[Bug 1625845] Re: dirmngr doesn't handle IPv6 properly

Dimitri John Ledkov launchpad at surgut.co.uk
Wed Sep 21 02:06:32 UTC 2016 

Figuring out what dirmngr is doing in these cases, can be aided with
cranking up verbosity and logging the output, e.g.:

keyserver hkp://ipv6.pool.sks-keyservers.net
log-file /tmp/tmp.pVKaTIdXs8/.gnupg/dirmngr.log
debug-level guru

Options in $GNUPGHOME/dirmngr.conf. Followed by gpgconf --kill dirmngr.

Whilst plenty of stuff is logged.... it doesn't actually tell me if he
hit things over ipv6 or ipv4. It appears to be resolving a pool and
picking a random thing to connect to.

Note the https://bugs.gnupg.org/gnupg/issue1989

dirmngr supposed to figure out that something is dead, is retry
elsewhere. Does using hkp://ipv6.pool.sks-keyservers.net improve things
for you? That pool should have all servers accessible over ipv6, unlike
the main pool which may have ipv4-only servers.

Could you please crank up the logging, and check if it has excessive
amount of resolving dns pools and messages marking them dead?

** Bug watch added: bugs.gnupg.org/gnupg/ #1989
   http://bugs.gnupg.org/gnupg/issue1989

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gnupg2 in Ubuntu.
https://bugs.launchpad.net/bugs/1625845

Title:
  dirmngr doesn't handle IPv6 properly

Status in gnupg2 package in Ubuntu:
  Triaged

Bug description:
  This is a regression from gpgv1 which will prevent direct interaction
  with an IPv6 key server and on single and dual-stack IPv6 network,
  this will cause gpg to seemingly hang for up to several minutes.

  === IPv6 gpgv1 on xenial
  root at xenial:~# time gpg --keyserver hkp://[2a03:4000:6:40af::1] --recv-keys 0xBAEFF88C22F6E216
  gpg: requesting key 22F6E216 from hkp server [2a03:4000:6:40af::1]
  gpg: key 22F6E216: "LXC pre-built images <lxc-devel at lists.linuxcontainers.org>" not changed
  gpg: Total number processed: 1
  gpg:              unchanged: 1

  real    0m0.341s
  user    0m0.000s
  sys     0m0.000s

  
  === IPv6 gpgv2 on xenial
  root at yakkety:~# time gpg --keyserver hkp://[2a03:4000:6:40af::1] --recv-keys 0xBAEFF88C22F6E216
  gpg: keyserver receive failed: Unknown host

  real    0m0.827s
  user    0m0.004s
  sys     0m0.000s

  === Dual-stack DNS record gpgv1 on xenial
  root at xenial:~# time gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xBAEFF88C22F6E216
  gpg: requesting key 22F6E216 from hkp server pool.sks-keyservers.net
  gpg: key 22F6E216: "LXC pre-built images <lxc-devel at lists.linuxcontainers.org>" not changed
  gpg: Total number processed: 1
  gpg:              unchanged: 1

  real    0m1.430s
  user    0m0.000s
  sys     0m0.000s

  === Dual-stack DNS record gpgv2 on yakkety
  root at yakkety:~# time gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xBAEFF88C22F6E216
  gpg: key BAEFF88C22F6E216: "LXC pre-built images <lxc-devel at lists.linuxcontainers.org>" not changed
  gpg: Total number processed: 1
  gpg:              unchanged: 1

  real    0m33.495s
  user    0m0.000s
  sys     0m0.004s

  
  === Dual-stack DNS record gpgv2 on yakkety (ipv6-only machine)
  root at yakkety:~# time gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 0xBAEFF88C22F6E216
  gpg: key BAEFF88C22F6E216: "LXC pre-built images <lxc-devel at lists.linuxcontainers.org>" not changed
  gpg: Total number processed: 1
  gpg:              unchanged: 1

  real    1m32.326s
  user    0m0.004s
  sys     0m0.000s

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/1625845/+subscriptions

More information about the foundations-bugs mailing list