Re: ?: keys.gnupg.net: Host not found

2015-11-01 Thread Yuri Kanivetsky 
Hi,

Thanks for your replies. It's vagrant's dns proxy who's at fault here:

https://www.virtualbox.org/ticket/14736
https://github.com/protobox/protobox/issues/159#issuecomment-152840998

Regards,
Yuri

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: ?: keys.gnupg.net: Host not found

2015-10-15 Thread Yuri Kanivetsky 
Hi,

I wanted to add, that I can't reproduce the issue with the test
program alone. Only after making some gpg runs.

Regards,
Yuri

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: ?: keys.gnupg.net: Host not found

2015-10-11 Thread Yuri Kanivetsky 
Hi,

I was able to track it down to this line of code:
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=common/http.c;h=c2cac169d222ad5f41d1a8e224dd4bbaa2d7912b;hb=311816f6cf9d411dba060603e3c5d01c72824645#l2264
Here getaddrinfo() returns -3 (EAI_AGAIN) in the VM, but not on the host
machine. One can get there like so:

$ cat ~/dirmngr-input-alias
KEYSERVER --clear hkp://keys.gnupg.net
KS_GET 409B6B1796C275462A1703113804BB82D39DC0E3
BYE
$ gdb dirmngr/dirmngr
(gdb) break connect_server
(gdb) r < ~/dirmngr-input-alias
(gdb) u 2264
(gdb) n
(gdb) print $eax
$1 = -3

Here's a test program that doesn't work in VM, but works on the host
machine:

#include 
#include 
#include 
#include 
#include 

int main(void) {
int r;
struct addrinfo hints, *res;
memset(&hints, 0, sizeof (hints));
hints.ai_socktype = SOCK_STREAM;
r = getaddrinfo("keys.gnupg.net", "11371", &hints, &res);
// r = getaddrinfo("pool.sks-keyservers.net", "11371", &hints,
&res);
if (r) {
printf("r: %hhi\n", r);   // EAI_AGAIN
printf("r: %s\n", gai_strerror(r));
}
return 0;
}

$ gcc 1.c
$ ./a.out
r: -3
r: Temporary failure in name resolution

VM:

$ `ldd a.out | grep libc | awk '{ print $3 }'`
GNU C Library (Ubuntu GLIBC 2.21-0ubuntu4) stable release version 2.21,
by Roland McGrath et al.
Copyright (C) 2015 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
Compiled by GNU CC version 4.9.2.
Available extensions:
crypt add-on version 2.1 by Michael Glad and others
GNU Libidn by Simon Josefsson
Native POSIX Threads Library by Ulrich Drepper et al
BIND-8.2.3-T5B
libc ABIs: UNIQUE IFUNC
For bug reporting instructions, please see:
.

host machine:

$ `ldd a.out | grep libc | awk '{ print $3 }'`
GNU C Library (GNU libc) stable release version 2.22, by Roland McGrath
et al.
Copyright (C) 2015 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
Compiled by GNU CC version 5.2.0.
Available extensions:
crypt add-on version 2.1 by Michael Glad and others
GNU Libidn by Simon Josefsson
Native POSIX Threads Library by Ulrich Drepper et al
BIND-8.2.3-T5B
libc ABIs: UNIQUE IFUNC
For bug reporting instructions, please see:
.

Can you confirm if it works with libc-2.22/libc-2.21 for you?

Regards,
Yuri
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: ?: keys.gnupg.net: Host not found

2015-10-10 Thread Yuri Kanivetsky 
>
> Just a thought, but have you tried one of the geographical pools
> ({eu,na,oc}.pool.sks-keyservers.net) instead of the general one? that
> should result in better network response time and routing.
>

I just tried pool.sks-keyservers.net, and with this domain it works (in VM):

$ gpg2 --keyserver hkp://keys.gnupg.net --recv-key
409B6B1796C275462A1703113804BB82D39DC0E3
gpg: keyserver receive failed: No keyserver available

$ gpg2 --keyserver hkp://pool.sks-keyservers.net --recv-key
409B6B1796C275462A1703113804BB82D39DC0E3
gpg: key D39DC0E3: "Michal Papis (RVM signing) " not
changed
gpg: Total number processed: 1
gpg:  unchanged: 1

$ gpg2 --keyserver hkp://keys.gnupg.net --recv-key
409B6B1796C275462A1703113804BB82D39DC0E3
gpg: keyserver receive failed: No keyserver available

What could this possibly mean...


