TL;DR: dirmgr should use the string as specified by the user as-is for connecting to keyservers; if it's an IP, connect directly and send Host: IP as-is.
- if the IP does not have rDNS, the lookup fails entirely.
- if the IP does have rDNS, it sends a Host header based on the rDNS; this should NOT happen.
The user should be responsible for specifying the correct entry to trigger SNI & vhost-based routing in reverse proxies/load-balancers.
$ killall dirmngr # clear the hosttable $ h1=kookaburra.gentoo.org $ h2=$(dig +short $h1 IN A) # no rDNS $ h3=$(dig +short trogan.gentoo.org IN A) # has rDNS $ gpg --keyserver hkp://$h1 --recv E3F69979BB4B8928DA78E3D17CBF44EF5C350883 gpg: key 0x7CBF44EF5C350883: 34 signatures not checked due to missing keys gpg: key 0x7CBF44EF5C350883: "Patrick McLean (Chutzpah) <chutzpah@gentoo.org>" not changed gpg: Total number processed: 1 gpg: unchanged: 1 $ gpg --keyserver hkp://$h2 --recv E3F69979BB4B8928DA78E3D17CBF44EF5C350883 gpg: keyserver receive failed: No keyserver available $ gpg --keyserver hkp://$h3 --recv E3F69979BB4B8928DA78E3D17CBF44EF5C350883 gpg: key 0x7CBF44EF5C350883: 34 signatures not checked due to missing keys gpg: key 0x7CBF44EF5C350883: "Patrick McLean (Chutzpah) <chutzpah@gentoo.org>" not changed gpg: Total number processed: 1 gpg: unchanged: 1 $ gpg-connect-agent --dirmngr 'keyserver --hosttable' /bye S # hosttable (idx, ipv6, ipv4, dead, name, time): S # 0 d 208.116.51.2 (45s) S # 1 4 kookaburra.gentoo.org (208.116.51.2) S # 2 4 89.238.71.4 (trogan.gentoo.org) OK
dirmngr.log:
----- h1 testcase 2019-03-31 13:21:06 dirmngr[5381.6] handler for fd 6 started 2019-03-31 13:21:06 dirmngr[5381.6] DBG: chan_6 -> # Home: /home/robbat2/.gnupg 2019-03-31 13:21:06 dirmngr[5381.6] DBG: chan_6 -> # Config: /home/robbat2/.gnupg/dirmngr.conf 2019-03-31 13:21:06 dirmngr[5381.6] DBG: chan_6 -> OK Dirmngr 2.2.12 at your service 2019-03-31 13:21:06 dirmngr[5381.6] connection from process 27596 (10000:10000) 2019-03-31 13:21:06 dirmngr[5381.6] DBG: chan_6 <- GETINFO version 2019-03-31 13:21:06 dirmngr[5381.6] DBG: chan_6 -> D 2.2.12 2019-03-31 13:21:06 dirmngr[5381.6] DBG: chan_6 -> OK 2019-03-31 13:21:06 dirmngr[5381.6] DBG: chan_6 <- KEYSERVER --clear hkp://kookaburra.gentoo.org 2019-03-31 13:21:06 dirmngr[5381.6] DBG: chan_6 -> OK 2019-03-31 13:21:06 dirmngr[5381.6] DBG: chan_6 <- KS_GET -- 0xE3F69979BB4B8928DA78E3D17CBF44EF5C350883 2019-03-31 13:21:06 dirmngr[5381.6] DBG: Using TLS library: GNUTLS 3.6.5 2019-03-31 13:21:06 dirmngr[5381.6] DBG: http.c:connect_server: trying name='kookaburra.gentoo.org' port=11371 2019-03-31 13:21:06 dirmngr[5381.6] DBG: dns: resolve_dns_name(kookaburra.gentoo.org): Success 2019-03-31 13:21:06 dirmngr[5381.6] DBG: http.c:1899:socket_new: object 0x00007f40500be210 for fd 7 created 2019-03-31 13:21:06 dirmngr[5381.6] DBG: http.c:request: 2019-03-31 13:21:06 dirmngr[5381.6] DBG: >> GET /pks/lookup?op=get&options=mr&search=0xE3F69979BB4B8928DA78E3D17CBF44EF5C350883 HTTP/1.0\r\n 2019-03-31 13:21:06 dirmngr[5381.6] DBG: >> Host: kookaburra.gentoo.org:11371\r\n 2019-03-31 13:21:06 dirmngr[5381.6] DBG: http.c:request-header: 2019-03-31 13:21:06 dirmngr[5381.6] DBG: >> \r\n 2019-03-31 13:21:06 dirmngr[5381.6] DBG: chan_6 -> S PROGRESS tick ? 