_hkp_tcp SRV record doesn't work
Closed, ResolvedPublic

Description

Sorry this bug I tested with 2.1.11 and 2.1.15. I don't know whether it's proper to say in one bug.

I find dirmngr won't use the server in SRV record.

I tested with domain t1.zhsj.me and t2.zhsj.me
$ dig _hkp._tcp.t1.zhsj.me SRV +short
1 10 11372 sks.ustclug.org.
1 1 11371 sks.ustclug.org.
$ dig _hkp._tcp.t2.zhsj.me SRV +short
1 1 11371 sks.ustclug.org.

For version 2.1.15(build from source):
I tested with gnupg2 and wireshark to catch the DNS query.
I find gnupg2 never query _hkp._tcp SRV record.

For version 2.1.11(the version on Debian testing)
It queries SRV records for both t1.zhsj.me and t2.zhsj.me
But only t1.zhsj.me(which has two SRV record) can actually contact the sks server.

$ gpg2 --keyserver hkp://t1.zhsj.me --recv-keys 7DFBB2F2
gpg: key 7DFBB2F2: "Shengjing Zhu <i@zhsj.me>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1

$ gpg2 --keyserver hkp://t2.zhsj.me --recv-keys 7DFBB2F2
gpg: keyserver receive failed: No keyserver available

Details

Version
2.1.15
zhsj set Version to 2.1.15.
zhsj added a subscriber: zhsj.
werner added a subscriber: werner.Sep 1 2016, 11:30 AM

Please run

gpg-connect-agent --dirmngr 'getinfo dnsinfo' /bye
zhsj added a comment.Sep 1 2016, 11:52 AM

For version 2.1.15

root@47b54eb8e5bb:~/gnupg-2.1.15# gpg2 --version
gpg (GnuPG) 2.1.15
libgcrypt 1.7.3-beta
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later https://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /root/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,

CAMELLIA128, CAMELLIA192, CAMELLIA256

Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
root@47b54eb8e5bb:~/gnupg-2.1.15# gpg-connect-agent --dirmngr 'getinfo dnsinfo' /bye
OK - System resolver w/o Tor support
root@47b54eb8e5bb:~/gnupg-2.1.15# gpg2 --keyserver hkp://t1.zhsj.me --recv-keys 7DFBB2F2
gpg: keyserver receive failed: End of file
root@47b54eb8e5bb:~/gnupg-2.1.15# gpg2 --keyserver hkp://t2.zhsj.me --recv-keys 7DFBB2F2
gpg: keyserver receive failed: No keyserver available

For version 2.1.11
zsj@debian ~ $ gpg2 --version
gpg (GnuPG) 2.1.11
libgcrypt 1.7.3-beta
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,

CAMELLIA128, CAMELLIA192, CAMELLIA256

Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
zsj@debian ~ $ gpg-connect-agent --dirmngr 'getinfo dnsinfo' /bye
OK - System resolver w/o Tor support
zsj@debian ~ $ gpg2 --keyserver hkp://t1.zhsj.me --recv-keys 7DFBB2F2
gpg: key 7DFBB2F2: "Shengjing Zhu <i@zhsj.me>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
zsj@debian ~ $ gpg2 --keyserver hkp://t2.zhsj.me --recv-keys 7DFBB2F2
gpg: keyserver receive failed: No keyserver available
zsj@debian ~ $

How about _pgpkey-http._tcp. record?

zhsj added a comment.Sep 2 2016, 12:43 AM

I think there is no such keyword in GnuPG
2.1.x source code. _pgpkey-http only can be
found in GnuPG 1.4.

werner claimed this task.Jan 9 2017, 9:37 AM

Fixed in master:

0cc975d dirmngr: Use "pgpkey-hkps" and "pgpkey-hkp" for SRV record lookups.
c2cbe2f dirmngr: Do not use a SRV record for HKP if a port was specified.

werner closed this task as Resolved.Jan 23 2017, 11:13 PM
werner removed a project: Testing.