Feed Advanced Search

Fri, Oct 25

werner triaged T4729: WKD via http_proxy does not work if DNS is broken/unavailable as Normal priority.
Fri, Oct 25, 11:01 AM · dns, gnupg (gpg23), dirmngr
werner triaged T4728: GnuPG fails to connect to 127.0.0.1 when many domains are specified in /etc/hosts as Normal priority.
Fri, Oct 25, 11:00 AM · gnupg (gpg23), dns, dirmngr
mgorny added a comment to T4444: dirmngr fails with keyservers specified by IP without rDNS; reported as dead host or uses wrong Host header.

Ping.

Fri, Oct 25, 10:54 AM · Keyserver, dns, dirmngr, Bug Report

Aug 22 2019

gniibe added a commit to T4228: Leaked FILE from tmpfile() in dns.c dns_trace_open: rGe00e68135c01: dns: Fix irrelevant use of tmpfile..
Aug 22 2019, 5:55 AM · dns, gnupg
gniibe closed T4228: Leaked FILE from tmpfile() in dns.c dns_trace_open as Resolved.

Fixed in master.

Aug 22 2019, 5:55 AM · dns, gnupg
gniibe added a comment to T4228: Leaked FILE from tmpfile() in dns.c dns_trace_open.

This part of code is questionable. It always comes fp!=NULL, so the part should be removed.
If fp==NULL, use of tmpfile is quite questionable because a user can't know where the trace output goes.
I'm going to remove that part.

Aug 22 2019, 5:54 AM · dns, gnupg

Aug 10 2019

dkg added a comment to T4618: DANE OpenPGP certificate retrieval does not verify DNSSEC signatures.

WKD and DANE/OPENPGPKEY offer rather distinct properties. I'd be hard-pressed to say that one is "better" than the other without understanding the threat model and concerns of the evaluator:

Aug 10 2019, 4:24 AM · dns, dirmngr

Aug 6 2019

wiktor-k added a comment to T4618: DANE OpenPGP certificate retrieval does not verify DNSSEC signatures.

DNSSEC is a centralized CA system. Just different than the TLS one. Given that Certificate Transparency exists I'd say DNSSEC is less transparent than TLS. For example if you happen to have a .ly domain then the Libyan can silently control your signed zone. Given that there is no CT for DNSSEC they can do so selectively, for any connection they want. It wouldn't be the first problem with them.

Aug 6 2019, 1:56 PM · dns, dirmngr
mejo added a comment to T4618: DANE OpenPGP certificate retrieval does not verify DNSSEC signatures.

I'm left wondering: are there cases where OPENPGPKEY would be preferred over WKD?

Aug 6 2019, 1:43 PM · dns, dirmngr

Jul 11 2019

wiktor-k added a comment to T4618: DANE OpenPGP certificate retrieval does not verify DNSSEC signatures.

Is this really necessary to duplicate functionality that already is provided by Web Key Directory?

Jul 11 2019, 12:25 PM · dns, dirmngr

Jul 10 2019

dkg added a comment to T4618: DANE OpenPGP certificate retrieval does not verify DNSSEC signatures.

I agree, many currently-shipped DNS client library implementations do not provide DNSSEC validity checks.

Jul 10 2019, 9:44 PM · dns, dirmngr
werner triaged T4618: DANE OpenPGP certificate retrieval does not verify DNSSEC signatures as Normal priority.

Sure it is not validated. Standard clients do not provide the system features to do that. That is one of the problems with DNSSEC adoption - it works only for servers in practice.

Jul 10 2019, 7:17 PM · dns, dirmngr
dkg created T4618: DANE OpenPGP certificate retrieval does not verify DNSSEC signatures.
Jul 10 2019, 6:48 PM · dns, dirmngr

Jul 3 2019

werner changed the edit policy for T3065: dirmngr: proxy issues with dnslookup causing failure.
Jul 3 2019, 6:19 PM · gnupg (gpg22), dns, dirmngr
werner closed T3065: dirmngr: proxy issues with dnslookup causing failure as Invalid.

I asked you to carry this to a mailing list and not re-open this task.

Jul 3 2019, 6:19 PM · gnupg (gpg22), dns, dirmngr

May 23 2019

wheelerlaw reopened T3065: dirmngr: proxy issues with dnslookup causing failure as "Open".

Are you not reading what I am saying to you?? Once again, your explanation is INVALID because that would mean that gnupg would be BROKEN, because it would be a NON-COMPLIANT http client according to the RFC I quoted.