> > ### 154.127.60.51 gpg: keyserver receive failed: No keyserver
> > available
>
> This works for me at least
>
> > ### 178.33.187.175 gpg: keyserver receive failed: No keyserver
> > available ### 206.176.170.195
>
> This works for me as well
>

I can again confirm that those IPs doesn't work for me, but ping (on host
machine):

 $ ping -c 1 154.127.60.51
PING 154.127.60.51 (154.127.60.51) 56(84) bytes of data.
64 bytes from 154.127.60.51: icmp_seq=1 ttl=44 time=213 ms

--- 154.127.60.51 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 213.158/213.158/213.158/0.000 ms

$ gpg --keyserver hkp://154.127.60.51 --recv-key
409B6B1796C275462A1703113804BB82D39DC0E3
gpg: keyserver receive failed: No keyserver available

$ ping -c 1 154.127.60.51
PING 154.127.60.51 (154.127.60.51) 56(84) bytes of data.
64 bytes from 154.127.60.51: icmp_seq=1 ttl=44 time=213 ms

--- 154.127.60.51 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 213.103/213.103/213.103/0.000 ms

Regards,
Yuri
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: ?: keys.gnupg.net: Host not found

2015-10-10 Thread Kristian Fiskerstrand 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 10/10/2015 12:09 PM, Yuri Kanivetsky wrote:
> It is a pool. keys.gnupg.net  is just an 
> alias for the SKS server pool[1], IIRC. I host a server in this
> pool and it is set to drop all IPv4 ICMP packets, so will not
> respond to a ping even though the server is online. It will respond
> to ICMPv6 pings however.
> 
> 
> 
> I am also NOT able to reproduce this error on XUbuntu 14.04 x64:
> 
> 
> Okay, let us do this the other way around. That's what I'm getting
> on host machine:

Just a thought, but have you tried one of the geographical pools
({eu,na,oc}.pool.sks-keyservers.net) instead of the general one? that
should result in better network response time and routing.

> ### 154.127.60.51 gpg: keyserver receive failed: No keyserver
> available

This works for me at least

> ### 176.9.100.87 gpg: keyserver receive failed: No data

This keyserver is wrongly configured, as it doesn't respond on all
traffic on port 11371 but filters it based on Host header (the server
operator is BCCed to this email), so it currently does work using the
pool.sks-keyserver.net but not keys.gnupg.net

> ### 178.33.187.175 gpg: keyserver receive failed: No keyserver
> available ### 206.176.170.195

This works for me as well


> is keys.gnupg.net  pool an official source
> of keys? Can you recommend where to submit a key?
> 

There is no "official source", nor any requirement to publish keys on
a keyserver, either private nor public. It is often convenient to do
so, though (but the existence of a key on a keyserver is no indication
of validity of the key, so this will always have to be verified out of
band).

> 
> How was this 2.1 version built?
> 
> 
> `./configure && make && sudo make install` in the previous email,
> and `./configure CFLAGS='-g -O0' CXXFLAGS='-g -O0' && make && sudo
> make install` in this one.
> 
> AFAICS, it's the dirmngr who does the request. Can I reproduce it
> with dirmngr alone, not involving gpg binary?

$ dirmngr
...
OK Dirmngr 2.1.9 at your service
KEYSERVER --clear hkp://pool.sks-keyservers.net
OK
KS_GET 409B6B1796C275462A1703113804BB82D39DC0E3
...
BYE

- -- 
- 
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- 
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- 
Vincit qui se vincit
He who conquers conquers self
-BEGIN PGP SIGNATURE-

iQEcBAEBCgAGBQJWGRQdAAoJECULev7WN52FV9MH/1cGzU30oPeQ2hJpNsG7on3v
yv+wsxVNnvvkhU+QAs6v2FBPZgnVkJvsykffLT7iET7xx2kOo4bxsl8zEjDF/n62
3gusVmPP2x1qCt44eXGVoB0un06QBPhCgJGu8jcN8Emtjdn93MftXkgA5fhmtiGF
waTt3PdYmdyFMaMzikSU/sfMpU29j51FbcPyzi4LQK/mjRLb9Ft09QC/DiJfe+gg
+k8aZgUDcYtU49eifxOJHfpPCRUfDMY5bvK+ZvgbmS3Pra3Yej9vByR1NRLsqJwk
+jdPbIug/enHo7pKy2T6VhnKduO/jPo0eMVouMZ2yV7s23rWVKt8jT+sxxvC5qw=
=cxUx
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: ?: keys.gnupg.net: Host not found

2015-10-10 Thread Yuri Kanivetsky 
>
> It is a pool. keys.gnupg.net is just an alias for the SKS server
> pool[1], IIRC. I host a server in this pool and it is set to drop all
> IPv4 ICMP packets, so will not respond to a ping even though the server
> is online. It will respond to ICMPv6 pings however.



