If you specify a pool of keyservers dirmngr selects a keyserver on its won from the pool. This is so that it can use its own heuristics to detect whether a keyserver is dead and then retry another one. Now the default is a pool and your specified keyserver.ubuntu.com is also a pool (of two servers). So if your DNS resolver does not tell us the IP addresses, we can't do anything about it.
Oct 25 2018
It seems that this part of the code was not finished. Unfortunately upstream of the dns code is unresponsive and thus we started to maintain the code base by ourselves. There is still an open question whether we should do that to the full extend, in which case we would integrate the code closer into the GnuPG framework with its own logging subsystems.
Aug 21 2018
A workaround for this until the HTTP client is fixed is to just use curl instead:
I am running into the same exact issue. It seems that dirmng is incorrectly attempting to resolve the addresses for the keyservers despite having been given an HTTP proxy to connect through.
Jul 12 2018
Jun 20 2018
Applied to 2.2 branch.
Jun 19 2018
Jun 18 2018
And 2.2 branch.
Fixed in master.
Jun 15 2018
I'll fix for the non-FQDN case.
I think that I identified the issue. This is the libdns (dirmngr/dns.c) problem when hostname is not FQDN.
If you change it to FQDN, you can see that it tries to search adding the domain name.
Fixed in master.
It is indirectly reported at the upstream: https://github.com/wahern/dns/issues/19
Apr 26 2018
Apr 17 2018
An option to ignore SRV records would also be good for debugging. Thus I raised the priority and truned this into a feature request.
@Beiri22: It was my fault to to tell you to use scdaemon.conf. The correct conf file is of course dirmngr.conf. However, with @BenM comments I don't think that it is a bug at all. I am thus closing this; please feel free to re-open if we were wrong
Apr 11 2018
Since the initial redacted data for those four keys is still accessible, I checked all of those keys manually and none of them are on the keyservers. Since the OP was connecting to the specified keyserver successfully prior to that failure, I believe this is the cause of the error and not another DNS vs. Dirmngr conflict.
Apr 9 2018
That slipped my attention due to the missing gpg22 tag I should have added. Sorry.
Is there any ETA for when this might get fixed? We are having the same issue with our keyserver since it's behind a cname.
Feb 28 2018
That will be the IP of proxy.x.com - the log shows that it finds that. But the log also shows that it can't find the address for the other names. "No Name" is EAI_NONAME.
I did some digging with Wireshark:
- there are DNS queries for proxy records A & AAAA (ipv4 & ipv6 - both regardless of --disable-ipv6)
- DNS reply returns correct IP address in A record
- there are no outgoing connections to proxy IP address
Well, if your proxy inhibits GnuPG to retrieve information about the keyservers, GnuPG can't do anything about it.
Just to clarify:
1.I'm behind corporate network
2.Network resolves only local addresses, so this is correct: dirmngr: resolving 'hkps.pool.sks-keyservers.net' failed: No name
3.Network address of the proxy is resolvable (I can see it's address and it responds to ping
4.Internet browser without proxy will not work
5,Internet browser with the proxy below works
6.When using gpg on this computer outside of corporate network everything works
The stripped down log is
Feb 27 2018
@werner Problem persists (same results with disabling ipv4 or ipv6
Feb 22 2018
Feb 21 2018
hm, i think this is the file:
Jan 24 2018
Jan 10 2018
I'm using gnupg 2.2.4 and this problem repros for me, and it impacts downstream things like pacman-key (Arch Linux) quite insidiously, which fails with an misleading error message that would not point a regular user to this line of investigation.