May 23 2019, 1:58 PM · gnupg (gpg22), dns, dirmngr
werner closed T3065: dirmngr: proxy issues with dnslookup causing failure as Wontfix.

I explained why the keyserver access requires access to the DNS. If that is not possible the keyserver code will not work. If you don't allow DNS to work you either have to use Tor (which we use to also tunnel DNS requests) or get your keys from elsewhere. Also note that the keyserver network is current several broken and under DoS and thus it is unlikely that it can be operated in the future.

May 23 2019, 9:42 AM · gnupg (gpg22), dns, dirmngr

May 17 2019

werner triaged T4444: dirmngr fails with keyservers specified by IP without rDNS; reported as dead host or uses wrong Host header as Normal priority.
May 17 2019, 6:47 PM · Keyserver, dns, dirmngr, Bug Report

Apr 1 2019

robbat2 added a comment to T4444: dirmngr fails with keyservers specified by IP without rDNS; reported as dead host or uses wrong Host header.

HTTP/1.1 spec, RFC 7230, Section 5.4, paragraph 2:
https://tools.ietf.org/html/rfc7230#section-5.4

Apr 1 2019, 8:24 PM · Keyserver, dns, dirmngr, Bug Report
werner added a comment to T4444: dirmngr fails with keyservers specified by IP without rDNS; reported as dead host or uses wrong Host header.

Please be so kind and point me to the specs stating that you should put the IP address into Host:

Apr 1 2019, 8:01 PM · Keyserver, dns, dirmngr, Bug Report
robbat2 added a comment to T4444: dirmngr fails with keyservers specified by IP without rDNS; reported as dead host or uses wrong Host header.

It's up to GPG to send the Host header that shows the user's intent.

Apr 1 2019, 6:20 PM · Keyserver, dns, dirmngr, Bug Report
werner added a comment to T4444: dirmngr fails with keyservers specified by IP without rDNS; reported as dead host or uses wrong Host header.

So in short you want:

  1. Allow to specify a keyserver by IP without any DNS lookups.
  2. When connecting via IP use the IP address for Host:.
Apr 1 2019, 12:55 PM · Keyserver, dns, dirmngr, Bug Report
werner triaged T4443: IPv6 address with scope not accepted as keyserver as Normal priority.
Apr 1 2019, 10:24 AM · gnupg (gpg23), dirmngr, dns, Bug Report

Mar 31 2019

robbat2 created T4444: dirmngr fails with keyservers specified by IP without rDNS; reported as dead host or uses wrong Host header.
Mar 31 2019, 10:35 PM · Keyserver, dns, dirmngr, Bug Report
robbat2 created T4443: IPv6 address with scope not accepted as keyserver.
Mar 31 2019, 9:41 PM · gnupg (gpg23), dirmngr, dns, Bug Report

Mar 19 2019

wheelerlaw added a comment to T3065: dirmngr: proxy issues with dnslookup causing failure.

Also might I add, this used to work perfectly fine in gnupg14. It seems that somewhere along the line a regression was introduced that is causing this erroneous non-compliant behavior in the HTTP client.

Mar 19 2019, 6:18 PM · gnupg (gpg22), dns, dirmngr
wheelerlaw added a comment to T3065: dirmngr: proxy issues with dnslookup causing failure.

Why? Your explanation is invalid because it implicates dirmngr's HTTP client as not comforming to the spec laid out by the RFC. I've quite clearly explained--and backed up with the spec itself--that when a proxy variable is configured, a client should not be doing DNS lookup of the destination hostname. Is there something about that you are not understanding?

Mar 19 2019, 6:13 PM · gnupg (gpg22), dns, dirmngr
werner added a comment to T3065: dirmngr: proxy issues with dnslookup causing failure.

Please show an example regarding something else than a failed access to a pool of keyservers. I explained why it can't work for pools for you.

Mar 19 2019, 7:59 AM · gnupg (gpg22), dns, dirmngr

Mar 18 2019

wheelerlaw reopened T3065: dirmngr: proxy issues with dnslookup causing failure as "Open".

Yes you can, and no you do not. Don't believe me? Then read the spec. At no point does the spec say that there is "nothing that can be done" when a hostname cannot be resolved when connecting through a proxy. In fact, it states precisely the opposite, describing the exact procedure a client should take when making a request through a proxy. See section 5.3, paragraph 3:

Mar 18 2019, 9:21 PM · gnupg (gpg22), dns, dirmngr
werner closed T3065: dirmngr: proxy issues with dnslookup causing failure as Invalid.

