Package: dirmngr Version: 2.1.18-6 When nameservers in /etc/resolv.conf are only IPv6 addresses, dirmngr fails to resolve hostnames. System is up-to-date Stretch install (kernel 4.9.0-2-amd64 #1 SMP Debian 4.9.18-1, glibc 2.24-10).
Expected behaviour: dirmngr works with IPv6 DNS resolvers.
~/.gnupg/dirmngr.conf:
debug-all
verbose
Transcript (gpg):
$ gpg -vv --debug-all --keyserver keyserver.cns.vt.edu --recv-keys
B2F41D360340F41AE0B2841773AC5687477EB9EE
gpg: Note: no default option file '/home/eric/.gnupg/gpg.conf'
gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache
memstat trust hashing ipc clock lookup extprog
gpg: DBG: [not enabled in the source] start
gpg: DBG: chan_3 <- # Home: /home/eric/.gnupg
gpg: DBG: chan_3 <- # Config: /home/eric/.gnupg/dirmngr.conf
gpg: DBG: chan_3 <- OK Dirmngr 2.1.18 at your service
gpg: DBG: connection to the dirmngr established
gpg: DBG: chan_3 -> GETINFO version
gpg: DBG: chan_3 <- D 2.1.18
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KEYSERVER --clear hkp://keyserver.cns.vt.edu
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KS_GET -- 0xB2F41D360340F41AE0B2841773AC5687477EB9EE
gpg: DBG: chan_3 <- ERR 167772379 Server indicated a failure <Dirmngr>
gpg: keyserver receive failed: Server indicated a failure
gpg: DBG: chan_3 -> BYE
gpg: DBG: [not enabled in the source] stop
gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
outmix=0 getlvl1=0/0 getlvl2=0/0
gpg: secmem usage: 0/65536 bytes in 0 blocks
System Journal:
May 15 15:29:59 cannondale dirmngr[2563]: handler for fd 5 started
May 15 15:29:59 cannondale dirmngr[2563]: DBG: chan_5 -> # Home:
/home/eric/.gnupg
May 15 15:29:59 cannondale dirmngr[2563]: DBG: chan_5 -> # Config:
/home/eric/.gnupg/dirmngr.conf
May 15 15:29:59 cannondale dirmngr[2563]: DBG: chan_5 -> OK Dirmngr 2.1.18
at your service
May 15 15:29:59 cannondale dirmngr[2563]: connection from process 2759
(1000:1000)
May 15 15:29:59 cannondale dirmngr[2563]: DBG: chan_5 <- GETINFO version
May 15 15:29:59 cannondale dirmngr[2563]: DBG: chan_5 -> D 2.1.18
May 15 15:29:59 cannondale dirmngr[2563]: DBG: chan_5 -> OK
May 15 15:29:59 cannondale dirmngr[2563]: DBG: chan_5 <- KEYSERVER --clear
hkp://keyserver.cns.vt.edu
May 15 15:29:59 cannondale dirmngr[2563]: DBG: chan_5 -> OK
May 15 15:29:59 cannondale dirmngr[2563]: DBG: chan_5 <- KS_GET --
0xB2F41D360340F41AE0B2841773AC5687477EB9EE
May 15 15:29:59 cannondale dirmngr[2563]: number of system provided CAs: 173
May 15 15:29:59 cannondale dirmngr[2563]: DBG: http.c:connect_server:
trying name='keyserver.cns.vt.edu' port=11371
May 15 15:29:59 cannondale dirmngr[2563]: DBG: dns:
resolve_dns_name(keyserver.cns.vt.edu): Server indicated a failure
May 15 15:29:59 cannondale dirmngr[2563]: resolving 'keyserver.cns.vt.edu'
failed: Server indicated a failure
May 15 15:29:59 cannondale dirmngr[2563]: can't connect to
'keyserver.cns.vt.edu': host not found
May 15 15:29:59 cannondale dirmngr[2563]: error connecting to
'http://keyserver.cns.vt.edu:11371': Server indicated a failure
May 15 15:29:59 cannondale dirmngr[2563]: command 'KS_GET' failed: Server
indicated a failure
May 15 15:29:59 cannondale dirmngr[2563]: DBG: chan_5 -> ERR 167772379
Server indicated a failure <Dirmngr>
May 15 15:29:59 cannondale dirmngr[2563]: DBG: chan_5 <- BYE
May 15 15:29:59 cannondale dirmngr[2563]: DBG: chan_5 -> OK closing
connection
May 15 15:29:59 cannondale dirmngr[2563]: handler for fd 5 terminated
When I add a legacy IP DNS server to my /etc/resolv.conf and restart
dirmngr.socket, things behave as expected (I won't include transcript).
I also ran a tcpdump; no network traffic is generated by dirmngr to my
DNS servers when I only specify IPv6 addresses, and the SRV query (when
I modify my resolv.conf) is over legacy IP.
Regards,
Eric C. Landgraf
signature.asc
Description: PGP signature