> I am also NOT able to reproduce this error on XUbuntu 14.04 x64:


Okay, let us do this the other way around. That's what I'm getting on host
machine:

$ dig +noall +answer keys.gnupg.net | awk '$4 == "A" { print $5 }' |
while IFS= read -r; do echo "### $REPLY"; gpg --keyserver "hkp://$REPLY"
--recv-key 409B6B1796C275462A1703113804BB82D39DC0E3; done
### 62.210.74.32
gpg: keyserver receive failed: No keyserver available
### 78.157.209.9
gpg: key D39DC0E3: "Michal Papis (RVM signing) " not
changed
gpg: Total number processed: 1
gpg:  unchanged: 1
### 132.248.241.99
gpg: key D39DC0E3: "Michal Papis (RVM signing) " not
changed
gpg: Total number processed: 1
gpg:  unchanged: 1
### 154.127.60.51
gpg: keyserver receive failed: No keyserver available
### 176.9.100.87
gpg: keyserver receive failed: No data
### 178.33.187.175
gpg: keyserver receive failed: No keyserver available
### 206.176.170.195
gpg: key D39DC0E3: "Michal Papis (RVM signing) " not
changed
gpg: Total number processed: 1
gpg:  unchanged: 1
### 209.135.211.141
gpg: key D39DC0E3: "Michal Papis (RVM signing) " not
changed
gpg: Total number processed: 1
gpg:  unchanged: 1
### 212.71.252.8
gpg: keyserver receive failed: No keyserver available
### 5.9.143.170
gpg: key D39DC0E3: "Michal Papis (RVM signing) " not
changed
gpg: Total number processed: 1
gpg:  unchanged: 1


> Inclusion in the pool is voluntary, so there aren't any "official"
> servers, so to speak, but there are criteria for being included in the
> main pool. [...] As far as uptime, if the server did not
> respond during the last check of the pool, it will not be included. So,
> in rare cases, there may be one or two servers in the pool that are not
> currently responding, but did so during the last check of the pool. If
> they do not respond at the next check, they are removed from the main pool.


Correct me if I'm wrong. Anybody can add a machine to a pool on condition
that it meets some specific criteria.

Speaking of official servers, I meant this. There's also
keyserver.ubuntu.com, keyring.debian.org. Surely there's no official
servers among those in the keys.gnupg.net pool. I meant, is keys.gnupg.net pool
an official source of keys? Can you recommend where to submit a key?



> both of these are using curl-shim, what happens if you try the full
> curl version (how to do that is distro-specific, iirc debian et al
> have a separate gnupg-curl package)?
>

After installing gnupg-curl:

 $ gpg --version
gpg (GnuPG) 1.4.18
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <
http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

$ gpg --keyserver-options verbose,debug --keyserver hkp://keys.gnupg.net
--recv-key 409B6B1796C275462A1703113804BB82D39DC0E3
gpg: requesting key D39DC0E3 from hkp server keys.gnupg.net
gpgkeys: curl version = libcurl/7.38.0 GnuTLS/3.3.8 zlib/1.2.8
libidn/1.28 librtmp/2.3
* Hostname was NOT found in DNS cache
* Could not resolve host: keys.gnupg.net
* Closing connection 0
gpgkeys: HTTP fetch error 6: Could not resolve host: keys.gnupg.net
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

Tell me, if you need output of `gnupg-2.0.29` as well.

What are the known schematas listed for:
> $ echo "KEYSERVER --help" | gpg-connect-agent --dirmngr
>

$ echo "KEYSERVER --help" | gpg-connect-agent --dirmngr
gpg-connect-agent: no running Dirmngr - starting
'/usr/local/bin/dirmngr'
gpg-connect-agent: waiting for the dirmngr to come up ... (5s)
gpg-connect-agent: connection to the dirmngr established
S # Known schemata:
S #   hkp
S #   http
S #   finger
S #   kdns
S # (Use an URL for engine specific help.)
OK


How was this 2.1 version built?
>

`./configure && make && sudo make install` in the previous email, and
`./configure CFLAGS='-g -O0' CXXFLAGS='-g -O0' && make && sudo make
install` in this one.