No we can't we need to know the IP addresses to handle the pools. I have given a workaround for you in my previous comment. You can also use install Tor which we can use for DNS resolving.

Mar 18 2019, 7:26 PM · gnupg (gpg22), dns, dirmngr

Dec 14 2018

wheelerlaw edited projects for T3065: dirmngr: proxy issues with dnslookup causing failure, added: gnupg (gpg22); removed FAQ.
Dec 14 2018, 7:29 PM · gnupg (gpg22), dns, dirmngr
wheelerlaw added a comment to T3065: dirmngr: proxy issues with dnslookup causing failure.
So if your DNS resolver does not tell us the IP addresses, we can't do anything about it.
Dec 14 2018, 7:25 PM · gnupg (gpg22), dns, dirmngr

Dec 11 2018

werner edited projects for T3065: dirmngr: proxy issues with dnslookup causing failure, added: FAQ; removed gnupg (gpg22).
Dec 11 2018, 3:48 PM · gnupg (gpg22), dns, dirmngr
werner added a comment to T3065: dirmngr: proxy issues with dnslookup causing failure.

If you specify a pool of keyservers dirmngr selects a keyserver on its won from the pool. This is so that it can use its own heuristics to detect whether a keyserver is dead and then retry another one. Now the default is a pool and your specified keyserver.ubuntu.com is also a pool (of two servers). So if your DNS resolver does not tell us the IP addresses, we can't do anything about it.

Dec 11 2018, 3:48 PM · gnupg (gpg22), dns, dirmngr
werner added a project to T3168: dirmngr: gpg: keyserver receive failed: No keyserver available: dns.
Dec 11 2018, 12:40 PM · dns, dirmngr

Oct 25 2018

werner triaged T4228: Leaked FILE from tmpfile() in dns.c dns_trace_open as Low priority.

It seems that this part of the code was not finished. Unfortunately upstream of the dns code is unresponsive and thus we started to maintain the code base by ourselves. There is still an open question whether we should do that to the full extend, in which case we would integrate the code closer into the GnuPG framework with its own logging subsystems.

Oct 25 2018, 5:06 PM · dns, gnupg

Aug 21 2018

wheelerlaw added a comment to T3065: dirmngr: proxy issues with dnslookup causing failure.

A workaround for this until the HTTP client is fixed is to just use curl instead:

Aug 21 2018, 5:59 PM · gnupg (gpg22), dns, dirmngr
wheelerlaw added a comment to T3065: dirmngr: proxy issues with dnslookup causing failure.

I am running into the same exact issue. It seems that dirmng is incorrectly attempting to resolve the addresses for the keyservers despite having been given an HTTP proxy to connect through.

Aug 21 2018, 5:31 PM · gnupg (gpg22), dns, dirmngr

Jul 12 2018

werner closed T4036: gnupg 2.2.9 release, a subtask of T3374: gpg recv-keys fail if first dns server end up with "Connection refused", as Resolved.
Jul 12 2018, 4:54 PM · dns, dirmngr, Bug Report
werner closed T4036: gnupg 2.2.9 release, a subtask of T3803: dirmngr issues malformed DNS queries, as Resolved.
Jul 12 2018, 4:54 PM · dns, dirmngr, Bug Report
werner closed T3803: dirmngr issues malformed DNS queries as Resolved.
Jul 12 2018, 3:27 PM · dns, dirmngr, Bug Report
werner closed T3374: gpg recv-keys fail if first dns server end up with "Connection refused" as Resolved.
Jul 12 2018, 3:26 PM · dns, dirmngr, Bug Report

Jun 20 2018

gniibe added a subtask for T3803: dirmngr issues malformed DNS queries: T4036: gnupg 2.2.9 release.
Jun 20 2018, 8:03 AM · dns, dirmngr, Bug Report
gniibe removed a parent task for T3803: dirmngr issues malformed DNS queries: T4036: gnupg 2.2.9 release.
Jun 20 2018, 8:03 AM · dns, dirmngr, Bug Report
gniibe added a subtask for T3374: gpg recv-keys fail if first dns server end up with "Connection refused": T4036: gnupg 2.2.9 release.
Jun 20 2018, 8:02 AM · dns, dirmngr, Bug Report
gniibe removed a parent task for T3374: gpg recv-keys fail if first dns server end up with "Connection refused": T4036: gnupg 2.2.9 release.
Jun 20 2018, 8:02 AM · dns, dirmngr, Bug Report
gniibe added a parent task for T3374: gpg recv-keys fail if first dns server end up with "Connection refused": T4036: gnupg 2.2.9 release.
Jun 20 2018, 8:01 AM · dns, dirmngr, Bug Report
gniibe added a parent task for T3803: dirmngr issues malformed DNS queries: T4036: gnupg 2.2.9 release.
Jun 20 2018, 7:58 AM · dns, dirmngr, Bug Report
gniibe changed the status of T3374: gpg recv-keys fail if first dns server end up with "Connection refused" from Open to Testing.

