Bug#849845: dirmngr: Can't resolve keyserver hostname anymore

Sun, 01 Jan 2017 02:09:39 -0800 

Package: dirmngr
Version: 2.1.17-2
Severity: important

Hi!

since the upgrade to 2.1.17 (not sure if it's in -1 or -2), my dirmngr
is unusable. Any network operation triggers:

  can't connect to 'hkps.pool.sks-keyservers.net': no IP address for host

... almost immediately, i.e. resolver-timeout seems to be ignored.

I've tried multiple combinations of the following settings in
dirmngr.conf:

 * disabling "use-tor"
 * enabling "standard-resolver"
 * pointing "nameserver" to 127.0.0.1 (my Tor DNSPort, that only
   listens on UDP 127.0.0.1:53)
 * pointing "nameserver" to 8.8.8.8 (which should be the default
   given I have "use-tor" enabled, but well)
 * raising the value of "resolver-timeout"

… but none of them helped.

Downgrading to 2.1.16-3 fixes this problem.

The only weird thing about my system that I can think of is that my
/etc/resolv.conf points to 127.0.0.1 (where I have Tor's DNSPort
listening, that only handles A, AAAA, and PTR requests). In theory
this should not matter since with use-tor, DNS queries are done over
Tor to 8.8.8.8, if I got the manpage right. However, my limited strace
skills allow me to notice that dirmngr reads /etc/resolv.conf and then
connects to 127.0.0.1 and not to 8.8.8.8 (even if I explicitly set
"nameserver 8.8.8.8" in dirmngr.conf):

