in draft-koch-openpgp-webkey-service-08, it says:
There are two variants on how to form the request URI: The advanced and the direct method. Implementations MUST first try the advanced method. Only if the required sub-domain does not exist, they SHOULD fall back to the direct method.
However, dirmngr 2.2.16 only appears to try the direct method:
2019-06-28 00:21:36 dirmngr[7264] listening on socket '/run/user/1000/gnupg/d.hkbmm37rr1s1gtdpie53koth/S.dirmngr' 2019-06-28 00:21:37 dirmngr[7265.0] permanently loaded certificates: 125 2019-06-28 00:21:37 dirmngr[7265.0] runtime cached certificates: 0 2019-06-28 00:21:37 dirmngr[7265.0] trusted certificates: 125 (124,0,0,1) 2019-06-28 00:21:37 dirmngr[7265.6] handler for fd 6 started 2019-06-28 00:21:37 dirmngr[7265.6] DBG: chan_6 -> # Home: /tmp/cdtemp.nJ9Hgt 2019-06-28 00:21:37 dirmngr[7265.6] DBG: chan_6 -> # Config: /tmp/cdtemp.nJ9Hgt/dirmngr.conf 2019-06-28 00:21:37 dirmngr[7265.6] DBG: chan_6 -> OK Dirmngr 2.2.16 at your service 2019-06-28 00:21:37 dirmngr[7265.6] connection from process 7262 (1000:1000) 2019-06-28 00:21:37 dirmngr[7265.6] DBG: chan_6 <- GETINFO version 2019-06-28 00:21:37 dirmngr[7265.6] DBG: chan_6 -> D 2.2.16 2019-06-28 00:21:37 dirmngr[7265.6] DBG: chan_6 -> OK 2019-06-28 00:21:37 dirmngr[7265.6] DBG: chan_6 <- WKD_GET -- dkg@fifthhorseman.net 2019-06-28 00:21:38 dirmngr[7265.6] DBG: chan_6 -> S SOURCE https://fifthhorseman.net 2019-06-28 00:21:38 dirmngr[7265.6] number of system provided CAs: 124 2019-06-28 00:21:41 dirmngr[7265.6] DBG: http.c:request: 2019-06-28 00:21:41 dirmngr[7265.6] DBG: >> GET /.well-known/openpgpkey/hu/sr4so3py756t9p5ktpud9menxx1m3g5b?l=dkg HTTP/1.0\r\n 2019-06-28 00:21:41 dirmngr[7265.6] DBG: >> Host: fifthhorseman.net\r\n 2019-06-28 00:21:41 dirmngr[7265.6] DBG: http.c:request-header: 2019-06-28 00:21:41 dirmngr[7265.6] DBG: >> \r\n 2019-06-28 00:21:42 dirmngr[7265.6] DBG: http.c:response: 2019-06-28 00:21:42 dirmngr[7265.6] DBG: >> HTTP/1.1 200 OK\r\n 2019-06-28 00:21:42 dirmngr[7265.6] http.c:RESP: 'Date: Fri, 28 Jun 2019 04:21:41 GMT' 2019-06-28 00:21:42 dirmngr[7265.6] http.c:RESP: 'Server: Apache/2.4.39' 2019-06-28 00:21:42 dirmngr[7265.6] http.c:RESP: 'Last-Modified: Fri, 28 Jun 2019 04:13:37 GMT' 2019-06-28 00:21:42 dirmngr[7265.6] http.c:RESP: 'ETag: "131e-58c5a80b0bf63"' 2019-06-28 00:21:42 dirmngr[7265.6] http.c:RESP: 'Accept-Ranges: bytes' 2019-06-28 00:21:42 dirmngr[7265.6] http.c:RESP: 'Content-Length: 4894' 2019-06-28 00:21:42 dirmngr[7265.6] http.c:RESP: 'Connection: close' 2019-06-28 00:21:42 dirmngr[7265.6] http.c:RESP: '' 2019-06-28 00:21:42 dirmngr[7265.6] DBG: (4894 bytes sent via D lines not shown) 2019-06-28 00:21:42 dirmngr[7265.6] DBG: chan_6 -> OK 2019-06-28 00:21:54 dirmngr[7265.6] DBG: chan_6 <- BYE 2019-06-28 00:21:54 dirmngr[7265.6] DBG: chan_6 -> OK closing connection 2019-06-28 00:21:54 dirmngr[7265.6] handler for fd 6 terminated
This is working for me for the moment, because fifthhorseman.net publishes WKD at both the "advanced" and the "direct" location. But i'd rather not publish at the "direct" location.