Applied to 2.2 branch.

Jun 20 2018, 4:34 AM · dns, dirmngr, Bug Report

Jun 19 2018

werner closed T3755: TLS hostname verification using hostname from DNS instead of supplied hostname as Resolved.
Jun 19 2018, 1:34 PM · gnupg (gpg22), dns, dirmngr

Jun 18 2018

gniibe changed the status of T3803: dirmngr issues malformed DNS queries from Open to Testing.

And 2.2 branch.

Jun 18 2018, 10:28 AM · dns, dirmngr, Bug Report
gniibe added a commit to T3803: dirmngr issues malformed DNS queries: rG87d0ecf8a1b8: libdns: Fix for non-FQDN hostname..
Jun 18 2018, 10:28 AM · dns, dirmngr, Bug Report
gniibe added a commit to T3374: gpg recv-keys fail if first dns server end up with "Connection refused": rG699fe4b36f62: libdns: Fix connect and try next nameserver when ECONNREFUSED..
Jun 18 2018, 10:28 AM · dns, dirmngr, Bug Report
gniibe added a comment to T3803: dirmngr issues malformed DNS queries.

Fixed in master.

Jun 18 2018, 8:11 AM · dns, dirmngr, Bug Report
gniibe added a commit to T3803: dirmngr issues malformed DNS queries: rGa4a054bf14fa: libdns: Fix for non-FQDN hostname..
Jun 18 2018, 3:16 AM · dns, dirmngr, Bug Report

Jun 15 2018

gniibe claimed T3803: dirmngr issues malformed DNS queries.

I'll fix for the non-FQDN case.

Jun 15 2018, 11:08 AM · dns, dirmngr, Bug Report
gniibe added a comment to T3803: dirmngr issues malformed DNS queries.

I think that I identified the issue. This is the libdns (dirmngr/dns.c) problem when hostname is not FQDN.
If you change it to FQDN, you can see that it tries to search adding the domain name.

Jun 15 2018, 8:18 AM · dns, dirmngr, Bug Report
gniibe added a commit to T3374: gpg recv-keys fail if first dns server end up with "Connection refused": rGbcdbf8b8ebe9: libdns: Fix connect and try next nameserver when ECONNREFUSED..
Jun 15 2018, 6:04 AM · dns, dirmngr, Bug Report
gniibe added a comment to T3374: gpg recv-keys fail if first dns server end up with "Connection refused".

Fixed in master.

Jun 15 2018, 6:04 AM · dns, dirmngr, Bug Report
gniibe claimed T3374: gpg recv-keys fail if first dns server end up with "Connection refused".

It is indirectly reported at the upstream: https://github.com/wahern/dns/issues/19

Jun 15 2018, 5:57 AM · dns, dirmngr, Bug Report

Apr 26 2018

werner changed the status of T3755: TLS hostname verification using hostname from DNS instead of supplied hostname from Open to Testing.
Apr 26 2018, 4:41 PM · gnupg (gpg22), dns, dirmngr
werner added a commit to T3755: TLS hostname verification using hostname from DNS instead of supplied hostname: rGcc66108253c5: dirmngr: Fix handling of CNAMEed keyserver pools..
Apr 26 2018, 12:41 PM · gnupg (gpg22), dns, dirmngr

Apr 17 2018

werner triaged T3722: gpg "No name" error as Normal priority.
Apr 17 2018, 8:21 PM · dns
werner triaged T3517: dirmngr: retry without SRV due to buggy routers as High priority.

An option to ignore SRV records would also be good for debugging. Thus I raised the priority and truned this into a feature request.

Apr 17 2018, 8:03 PM · Feature Request, dns, dirmngr
werner closed T3546: ERR 219 on --refresh-keys / --send-keys /... as Invalid.

@Beiri22: It was my fault to to tell you to use scdaemon.conf. The correct conf file is of course dirmngr.conf. However, with @BenM comments I don't think that it is a bug at all. I am thus closing this; please feel free to re-open if we were wrong

Apr 17 2018, 8:00 PM · dns, Bug Report

Apr 11 2018

BenM added a comment to T3546: ERR 219 on --refresh-keys / --send-keys /....