AFAICS, it's the dirmngr who does the request. Can I reproduce it with
dirmngr alone, not involving gpg binary?

Regards,
Yuri
__

Re: ?: keys.gnupg.net: Host not found

2015-10-09 Thread Kristian Fiskerstrand 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 10/08/2015 08:39 PM, Yuri Kanivetsky wrote:
> Hi,
> 

..

> 
> Also, I experimented with different versions of gnupg:
> 
> 1.4.18:
> 
> $ gpg --version gpg (GnuPG) 1.4.18

...

> $ gpg --keyserver-options verbose,debug --keyserver 
> hkp://keys.gnupg.net  --recv-key 
> 0x409B6B1796C275462A1703113804BB82D39DC0E3 gpg: requesting key
> D39DC0E3 from hkp server keys.gnupg.net  
> gpgkeys: curl version = GnuPG curl-shim

> 2.0.29:
> 
> $ gpg2 --version gpg (GnuPG) 2.0.29 libgcrypt 1.6.4


...

> gpgkeys: curl version = GnuPG curl-shim

both of these are using curl-shim, what happens if you try the full
curl version (how to do that is distro-specific, iirc debian et al
have a separate gnupg-curl package)?

> 
> 2.1.8:
> 
> $ gpg2 --version gpg (GnuPG) 2.1.8 libgcrypt 1.6.4 Copyright (C)
> 2015 Free Software Foundation, Inc. License GPLv3+: GNU GPL version
> 3 or later  This is free
> software: you are free to change and redistribute it. There is NO
> WARRANTY, to the extent permitted by law.
> 
> Home: ~/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ECDH,
> ECDSA, EDDSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192,
> AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: SHA1,
> RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression:
> Uncompressed, ZIP, ZLIB
> 
> $ gpg2 --keyserver hkp://keys.gnupg.net  
> --recv-key 0x409B6B1796C275462A1703113804BB82D39DC0E3 gpg:
> keyserver receive failed: No keyserver available

What are the known schematas listed for:
$ echo "KEYSERVER --help" | gpg-connect-agent --dirmngr

How was this 2.1 version built?


- -- 
- 
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- 
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- 
Manus manum lavat
One hand washes the other
-BEGIN PGP SIGNATURE-

iQEcBAEBCgAGBQJWF3zPAAoJECULev7WN52F5bwH/3eTl3gAmRm+UqmGb+tcBGvx
vm4GQSK2QHFcEWLBSmxJAcSr+w+L/MCjhEqEhwooSNKG/GLGKXmSrZDWj4sKsBWi
EMKdxu/mAva83F/ChF5xguD0d2NmuqBIs+aiL0GM0iPR/XGiAJmMX9A+b0cpNX+r
1vnT8qnFitRuPl466zBVHo2gEg9QucHyvjL7U0mIzfjdFf6YR6fdCnB8ByO/dl2d
TK6e1pXKswB1KRGE2pRApOzgEmP1Wn6e897Ui0g/yhU5qQ1QYSWmCN26aoUtKX81
wZT5MakFIgt0wXJHBabqgsFvwLql79JhbkYxHpvLYiPiyN6CZo8Oy+7GsEvp6hw=
=k1ZB
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

(OT) Blocking ICMP (was: Re: ?: keys.gnupg.net: Host not found)

2015-10-08 Thread Peter Lebbing 
On 08/10/15 21:26, Antony Prince wrote:
> I host a server in this pool and it is set to drop all IPv4 ICMP packets

I hope you mean specifically dropping all ICMP echo-request packets, not all
ICMP packets. Because some ICMP packets are *essential* for proper functioning
of your internet connection, like path MTU discovery. Systems behind firewalls
that drop all ICMP packets can never properly do path MTU discovery, and this
is nicely reflected in the man page for the iptables cludge that prevents most
PMTU blackhole issues:

> TCPMSS [...]
> 
> This  target  is  used to overcome criminally braindead ISPs or servers
> which block "ICMP Fragmentation Needed" or "ICMPv6 Packet Too  Big"
> packets.   The symptoms of this problem are that everything works fine from
> your Linux fire‐ wall/router, but machines behind it can never exchange
> large packets: [...]

And PMTU discovery is not the only thing affected by blocking all ICMP, but
it's a biggy.

HTH,

Peter.