0 0 2019-03-31 13:21:07 dirmngr[5381.6] DBG: http.c:response: 2019-03-31 13:21:07 dirmngr[5381.6] DBG: >> HTTP/1.0 200 OK\r\n 2019-03-31 13:21:07 dirmngr[5381.6] http.c:RESP: 'Server: sks_www/1.1.6' 2019-03-31 13:21:07 dirmngr[5381.6] http.c:RESP: 'Cache-Control: no-cache' 2019-03-31 13:21:07 dirmngr[5381.6] http.c:RESP: 'Pragma: no-cache' 2019-03-31 13:21:07 dirmngr[5381.6] http.c:RESP: 'Expires: 0' 2019-03-31 13:21:07 dirmngr[5381.6] http.c:RESP: 'Content-length: 30886' 2019-03-31 13:21:07 dirmngr[5381.6] http.c:RESP: 'X-HKP-Results-Count: 1' 2019-03-31 13:21:07 dirmngr[5381.6] http.c:RESP: 'Content-type: application/pgp-keys; charset=UTF-8' 2019-03-31 13:21:07 dirmngr[5381.6] http.c:RESP: 'Content-disposition: attachment; filename=gpgkey.asc' 2019-03-31 13:21:07 dirmngr[5381.6] http.c:RESP: 'Access-Control-Allow-Origin: *' 2019-03-31 13:21:07 dirmngr[5381.6] http.c:RESP: '' 2019-03-31 13:21:07 dirmngr[5381.6] DBG: chan_6 -> S SOURCE http://kookaburra.gentoo.org:11371 2019-03-31 13:21:07 dirmngr[5381.6] DBG: (30886 bytes sent via D lines not shown) 2019-03-31 13:21:07 dirmngr[5381.6] DBG: chan_6 -> OK 2019-03-31 13:21:07 dirmngr[5381.6] DBG: chan_6 <- BYE 2019-03-31 13:21:07 dirmngr[5381.6] DBG: chan_6 -> OK closing connection 2019-03-31 13:21:07 dirmngr[5381.6] handler for fd 6 terminated ----- h2 testcase 2019-03-31 13:21:32 dirmngr[5381.6] handler for fd 6 started 2019-03-31 13:21:32 dirmngr[5381.6] DBG: chan_6 -> # Home: /home/robbat2/.gnupg 2019-03-31 13:21:32 dirmngr[5381.6] DBG: chan_6 -> # Config: /home/robbat2/.gnupg/dirmngr.conf 2019-03-31 13:21:32 dirmngr[5381.6] DBG: chan_6 -> OK Dirmngr 2.2.12 at your service 2019-03-31 13:21:32 dirmngr[5381.6] connection from process 27666 (10000:10000) 2019-03-31 13:21:32 dirmngr[5381.6] DBG: chan_6 <- GETINFO version 2019-03-31 13:21:32 dirmngr[5381.6] DBG: chan_6 -> D 2.2.12 2019-03-31 13:21:32 dirmngr[5381.6] DBG: chan_6 -> OK 2019-03-31 13:21:32 dirmngr[5381.6] DBG: chan_6 <- KEYSERVER --clear hkp://208.116.51.2 2019-03-31 13:21:32 dirmngr[5381.6] DBG: chan_6 -> OK 2019-03-31 13:21:32 dirmngr[5381.6] DBG: chan_6 <- KS_GET -- 0xE3F69979BB4B8928DA78E3D17CBF44EF5C350883 2019-03-31 13:21:32 dirmngr[5381.6] DBG: dns: resolve_dns_name(208.116.51.2): Success 2019-03-31 13:21:32 dirmngr[5381.6] DBG: dns: resolve_dns_addr(): No name 2019-03-31 13:21:32 dirmngr[5381.6] host '208.116.51.2' marked as dead 2019-03-31 13:21:32 dirmngr[5381.6] command 'KS_GET' failed: No keyserver available 2019-03-31 13:21:32 dirmngr[5381.6] DBG: chan_6 -> ERR 167772346 No keyserver available <Dirmngr> 2019-03-31 13:21:32 dirmngr[5381.6] DBG: chan_6 <- BYE 2019-03-31 13:21:32 dirmngr[5381.6] DBG: chan_6 -> OK closing connection 2019-03-31 13:21:32 dirmngr[5381.6] handler for fd 6 terminated ----- h3 testcase 2019-03-31 13:30:05 dirmngr[5381.6] handler for fd 6 started 