This is on Arch Linux. This is a reproducible error. Without the
standard-resolver option I can not connect to keyservers
passwd: compat mymachines systemd
group: compat mymachines systemd
shadow: compat
publickey: files
hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname
networks: files
protocols: files
services: files
ethers: files
rpc: files
netgroup: files
my resolv.conf
nameserver 127.0.0.1
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver ::1
nameserver 2001:4860:4860::8888
nameserver 2001:4860:4860::8844
I have test with 2.1.19 it works the same
Justs, can you please check this bug. It is related to the migration to libdns
and thus we should consider this a bug.
Hi,
can you tell me what kind of DNS resolver is listening on localhost? Does it
support UDP? TCP?
It would appear I was wrong. The localhost address should not have been in the
/etc/resolv.conf. I have removed it and the standard-resolver option and it is
working. I have tried this several times.
I can reproduce this issue with gpg 2.2.4, systemd-resolved and Arch Linux. Unlike the original reporter, I do not have 127.0.0.1 in my /etc/resolv.conf. I do however have it in /etc/hosts.
My configuration files look as follows:
/etc/nsswitch.conf
# Name Service Switch configuration file. # See nsswitch.conf(5) for details. passwd: files mymachines systemd group: files mymachines systemd shadow: files publickey: files hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname networks: files protocols: files services: files ethers: files rpc: files netgroup: files
/etc/hosts (not including the entry for my permanent IP address)
# Static table lookup for hostnames. # See hosts(5) for details. 127.0.0.1 localhost ::1 localhost
/etc/resolv.conf
# Resolver configuration file. # See resolv.conf(5) for details.
stat /etc/resolv.conf
File: /etc/resolv.conf Size: 65 Blocks: 8 IO Block: 4096 regular file Device: 803h/2051d Inode: 16778387 Links: 1 Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2018-01-26 21:47:34.644281895 +0100 Modify: 2017-10-17 09:32:47.000000000 +0200 Change: 2018-01-25 13:25:37.618173388 +0100 Birth: -
gpg --version
gpg (GnuPG) 2.2.4
libgcrypt 1.8.2
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: /home/archie/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2I can reproduce the issue with an empty ~/.gnupg folder. Should you need any more information, please let me know.
Note that it works as expected if I symlink /run/systemd/resolve/stub-resolv.conf to /etc/resolv.conf. Other programs appear to not require this change.
dirmngr looks into /.etc/resolv.conf and does not know anything about systemd specific things (nor do I). Thus having a symlink seems to be an appropriate solution.
I just thought that going by your comment on Sat, Jan 27, 5:29 PM that you would use libdns, instead of resolv.conf directly. Maybe I understood that comment wrong.
The cause is: ! in nsswitch.conf
This was fixed (2.2 branch) by rGd4c0187dd931: libdns: Hack to skip negation term. for GnuPG in Jan 2017.
I found it was fixed in the original libdns, and this fix is merged into rG20c289606f89: libdns: Sync to upstream. to GnuPG.
Thus, closing.