Bug#849845: marked as done (dirmngr: Can't resolve keyserver hostname anymore)

[Debian Bug Tracking System]

Your message dated Fri, 7 Jul 2017 07:33:20 +0000
with message-id <20170707073320.e7d73mxcvfkwk...@sarek.noreply.org>
and subject line fixed with Tor 0.3.0.3-alpha
has caused the Debian Bug report #849845,
regarding dirmngr: Can't resolve keyserver hostname anymore
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
849845: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849845
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: dirmngr
Version: 2.1.17-2
Severity: important

Hi!

since the upgrade to 2.1.17 (not sure if it's in -1 or -2), my dirmngr
is unusable. Any network operation triggers:

  can't connect to 'hkps.pool.sks-keyservers.net': no IP address for host

... almost immediately, i.e. resolver-timeout seems to be ignored.

I've tried multiple combinations of the following settings in
dirmngr.conf:

 * disabling "use-tor"
 * enabling "standard-resolver"
 * pointing "nameserver" to 127.0.0.1 (my Tor DNSPort, that only
   listens on UDP 127.0.0.1:53)
 * pointing "nameserver" to 8.8.8.8 (which should be the default
   given I have "use-tor" enabled, but well)
 * raising the value of "resolver-timeout"

… but none of them helped.

Downgrading to 2.1.16-3 fixes this problem.

The only weird thing about my system that I can think of is that my
/etc/resolv.conf points to 127.0.0.1 (where I have Tor's DNSPort
listening, that only handles A, AAAA, and PTR requests). In theory
this should not matter since with use-tor, DNS queries are done over
Tor to 8.8.8.8, if I got the manpage right. However, my limited strace
skills allow me to notice that dirmngr reads /etc/resolv.conf and then
connects to 127.0.0.1 and not to 8.8.8.8 (even if I explicitly set
"nameserver 8.8.8.8" in dirmngr.conf):