  23694 10:51:07.455096 socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 
IPPROTO_IP) = 6 <0.000015>
  23694 10:51:07.455145 bind(6, {sa_family=AF_INET, sin_port=htons(53891), 
sin_addr=inet_addr("0.0.0.0")}, 16) = 0 <0.000007>
  23694 10:51:07.455196 connect(6, {sa_family=AF_INET, sin_port=htons(53), 
sin_addr=inet_addr("127.0.0.1")}, 16) = 0 <0.000009>
  23694 10:51:07.455218 sendto(6, 
"\250\302\1\0\0\1\0\0\0\0\0\0\4hkps\4pool\16sks-keyse"..., 46, 0, NULL, 0) = 46 
<0.000039>
   | 00000  a8 c2 01 00 00 01 00 00  00 00 00 00 04 68 6b 70  .............hkp |
   | 00010  73 04 70 6f 6f 6c 0e 73  6b 73 2d 6b 65 79 73 65  s.pool.sks-keyse |
   | 00020  72 76 65 72 73 03 6e 65  74 00 00 01 00 01        rvers.net.....   |
  23694 10:51:07.455298 recvfrom(6, 0x7fda90009d4c, 768, 0, NULL, NULL) = -1 
EAGAIN (Resource temporarily unavailable) <0.000004>
  23694 10:51:07.455318 select(7, [6], [], NULL, {tv_sec=1, tv_usec=0}) = 1 (in 
[6], left {tv_sec=0, tv_usec=922029}) <0.077993>
  23694 10:51:07.533390 recvfrom(6, 
"\250\302\201\200\0\1\0\1\0\0\0\0\4hkps\4pool\16sks-keyse"..., 768, 0, NULL, 
NULL) = 62 <0.000032>
   | 00000  a8 c2 81 80 00 01 00 01  00 00 00 00 04 68 6b 70  .............hkp |
   | 00010  73 04 70 6f 6f 6c 0e 73  6b 73 2d 6b 65 79 73 65  s.pool.sks-keyse |
   | 00020  72 76 65 72 73 03 6e 65  74 00 00 01 00 01 c0 0c  rvers.net....... |
   | 00030  00 01 00 01 00 00 00 3c  00 04 d1 87 d3 8d        .......<......   |
  23694 10:51:07.533551 connect(6, {sa_family=AF_INET, sin_port=htons(53), 
sin_addr=inet_addr("127.0.0.1")}, 16) = 0 <0.000041>
  23694 10:51:07.533627 sendto(6, 
"\3601\1\0\0\1\0\0\0\0\0\0\4hkps\4pool\16sks-keyse"..., 46, 0, NULL, 0) = 46 
<0.000046>
   | 00000  f0 31 01 00 00 01 00 00  00 00 00 00 04 68 6b 70  .1...........hkp |
   | 00010  73 04 70 6f 6f 6c 0e 73  6b 73 2d 6b 65 79 73 65  s.pool.sks-keyse |
   | 00020  72 76 65 72 73 03 6e 65  74 00 00 1c 00 01        rvers.net.....   |
  23694 10:51:07.533720 recvfrom(6, 0x7fda9000a10c, 768, 0, NULL, NULL) = -1 
EAGAIN (Resource temporarily unavailable) <0.000010>
  23694 10:51:07.533763 select(7, [6], [], NULL, {tv_sec=1, tv_usec=0}) = 1 (in 
[6], left {tv_sec=0, tv_usec=921164}) <0.078863>
  23694 10:51:07.612705 recvfrom(6, 
"\3601\201\203\0\1\0\0\0\0\0\0\4hkps\4pool\16sks-keyse"..., 768, 0, NULL, NULL) 
= 46 <0.000022>
   | 00000  f0 31 81 83 00 01 00 00  00 00 00 00 04 68 6b 70  .1...........hkp |
   | 00010  73 04 70 6f 6f 6c 0e 73  6b 73 2d 6b 65 79 73 65  s.pool.sks-keyse |
   | 00020  72 76 65 72 73 03 6e 65  74 00 00 1c 00 01        rvers.net.....   |
  23694 10:51:07.612832 connect(6, {sa_family=AF_INET, sin_port=htons(53), 
sin_addr=inet_addr("127.0.0.1")}, 16) = 0 <0.000014>
  23694 10:51:07.612894 sendto(6, 
"\224J\1\0\0\1\0\0\0\0\0\0\4hkps\4pool\16sks-keyse"..., 47, 0, NULL, 0) = 47 
<0.000049>
   | 00000  94 4a 01 00 00 01 00 00  00 00 00 00 04 68 6b 70  .J...........hkp |
   | 00010  73 04 70 6f 6f 6c 0e 73  6b 73 2d 6b 65 79 73 65  s.pool.sks-keyse |
   | 00020  72 76 65 72 73 03 6e 65  74 00 00 00 1c 00 01     rvers.net......  |
  23694 10:51:07.612999 recvfrom(6, 
"\224J\201\204\0\1\0\0\0\0\0\0\4hkps\4pool\16sks-keyse"..., 768, 0, NULL, NULL) 
= 46 <0.000023>
   | 00000  94 4a 81 84 00 01 00 00  00 00 00 00 04 68 6b 70  .J...........hkp |
   | 00010  73 04 70 6f 6f 6c 0e 73  6b 73 2d 6b 65 79 73 65  s.pool.sks-keyse |
   | 00020  72 76 65 72 73 03 6e 65  74 00 00 00 1c 00        rvers.net.....   |
  23694 10:51:07.613070 close(6)          = 0 <0.000017>
  23694 10:51:07.613113 write(2, "can't connect to 'hkps.pool.sks-"..., 71) = 
71 <0.000018>
  23694 10:51:07.613149 write(2, "\n", 1) = 1 <0.000011>
  23694 10:51:07.613198 write(2, "error connecting to 'https://hkp";..., 76) = 
76 <0.000009>
  23694 10:51:07.613227 write(2, "\n", 1) = 1 <0.000007>
  23694 10:51:07.614732 write(2, "marking host 'hkps.pool.sks-keys"..., 51) = 
51 <0.000015>
  23694 10:51:07.614784 write(2, "\n", 1) = 1 <0.000005>

And dirmngr's debug log says:

  DBG: dns: resolve_dns_name(hkps.pool.sks-keyservers.net): Success
  can't connect to 'hkps.pool.sks-keyservers.net': no IP address for host
  error connecting to 'https://hkps.pool.sks-keyservers.net:443': Unknown host
  marking host 'hkps.pool.sks-keyservers.net' as dead
  host 'hkps.pool.sks-keyservers.net' marked as dead

… which feels a tad self-contradictory.

Am I doing something wrong? Anything else I can do to debug?

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (990, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-rc8-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages dirmngr depends on:
ii  adduser        3.115
ii  libassuan0     2.4.3-2
ii  libc6          2.24-8
ii  libgcrypt20    1.7.5-2
ii  libgnutls30    3.5.7-3
ii  libgpg-error0  1.26-1
ii  libksba8       1.3.5-2
ii  libldap-2.4-2  2.4.44+dfsg-2
ii  libnpth0       1.3-1
ii  lsb-base       9.20161125

Versions of packages dirmngr recommends:
ii  gnupg  2.1.17-2

Versions of packages dirmngr suggests:
ii  tor  0.2.9.8-2

-- no debconf information

-- 
intrigeri

Reply via email to