improve error message ("Not enabled") when using Tor network and standard resolver
Closed, ResolvedPublic

Description

With dirmngr using the standard-resolver, "gpg --receive-keys" gives a "Not enabled" error, which is not only not helpful, it is apparently misleading. Hunting through the code, it appears this is explicitly triggered with the combination of standard-resolver and Tor. It should not be necessary to look in the code for this information. (Just point me to the doc I missed reading, if that's the case.) If this is the only use of this particular error, please reword it to be more helpful. If not, please consider created a separate, more useful, error for this case.

Even changing to "recursive-resolver" (is there any real documentation about the different resolvers available?) I now get "ERR 167772360 Buffer too short <Dirmngr>" which is also not very helpful. I get this with either resolver, with or without Tor running, but I'll leave that for a separate issue, if I can't resolve it myself.

I'm on Gentoo, with gnupg compiled from source, if it matters, and I'll be happy to provide any additional info/logs if it will be of any use.

werner triaged this task as Normal priority.
werner closed this task as Resolved.Nov 23 2019, 8:32 PM
werner claimed this task.
werner added a subscriber: werner.

The manual states that --standard-resolver is mostly for debugging. The reason you get an "not enabled" is that we can't allow direct DNS queries in Tor mode which would happen with the system (standard) DNS resolver.

I updated the man page to mention this.