  23694 10:51:07.455096 socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 
IPPROTO_IP) = 6 <0.000015>
  23694 10:51:07.455145 bind(6, {sa_family=AF_INET, sin_port=htons(53891), 
sin_addr=inet_addr("0.0.0.0")}, 16) = 0 <0.000007>
  23694 10:51:07.455196 connect(6, {sa_family=AF_INET, sin_port=htons(53), 
sin_addr=inet_addr("127.0.0.1")}, 16) = 0 <0.000009>
  23694 10:51:07.455218 sendto(6, 
"\250\302\1\0\0\1\0\0\0\0\0\0\4hkps\4pool\16sks-keyse"..., 46, 0, NULL, 0) = 46 
<0.000039>
   | 00000  a8 c2 01 00 00 01 00 00  00 00 00 00 04 68 6b 70  .............hkp |
   | 00010  73 04 70 6f 6f 6c 0e 73  6b 73 2d 6b 65 79 73 65  s.pool.sks-keyse |
   | 00020  72 76 65 72 73 03 6e 65  74 00 00 01 00 01        rvers.net.....   |
  23694 10:51:07.455298 recvfrom(6, 0x7fda90009d4c, 768, 0, NULL, NULL) = -1 
EAGAIN (Resource temporarily unavailable) <0.000004>
  23694 10:51:07.455318 select(7, [6], [], NULL, {tv_sec=1, tv_usec=0}) = 1 (in 
[6], left {tv_sec=0, tv_usec=922029}) <0.077993>
  23694 10:51:07.533390 recvfrom(6, 
"\250\302\201\200\0\1\0\1\0\0\0\0\4hkps\4pool\16sks-keyse"..., 768, 0, NULL, 
NULL) = 62 <0.000032>
   | 00000  a8 c2 81 80 00 01 00 01  00 00 00 00 04 68 6b 70  .............hkp |
   | 00010  73 04 70 6f 6f 6c 0e 73  6b 73 2d 6b 65 79 73 65  s.pool.sks-keyse |
   | 00020  72 76 65 72 73 03 6e 65  74 00 00 01 00 01 c0 0c  rvers.net....... |
   | 00030  00 01 00 01 00 00 00 3c  00 04 d1 87 d3 8d        .......<......   |
  23694 10:51:07.533551 connect(6, {sa_family=AF_INET, sin_port=htons(53), 
sin_addr=inet_addr("127.0.0.1")}, 16) = 0 <0.000041>
  23694 10:51:07.533627 sendto(6, 
"\3601\1\0\0\1\0\0\0\0\0\0\4hkps\4pool\16sks-keyse"..., 46, 0, NULL, 0) = 46 
<0.000046>
   | 00000  f0 31 01 00 00 01 00 00  00 00 00 00 04 68 6b 70  .1...........hkp |
   | 00010  73 04 70 6f 6f 6c 0e 73  6b 73 2d 6b 65 79 73 65  s.pool.sks-keyse |
   | 00020  72 76 65 72 73 03 6e 65  74 00 00 1c 00 01        rvers.net.....   |
  23694 10:51:07.533720 recvfrom(6, 0x7fda9000a10c, 768, 0, NULL, NULL) = -1 
EAGAIN (Resource temporarily unavailable) <0.000010>
  23694 10:51:07.533763 select(7, [6], [], NULL, {tv_sec=1, tv_usec=0}) = 1 (in 
[6], left {tv_sec=0, tv_usec=921164}) <0.078863>
  23694 10:51:07.612705 recvfrom(6, 
"\3601\201\203\0\1\0\0\0\0\0\0\4hkps\4pool\16sks-keyse"..., 768, 0, NULL, NULL) 
= 46 <0.000022>
   | 00000  f0 31 81 83 00 01 00 00  00 00 00 00 04 68 6b 70  .1...........hkp |
   | 00010  73 04 70 6f 6f 6c 0e 73  6b 73 2d 6b 65 79 73 65  s.pool.sks-keyse |
   | 00020  72 76 65 72 73 03 6e 65  74 00 00 1c 00 01        rvers.net.....   |
  23694 10:51:07.612832 connect(6, {sa_family=AF_INET, sin_port=htons(53), 
sin_addr=inet_addr("127.0.0.1")}, 16) = 0 <0.000014>
  23694 10:51:07.612894 sendto(6, 
"\224J\1\0\0\1\0\0\0\0\0\0\4hkps\4pool\16sks-keyse"..., 47, 0, NULL, 0) = 47 
<0.000049>
   | 00000  94 4a 01 00 00 01 00 00  00 00 00 00 04 68 6b 70  .J...........hkp |
   | 00010  73 04 70 6f 6f 6c 0e 73  6b 73 2d 6b 65 79 73 65  s.pool.sks-keyse |
   | 00020  72 76 65 72 73 03 6e 65  74 00 00 00 1c 00 01     rvers.net......  |
  23694 10:51:07.612999 recvfrom(6, 
"\224J\201\204\0\1\0\0\0\0\0\0\4hkps\4pool\16sks-keyse"..., 768, 0, NULL, NULL) 
= 46 <0.000023>
   | 00000  94 4a 81 84 00 01 00 00  00 00 00 00 04 68 6b 70  .J...........hkp |
   | 00010  73 04 70 6f 6f 6c 0e 73  6b 73 2d 6b 65 79 73 65  s.pool.sks-keyse |
   | 00020  72 76 65 72 73 03 6e 65  74 00 00 00 1c 00        rvers.net.....   |
  23694 10:51:07.613070 close(6)          = 0 <0.000017>
  23694 10:51:07.613113 write(2, "can't connect to 'hkps.pool.sks-"..., 71) = 
71 <0.000018>
  23694 10:51:07.613149 write(2, "\n", 1) = 1 <0.000011>
  23694 10:51:07.613198 write(2, "error connecting to 'https://hkp";..., 76) = 
76 <0.000009>
  23694 10:51:07.613227 write(2, "\n", 1) = 1 <0.000007>
  23694 10:51:07.614732 write(2, "marking host 'hkps.pool.sks-keys"..., 51) = 
51 <0.000015>
  23694 10:51:07.614784 write(2, "\n", 1) = 1 <0.000005>

And dirmngr's debug log says:

  DBG: dns: resolve_dns_name(hkps.pool.sks-keyservers.net): Success
  can't connect to 'hkps.pool.sks-keyservers.net': no IP address for host
  error connecting to 'https://hkps.pool.sks-keyservers.net:443': Unknown host
  marking host 'hkps.pool.sks-keyservers.net' as dead
  host 'hkps.pool.sks-keyservers.net' marked as dead

… which feels a tad self-contradictory.

Am I doing something wrong? Anything else I can do to debug?

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (990, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-rc8-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages dirmngr depends on:
ii  adduser        3.115
ii  libassuan0     2.4.3-2
ii  libc6          2.24-8
ii  libgcrypt20    1.7.5-2
ii  libgnutls30    3.5.7-3
ii  libgpg-error0  1.26-1
ii  libksba8       1.3.5-2
ii  libldap-2.4-2  2.4.44+dfsg-2
ii  libnpth0       1.3-1
ii  lsb-base       9.20161125

Versions of packages dirmngr recommends:
ii  gnupg  2.1.17-2

Versions of packages dirmngr suggests:
ii  tor  0.2.9.8-2

-- no debconf information

-- 
intrigeri

--- End Message ---

--- Begin Message ---

Version: 0.3.0.3-alpha-1

This should have been fixed in February with

| o Minor feature (client):
|   - Enable IPv6 traffic on the SocksPort by default. To disable this,
|     a user will have to specify "NoIPv6Traffic". Closes ticket 21269.

Cheers,
-- 
                            |  .''`.       ** Debian **
      Peter Palfrader       | : :' :      The  universal
 https://www.palfrader.org/ | `. `'      Operating System
                            |   `-    https://www.debian.org/

--- End Message ---