Since the initial redacted data for those four keys is still accessible, I checked all of those keys manually and none of them are on the keyservers. Since the OP was connecting to the specified keyserver successfully prior to that failure, I believe this is the cause of the error and not another DNS vs. Dirmngr conflict.

Apr 11 2018, 4:13 AM · dns, Bug Report

Apr 9 2018

werner edited projects for T3755: TLS hostname verification using hostname from DNS instead of supplied hostname, added: gnupg (gpg22); removed gnupg.

That slipped my attention due to the missing gpg22 tag I should have added. Sorry.

Apr 9 2018, 10:45 PM · gnupg (gpg22), dns, dirmngr
twforeman added a comment to T3755: TLS hostname verification using hostname from DNS instead of supplied hostname.

Is there any ETA for when this might get fixed? We are having the same issue with our keyserver since it's behind a cname.

Apr 9 2018, 2:43 PM · gnupg (gpg22), dns, dirmngr

Feb 28 2018

werner added a comment to T3065: dirmngr: proxy issues with dnslookup causing failure.

That will be the IP of proxy.x.com - the log shows that it finds that. But the log also shows that it can't find the address for the other names. "No Name" is EAI_NONAME.

Feb 28 2018, 9:23 PM · gnupg (gpg22), dns, dirmngr
Ainahir added a comment to T3065: dirmngr: proxy issues with dnslookup causing failure.

I did some digging with Wireshark:

  1. there are DNS queries for proxy records A & AAAA (ipv4 & ipv6 - both regardless of --disable-ipv6)
  2. DNS reply returns correct IP address in A record
  3. there are no outgoing connections to proxy IP address
Feb 28 2018, 7:59 PM · gnupg (gpg22), dns, dirmngr
werner added a comment to T3065: dirmngr: proxy issues with dnslookup causing failure.

Well, if your proxy inhibits GnuPG to retrieve information about the keyservers, GnuPG can't do anything about it.

Feb 28 2018, 10:21 AM · gnupg (gpg22), dns, dirmngr
Ainahir added a comment to T3065: dirmngr: proxy issues with dnslookup causing failure.

Just to clarify:
1.I'm behind corporate network
2.Network resolves only local addresses, so this is correct: dirmngr[7416]: resolving 'hkps.pool.sks-keyservers.net' failed: No name
3.Network address of the proxy is resolvable (I can see it's address and it responds to ping
4.Internet browser without proxy will not work
5,Internet browser with the proxy below works
6.When using gpg on this computer outside of corporate network everything works

Feb 28 2018, 9:55 AM · gnupg (gpg22), dns, dirmngr
werner added a comment to T3065: dirmngr: proxy issues with dnslookup causing failure.

The stripped down log is

Feb 28 2018, 8:30 AM · gnupg (gpg22), dns, dirmngr

Feb 27 2018

Ainahir added a comment to T3065: dirmngr: proxy issues with dnslookup causing failure.

@werner Problem persists (same results with disabling ipv4 or ipv6

Feb 27 2018, 11:49 PM · gnupg (gpg22), dns, dirmngr
werner edited projects for T3065: dirmngr: proxy issues with dnslookup causing failure, added: dirmngr, dns; removed Info Needed.
Feb 27 2018, 3:45 PM · gnupg (gpg22), dns, dirmngr

Feb 22 2018

werner claimed T3803: dirmngr issues malformed DNS queries.
Feb 22 2018, 2:11 PM · dns, dirmngr, Bug Report

Feb 21 2018

dkg added a comment to T3803: dirmngr issues malformed DNS queries.

hm, i think this is the file:

Feb 21 2018, 8:34 PM · dns, dirmngr, Bug Report
dkg created T3803: dirmngr issues malformed DNS queries.
Feb 21 2018, 8:32 PM · dns, dirmngr, Bug Report

Jan 24 2018

werner triaged T3755: TLS hostname verification using hostname from DNS instead of supplied hostname as High priority.
Jan 24 2018, 8:47 AM · gnupg (gpg22), dns, dirmngr

Jan 10 2018

werner raised the priority of T3374: gpg recv-keys fail if first dns server end up with "Connection refused" from Normal to High.
Jan 10 2018, 4:11 PM · dns, dirmngr, Bug Report
joshchia added a comment to T3374: gpg recv-keys fail if first dns server end up with "Connection refused".