2019-03-31 13:30:05 dirmngr[5381.6] DBG: chan_6 -> # Home: /home/robbat2/.gnupg 2019-03-31 13:30:05 dirmngr[5381.6] DBG: chan_6 -> # Config: /home/robbat2/.gnupg/dirmngr.conf 2019-03-31 13:30:05 dirmngr[5381.6] DBG: chan_6 -> OK Dirmngr 2.2.12 at your service 2019-03-31 13:30:05 dirmngr[5381.6] connection from process 29501 (10000:10000) 2019-03-31 13:30:05 dirmngr[5381.6] DBG: chan_6 <- GETINFO version 2019-03-31 13:30:05 dirmngr[5381.6] DBG: chan_6 -> D 2.2.12 2019-03-31 13:30:05 dirmngr[5381.6] DBG: chan_6 -> OK 2019-03-31 13:30:05 dirmngr[5381.6] DBG: chan_6 <- KEYSERVER --clear hkp://89.238.71.4 2019-03-31 13:30:05 dirmngr[5381.6] DBG: chan_6 -> OK 2019-03-31 13:30:05 dirmngr[5381.6] DBG: chan_6 <- KS_GET -- 0xE3F69979BB4B8928DA78E3D17CBF44EF5C350883 2019-03-31 13:30:05 dirmngr[5381.6] DBG: dns: resolve_dns_name(89.238.71.4): Success 2019-03-31 13:30:05 dirmngr[5381.6] DBG: dns: resolve_dns_addr(): Success 2019-03-31 13:30:05 dirmngr[5381.6] DBG: Using TLS library: GNUTLS 3.6.5 2019-03-31 13:30:05 dirmngr[5381.6] DBG: http.c:connect_server: trying name='89.238.71.4' port=11371 2019-03-31 13:30:05 dirmngr[5381.6] DBG: dns: resolve_dns_name(89.238.71.4): Success 2019-03-31 13:30:05 dirmngr[5381.6] DBG: http.c:1899:socket_new: object 0x00007f40500bd6a0 for fd 8 created 2019-03-31 13:30:05 dirmngr[5381.6] DBG: http.c:request: 2019-03-31 13:30:05 dirmngr[5381.6] DBG: >> GET /pks/lookup?op=get&options=mr&search=0xE3F69979BB4B8928DA78E3D17CBF44EF5C350883 HTTP/1.0\r\n 2019-03-31 13:30:05 dirmngr[5381.6] DBG: >> Host: trogan.gentoo.org:11371\r\n 2019-03-31 13:30:05 dirmngr[5381.6] DBG: http.c:request-header: 2019-03-31 13:30:05 dirmngr[5381.6] DBG: >> \r\n 2019-03-31 13:30:05 dirmngr[5381.6] DBG: chan_6 -> S PROGRESS tick ? 0 0 2019-03-31 13:30:06 dirmngr[5381.6] DBG: http.c:response: 2019-03-31 13:30:06 dirmngr[5381.6] DBG: >> HTTP/1.0 200 OK\r\n 2019-03-31 13:30:06 dirmngr[5381.6] http.c:RESP: 'Server: sks_www/1.1.6' 2019-03-31 13:30:06 dirmngr[5381.6] http.c:RESP: 'Cache-Control: no-cache' 2019-03-31 13:30:06 dirmngr[5381.6] http.c:RESP: 'Pragma: no-cache' 2019-03-31 13:30:06 dirmngr[5381.6] http.c:RESP: 'Expires: 0' 2019-03-31 13:30:06 dirmngr[5381.6] http.c:RESP: 'Content-length: 30882' 2019-03-31 13:30:06 dirmngr[5381.6] http.c:RESP: 'X-HKP-Results-Count: 1' 2019-03-31 13:30:06 dirmngr[5381.6] http.c:RESP: 'Content-type: application/pgp-keys; charset=UTF-8' 2019-03-31 13:30:06 dirmngr[5381.6] http.c:RESP: 'Content-disposition: attachment; filename=gpgkey.asc' 2019-03-31 13:30:06 dirmngr[5381.6] http.c:RESP: 'Access-Control-Allow-Origin: *' 2019-03-31 13:30:06 dirmngr[5381.6] http.c:RESP: '' 2019-03-31 13:30:06 dirmngr[5381.6] DBG: chan_6 -> S SOURCE http://89.238.71.4:11371 2019-03-31 13:30:06 dirmngr[5381.6] DBG: (30882 bytes sent via D lines not shown) 2019-03-31 13:30:06 dirmngr[5381.6] DBG: chan_6 -> OK 2019-03-31 13:30:06 dirmngr[5381.6] DBG: chan_6 <- BYE 2019-03-31 13:30:06 dirmngr[5381.6] DBG: chan_6 -> OK closing connection 2019-03-31 13:30:06 dirmngr[5381.6] handler for fd 6 terminated