When trying to use dirmngr behind corporate firewall will not connect to proxy server due to dns failures.
gnupg is version 2.1.20-1, Arch linux std package
On Corp network.....only local dns lookup, no remote lookup
All internet traffic via proxy (http/https ports only)
Environment http_proxy etc set eg wget www.google.com will return index.html from cli.
dirmngr[12889.0]: permanently loaded certificates: 158
dirmngr[12889.0]: runtime cached certificates: 0
dirmngr[12889.0]: trusted certificates: 158 (157,0,0,1)
- Home: /root/.gnupg
- Config: /root/.gnupg/dirmngr.conf
OK Dirmngr 2.1.20 at your service
dirmngr[12889.0]: resolving 'p80.pool.sks-keyservers.net' failed: Server indicated a failure
dirmngr[12889.0]: number of system provided CAs: 167
dirmngr[12889.0]: can't connect to '10.10.3.137': no IP address for host
dirmngr[12889.0]: error connecting to 'http://p80.pool.sks-keyservers.net:80': Unknown host
dirmngr[12889.0]: marking host 'p80.pool.sks-keyservers.net' as dead
dirmngr[12889.0]: host 'p80.pool.sks-keyservers.net' marked as dead
dirmngr[12889.0]: command 'KS_SEARCH' failed: No keyserver available
ERR 167772346 No keyserver available <Dirmngr>
Obviously it can't find my proxy server address........it assumes it is a host instead of an IP address. DOH!
So change proxy setting to hostname instead of IP .....no change still cannot find ip for host.......resolves fine from cli.......is a proper dns lookup not a host file lookup.
Ok assume pass through proxy is broken. So lets force use of internal proxy setting.
Change dirmngr.conf to both
http-proxy <valid local dns name with reverse lookup>:3128
or http-proxy <valid proxy ip address>:3128
No change in behaviour.
ping <valid local dns name with reverse lookup>
ping <valid proxy ip address>
host <ip of resolved server>
returns reverse lookup entry of <valid local dns name with reverse lookup>
Looks like something is seriously borked.