PS: It is referring to "working fine from your router" because this target is
for the router where the "pipe" so to say becomes "smaller": a small MTU in
between larger MTU's. The router is aware of the small MTU, but other systems
are not, which is why only the router works properly, provided the small MTU
is the smallest on the path.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: ?: keys.gnupg.net: Host not found

2015-10-08 Thread Antony Prince 
On 10/08/2015 02:39 PM, Yuri Kanivetsky wrote:
> Hi,
> 
> First, the domain name resolves to a bunch of IPs:
> 
...
> 
> And the list of IPs is not fixed (changes over time), so it must be some
> kind of pool (as the name suggests). Then, not all of them ping:

It is a pool. keys.gnupg.net is just an alias for the SKS server
pool[1], IIRC. I host a server in this pool and it is set to drop all
IPv4 ICMP packets, so will not respond to a ping even though the server
is online. It will respond to ICMPv6 pings however.

...
> 
> Then, can't it pick the first IP that works? And what's wrong with this
> keyserver? Is it an official one? If such a thing exists, that is. Can
> you recommend any other, that have better uptime. AFAICS, there is at
> least one IP that doesn't work. And finally, why can't I reproduce it on
> the host machine, running Arch Linux with gnupg-2.1.8? The tests in the
> email I did on Ubuntu Vivid.
> 

Only servers running SKS 1.1.5 or higher are allowed in the pool.
Inclusion in the pool is voluntary, so there aren't any "official"
servers, so to speak, but there are criteria for being included in the
main pool. These include having a reverse proxy in front of the sks
server, the hostname of the server must resolve properly, and the server
cannot be missing more than a certain percentage of keys compared to
other servers in the pool. The pool is checked every hour and only
servers meeting the criteria are included. Using a specific keyserver is
generally frowned upon since the pool was created to help distribute the
load evenly over the servers. As far as uptime, if the server did not
respond during the last check of the pool, it will not be included. So,
in rare cases, there may be one or two servers in the pool that are not
currently responding, but did so during the last check of the pool. If
they do not respond at the next check, they are removed from the main pool.

I am also NOT able to reproduce this error on XUbuntu 14.04 x64:

gpg (GnuPG) 2.1.8
libgcrypt 1.7.0-beta261
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later

This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

antony@050415:~/Desktop$ gpg2 --keyserver hkp://keys.gnupg.net
--recv-key 0x409B6B1796C275462A1703113804BB82D39DC0E3
gpg: key D39DC0E3: public key "Michal Papis (RVM signing)
" imported
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   2  signed:   2  trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: depth: 1  valid:   2  signed:   0  trust: 1-, 0q, 0n, 0m, 1f, 0u
gpg: next trustdb check due at 2016-10-28
gpg: Total number processed: 1
gpg:   imported: 1

[1]https://sks-keyservers.net/overview-of-pools.php

-- 

Antony Prince

Key ID: 0xAF3D4087301B1B19
Fingerprint: 591FF17F7A4AA8D0F659C482AF3D4087301B1B19
URL: https://keyserver.blazrsoft.com



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: ?: keys.gnupg.net: Host not found

2015-10-08 Thread Yuri Kanivetsky 
> So, the culprit must be gnupg.

I meant "partly gnupg." Sorry for separate email.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: ?: keys.gnupg.net: Host not found

2015-10-08 Thread Yuri Kanivetsky 
Hi,

First, the domain name resolves to a bunch of IPs:

$ dig +noall +answer keys.gnupg.net
keys.gnupg.net. 62665   IN  CNAME   pool.sks-keyservers.net.
pool.sks-keyservers.net. 60 IN  A   209.135.211.141
pool.sks-keyservers.net. 60 IN  A   223.252.21.101
pool.sks-keyservers.net. 60 IN  A   5.45.99.106
pool.sks-keyservers.net. 60 IN  A   5.135.158.148
pool.sks-keyservers.net. 60 IN  A   78.46.223.54
pool.sks-keyservers.net. 60 IN  A   94.142.242.225
pool.sks-keyservers.net. 60 IN  A   137.158.82.7
pool.sks-keyservers.net. 60 IN  A   161.53.2.219
pool.sks-keyservers.net. 60 IN  A   176.9.51.79
pool.sks-keyservers.net. 60 IN  A   198.84.249.106

And the list of IPs is not fixed (changes over time), so it must be some
kind of pool (as the name suggests). Then, not all of them ping:

$ dig +noall +answer keys.gnupg.net | awk '$4 == "A" { print $5 }' |
while IFS= read -r; do echo '#'; ping -c 1 "$REPLY"; done
#
PING 137.158.82.7 (137.158.82.7) 56(84) bytes of data.

