Hi, First, the domain name resolves to a bunch of IPs:
$ dig +noall +answer keys.gnupg.net keys.gnupg.net. 62665 IN CNAME pool.sks-keyservers.net. pool.sks-keyservers.net. 60 IN A 209.135.211.141 pool.sks-keyservers.net. 60 IN A 223.252.21.101 pool.sks-keyservers.net. 60 IN A 5.45.99.106 pool.sks-keyservers.net. 60 IN A 5.135.158.148 pool.sks-keyservers.net. 60 IN A 78.46.223.54 pool.sks-keyservers.net. 60 IN A 94.142.242.225 pool.sks-keyservers.net. 60 IN A 137.158.82.7 pool.sks-keyservers.net. 60 IN A 161.53.2.219 pool.sks-keyservers.net. 60 IN A 176.9.51.79 pool.sks-keyservers.net. 60 IN A 198.84.249.106 And the list of IPs is not fixed (changes over time), so it must be some kind of pool (as the name suggests). Then, not all of them ping: $ dig +noall +answer keys.gnupg.net | awk '$4 == "A" { print $5 }' | while IFS= read -r; do echo '#################'; ping -c 1 "$REPLY"; done ################# PING 137.158.82.7 (137.158.82.7) 56(84) bytes of data. --- 137.158.82.7 ping statistics --- -> 1 packets transmitted, 0 received, 100% packet loss, time 0ms ################# PING 94.142.242.225 (94.142.242.225) 56(84) bytes of data. 64 bytes from 94.142.242.225: icmp_seq=1 ttl=52 time=39.1 ms --- 94.142.242.225 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 39.127/39.127/39.127/0.000 ms ################# PING 78.46.223.54 (78.46.223.54) 56(84) bytes of data. --- 78.46.223.54 ping statistics --- -> 1 packets transmitted, 0 received, 100% packet loss, time 0ms ################# PING 5.135.158.148 (5.135.158.148) 56(84) bytes of data. 64 bytes from 5.135.158.148: icmp_seq=1 ttl=54 time=44.9 ms --- 5.135.158.148 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 44.999/44.999/44.999/0.000 ms ################# PING 5.45.99.106 (5.45.99.106) 56(84) bytes of data. 64 bytes from 5.45.99.106: icmp_seq=1 ttl=56 time=37.3 ms --- 5.45.99.106 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 37.300/37.300/37.300/0.000 ms ################# PING 223.252.21.101 (223.252.21.101) 56(84) bytes of data. 64 bytes from 223.252.21.101: icmp_seq=1 ttl=46 time=367 ms --- 223.252.21.101 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 367.836/367.836/367.836/0.000 ms ################# PING 209.135.211.141 (209.135.211.141) 56(84) bytes of data. 64 bytes from 209.135.211.141: icmp_seq=1 ttl=46 time=136 ms --- 209.135.211.141 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 136.886/136.886/136.886/0.000 ms ################# PING 198.84.249.106 (198.84.249.106) 56(84) bytes of data. 64 bytes from 198.84.249.106: icmp_seq=1 ttl=50 time=141 ms --- 198.84.249.106 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 141.682/141.682/141.682/0.000 ms ################# PING 176.9.51.79 (176.9.51.79) 56(84) bytes of data. 64 bytes from 176.9.51.79: icmp_seq=1 ttl=52 time=38.8 ms --- 176.9.51.79 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 38.858/38.858/38.858/0.000 ms ################# PING 161.53.2.219 (161.53.2.219) 56(84) bytes of data. 64 bytes from 161.53.2.219: icmp_seq=1 ttl=48 time=50.7 ms --- 161.53.2.219 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 50.793/50.793/50.793/0.000 ms Also, I experimented with different versions of gnupg: 1.4.18: $ gpg --version gpg (GnuPG) 1.4.18 Copyright (C) 2014 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later < http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 vagrant@vagrant-ubuntu-vivid-64:~/build/gnupg-2.0.29$ gpg --keyserver-options verbose,debug --keyserver gpg: Missing argument for option "--keyserver" $ gpg --keyserver-options verbose,debug --keyserver hkp://keys.gnupg.net --recv-key 0x409B6B1796C275462A1703113804BB82D39DC0E3 gpg: requesting key D39DC0E3 from hkp server keys.gnupg.net gpgkeys: curl version = GnuPG curl-shim * HTTP proxy is "null" * HTTP URL is " http://keys.gnupg.net:11371/pks/lookup?op=get&options=mr&search=0x409B6B1796C275462A1703113804BB82D39DC0E3 " * SRV tag is "pgpkey-http": host and port may be overridden * HTTP auth is "null" * HTTP method is GET ?: keys.gnupg.net: Host not found gpgkeys: HTTP fetch error 7: couldn't connect: Success gpg: no valid OpenPGP data found. gpg: Total number processed: 0 2.0.29: $ gpg2 --version gpg (GnuPG) 2.0.29 libgcrypt 1.6.4 Copyright (C) 2015 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later < http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, RSA, RSA, ELG, DSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB $ gpg2 --keyserver-options verbose,debug --keyserver hkp:// keys.gnupg.net --recv-key 0x409B6B1796C275462A1703113804BB82D39DC0E3 gpg: requesting key D39DC0E3 from hkp server keys.gnupg.net gpgkeys: curl version = GnuPG curl-shim * HTTP proxy is "null" * HTTP URL is " http://keys.gnupg.net:11371/pks/lookup?op=get&options=mr&search=0x409B6B1796C275462A1703113804BB82D39DC0E3 " * SRV tag is "pgpkey-http": host and port may be overridden * HTTP auth is "null" * HTTP method is GET gpgkeys: can't connect to `keys.gnupg.net': host not found gpgkeys: HTTP fetch error 7: couldn't connect: Not found gpg: no valid OpenPGP data found. gpg: Total number processed: 0 gpg: keyserver communications error: Unknown host gpg: keyserver communications error: No public key gpg: keyserver receive failed: No public key 2.1.8: $ gpg2 --version gpg (GnuPG) 2.1.8 libgcrypt 1.6.4 Copyright (C) 2015 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later < http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB $ gpg2 --keyserver hkp://keys.gnupg.net --recv-key 0x409B6B1796C275462A1703113804BB82D39DC0E3 gpg: keyserver receive failed: No keyserver available And we can see that error messages change over time, but doesn't get much better. Or so I think. Moreover, I've found the last message here: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgpg-error.git;a=blob;f=src/err-codes.h.in;h=e05d41fe4193090aff91c220ce621435688dd80c;hb=HEAD#l218 So, the culprit must be gnupg. As such, the first question is, "Do you think the message clearly describes what happened?" Then, can't it pick the first IP that works? And what's wrong with this keyserver? Is it an official one? If such a thing exists, that is. Can you recommend any other, that have better uptime. AFAICS, there is at least one IP that doesn't work. And finally, why can't I reproduce it on the host machine, running Arch Linux with gnupg-2.1.8? The tests in the email I did on Ubuntu Vivid. Regards, Yuri
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users