I'm using gnupg 2.2.4 and this problem repros for me, and it impacts downstream things like pacman-key (Arch Linux) quite insidiously, which fails with an misleading error message that would not point a regular user to this line of investigation.

Jan 10 2018, 1:48 PM · dns, dirmngr, Bug Report

Jan 9 2018

walz added a comment to T3722: gpg "No name" error.
$ gpg-connect-agent --dirmngr 'getinfo dnsinfo' /bye
OK - Libdns stub resolver
Jan 9 2018, 6:51 PM · dns
werner added a project to T3722: gpg "No name" error: dns.

What is the output of

gpg-connect-agent --dirmngr 'getinfo dnsinfo' /bye

and what is the content of your /etc/nsswitch.conf and /etc/resolv.conf ? Is there anything special in your /etc/hosts? Are you using any kind of non mainstream DNS resolver on your system or network?

Jan 9 2018, 9:11 AM · dns

Jan 3 2018

werner updated subscribers of T3546: ERR 219 on --refresh-keys / --send-keys /....
Jan 3 2018, 9:26 AM · dns, Bug Report
fyu12136 added a comment to T3546: ERR 219 on --refresh-keys / --send-keys /....
Jan 3 2018, 8:52 AM · dns, Bug Report
fyu12136 added a comment to T3546: ERR 219 on --refresh-keys / --send-keys /....
Jan 3 2018, 8:52 AM · dns, Bug Report
fyu12136 added a comment to T3546: ERR 219 on --refresh-keys / --send-keys /....
Jan 3 2018, 8:52 AM · dns, Bug Report
fyu12136 added a comment to T3546: ERR 219 on --refresh-keys / --send-keys /....
Jan 3 2018, 8:52 AM · dns, Bug Report
fyu12136 added a comment to T3546: ERR 219 on --refresh-keys / --send-keys /....
Jan 3 2018, 8:52 AM · dns, Bug Report
fyu12136 added a comment to T3546: ERR 219 on --refresh-keys / --send-keys /....
Jan 3 2018, 8:51 AM · dns, Bug Report
fyu12136 added a comment to T3546: ERR 219 on --refresh-keys / --send-keys /....
Jan 3 2018, 8:51 AM · dns, Bug Report

Nov 30 2017

Beiri22 added a comment to T3546: ERR 219 on --refresh-keys / --send-keys /....

I am using an Antergos Linux (Arch Linux).

Nov 30 2017, 1:06 PM · dns, Bug Report
werner updated the task description for T3546: ERR 219 on --refresh-keys / --send-keys /....
Nov 30 2017, 12:40 PM · dns, Bug Report
werner added a project to T3546: ERR 219 on --refresh-keys / --send-keys /...: dns.
Nov 30 2017, 12:39 PM · dns, Bug Report

Nov 29 2017

werner added a comment to T3517: dirmngr: retry without SRV due to buggy routers.

For reference here is @mcgrof's dump in a directly readable format:

00:29:33.472844 IP 192.168.4.7.10218 > 192.168.4.1.domain: 53039+ SRV? _pgpkey-https._tcp.hkps.pool.sks-keyservers.net. (65)
00:29:33.879268 IP 192.168.4.1.domain > 192.168.4.7.10218: 53039 FormErr 0/0/0 (65)
00:29:33.880719 IP 192.168.4.7.10218 > 192.168.4.1.domain: 51133+ Type0 (Class 8448)? _pgpkey-https._tcp.hkps.pool.sks-keyservers.net. (66)
00:29:33.902115 IP 192.168.4.1.domain > 192.168.4.7.10218: 51133 FormErr 0/0/0 (65)
Nov 29 2017, 10:17 AM · Feature Request, dns, dirmngr

Nov 21 2017

werner added a comment to T3517: dirmngr: retry without SRV due to buggy routers.

Unconditionally retrying without SRV lookup is not a good idea. SRV record are there for a reason. What we could do is an option to skip SRV record lookups.

Nov 21 2017, 11:52 AM · Feature Request, dns, dirmngr
werner added projects to T3517: dirmngr: retry without SRV due to buggy routers: dirmngr, dns.
Nov 21 2017, 11:50 AM · Feature Request, dns, dirmngr

Aug 28 2017

werner triaged T3374: gpg recv-keys fail if first dns server end up with "Connection refused" as Normal priority.
Aug 28 2017, 7:34 PM · dns, dirmngr, Bug Report
werner set the icon for dns to Tag.
Aug 28 2017, 7:33 PM