--- 137.158.82.7 ping statistics ---
-> 1 packets transmitted, 0 received, 100% packet loss, time 0ms

#
PING 94.142.242.225 (94.142.242.225) 56(84) bytes of data.
64 bytes from 94.142.242.225: icmp_seq=1 ttl=52 time=39.1 ms

--- 94.142.242.225 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 39.127/39.127/39.127/0.000 ms
#
PING 78.46.223.54 (78.46.223.54) 56(84) bytes of data.

--- 78.46.223.54 ping statistics ---
-> 1 packets transmitted, 0 received, 100% packet loss, time 0ms

#
PING 5.135.158.148 (5.135.158.148) 56(84) bytes of data.
64 bytes from 5.135.158.148: icmp_seq=1 ttl=54 time=44.9 ms

--- 5.135.158.148 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 44.999/44.999/44.999/0.000 ms
#
PING 5.45.99.106 (5.45.99.106) 56(84) bytes of data.
64 bytes from 5.45.99.106: icmp_seq=1 ttl=56 time=37.3 ms

--- 5.45.99.106 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 37.300/37.300/37.300/0.000 ms
#
PING 223.252.21.101 (223.252.21.101) 56(84) bytes of data.
64 bytes from 223.252.21.101: icmp_seq=1 ttl=46 time=367 ms

--- 223.252.21.101 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 367.836/367.836/367.836/0.000 ms
#
PING 209.135.211.141 (209.135.211.141) 56(84) bytes of data.
64 bytes from 209.135.211.141: icmp_seq=1 ttl=46 time=136 ms

--- 209.135.211.141 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 136.886/136.886/136.886/0.000 ms
#
PING 198.84.249.106 (198.84.249.106) 56(84) bytes of data.
64 bytes from 198.84.249.106: icmp_seq=1 ttl=50 time=141 ms

--- 198.84.249.106 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 141.682/141.682/141.682/0.000 ms
#
PING 176.9.51.79 (176.9.51.79) 56(84) bytes of data.
64 bytes from 176.9.51.79: icmp_seq=1 ttl=52 time=38.8 ms

--- 176.9.51.79 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 38.858/38.858/38.858/0.000 ms
#
PING 161.53.2.219 (161.53.2.219) 56(84) bytes of data.
64 bytes from 161.53.2.219: icmp_seq=1 ttl=48 time=50.7 ms

--- 161.53.2.219 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 50.793/50.793/50.793/0.000 ms

Also, I experimented with different versions of gnupg:

1.4.18:

$ gpg --version
gpg (GnuPG) 1.4.18
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <
http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
vagrant@vagrant-ubuntu-vivid-64:~/build/gnupg-2.0.29$ gpg
--keyserver-options verbose,debug --keyserver
gpg: Missing argument for option "--keyserver"

$ gpg --keyserver-options verbose,debug --keyserver hkp://keys.gnupg.net
--recv-key 0x409B6B1796C275462A1703113804BB82D39DC0E3
gpg: requesting ke

Re: ?: keys.gnupg.net: Host not found

2015-10-06 Thread Kristian Fiskerstrand 
On 10/06/2015 10:23 AM, Yuri Kanivetsky wrote:
> Hi,
> 

..

> 
> Do you have any clues? Is there anything I can check? I'm not using
> proxy, if anything.
> 
> Regards, Yuri

It would be helpful to have information regarding which version of
gnupg this is using, and if <2.1 how the keyserver helpers were built,
primarily whether using full curl implementation or curl-shim. This
can be checked using

 $ gpg --keyserver-options verbose,debug --keyserver
hkp://keys.gnupg.net --recv-key 0x409B6B1796C275462A1703113804BB82D39DC0E3

and one one of my VMs still running 2.0 reports
gpg: requesting key D39DC0E3 from hkp server keys.gnupg.net
gpgkeys: curl version = libcurl/7.43.0 OpenSSL/1.0.2d zlib/1.2.8

Output from "dig" or similar tools as to the state of the DNS resolver
likely used is also helpful. Another potential issue that comes up
from time to time is IPv4 vs IPv6, so pay attention to the address it
is trying to connect to in the output.

-- 

Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk

Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3

"The power of accurate observation is commonly called cynicism by
those who have not got it."
George Bernard Shaw



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users