg: keyserver receive failed: No keyserver available
zsj@debian ~ $