-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Fri, 22 Jan 2021, Werner Koch wrote:
On Thu, 21 Jan 2021 15:05, Erich Eckner said:
2021-01-21 14:41:32 dirmngr[3623955.6] DBG: dns: libdns initialized (tor mode)
2021-01-21 14:41:32 dirmngr[3623955.6] DBG: dns:
Your are using Tor for DNS queries, that is the actual DNS server is
8.8.8.8. Tor mode is used if you are running the Tor client or the Tor
browser. Put no-use-tor into dirmngr.conf and to get DNS debug messages
add "debug dns".
Ah, indeed: one machine runs a tor client, adding "no-use-tor" makes
things work, there (as far as I can see, there is no tor dns endpoint
exposed on that box). The other doesn't run tor, but adding "no-use-tor"
makes things work, there, too.
To summarize the running DNS relevant software:
Box 1: tor (but no DNS endpoint exposed), named listening on 127.0.0.1:53
(used by /etc/resolv.conf)
Box 2: named listening on 127.0.0.1:53 (used by /etc/resolv.conf), dnsdist
listening on $all_public_ips:53 (used by external clients, relaying to
named and iodine as needed), iodine listening on 127.0.0.1:5353
Does gnupg interpret any of these as tor dns endpoints? How does gnupg
determine, how to query dns?
The additional "debug dns" line didn't change anything noticeably for me,
I already have "debug ipc,network,dns", so probably it's redundant?
I'd prefer to use tor for retrieving keys (if possible). Is there a
possibility to turn off dns resolution via tor, but still do all the rest
through tor?
getsrv(_openpgpkey._tcp.eckner.net): Verbindung im DNS geschlossen
(Yes, I known, GnUPG has two many debug stuff i18n).
I wonder, though, why the tried things differ on both machines - both run
arch linux with gnupg 2.2.26 and libgcrypt 1.8.7, no gpg.conf.
Any proxy, Tor software running. You may try "disable-ipv6" or
"disable-ipv4" in your dirmngr.conf.
disable-ipv4 / disable-ipv6 does not make any difference (without also
adding "no-use-tor", of course)
FWIW, "gpgconf --show-versions" gives information on the used libraries,
CPU, etc.
- From Box #2:
- ---8<---8<---8<---8<---8<---
* GnuPG 2.2.27 (0000000)
GNU/Linux
* Libgcrypt 1.8.7 ()
version:1.8.7:10807:1.39-unknown:12700:
cc:100200:gcc:10.2.0:
ciphers:arcfour:blowfish:cast5:des:aes:twofish:serpent:rfc2268:seed:camellia:idea:salsa20:gost28147:chacha20:
pubkeys:dsa:elgamal:rsa:ecc:
digests:crc:gostr3411-94::md4:md5:rmd160:sha1:sha256:sha512:sha3:tiger:whirlpool:stribog:blake2:
rnd-mod:linux:
cpu-arch:x86:
mpi-asm:amd64/mpih-add1.S:amd64/mpih-sub1.S:amd64/mpih-mul1.S:amd64/mpih-mul2.S:amd64/mpih-mul3.S:amd64/mpih-lshift.S:amd64/mpih-rshift.S:
hwflist:intel-cpu:intel-fast-shld:intel-bmi2:intel-ssse3:intel-sse4.1:intel-pclmul:intel-aesni:intel-rdrand:intel-avx:intel-avx2:intel-fast-vpgather:intel-rdtsc:
fips-mode:n:n:
rng-type:standard:1:2010000:1:
* GpgRT 1.41-unknown (0000000)
* Libassuan 2.5.4 (e368b40)
* KSBA 1.4.0 (?)
* GNUTLS 3.7.0
- --->8--->8--->8--->8--->8---
I don't see any libdns there. Box #1 only differs in the cpu flags line:
-
-hwflist:intel-cpu:intel-fast-shld:intel-bmi2:intel-ssse3:intel-sse4.1:intel-pclmul:intel-aesni:intel-rdrand:intel-avx:intel-avx2:intel-fast-vpgather:intel-rdtsc:
+hwflist:intel-cpu:intel-fast-shld:intel-ssse3:intel-sse4.1:intel-pclmul:intel-avx:intel-rdtsc:
Shalom-Salam,
Werner
Thank you for your time.
Cheers,
Erich
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE3p92iMrPBP64GmxZCu7JB1Xae1oFAmAKw/gACgkQCu7JB1Xa
e1qPIhAAt/r3BohQnWRd5zdV7DQmfOVEDUbhnoktk5luG/0bPy/zNc5Qr7h2h4Zp
aqDM3PsghlCVlqei8S1sM+/FJi+qZzdELMFoFZ/8LCmYORTzee157oBEQXcFvE08
DT0QWeb7QNjEMvof1sKMDbdqSAxh0y+EPm6vsH/CbzRDcvjG7osLgzVNVDf5DDY7
3gUNILnsLCclF3g/u2GEBCVa1j9EaybTgsq3OTya/OVCPbCfoAzJ6FQipwH9Wow1
juUMDM57juX3/YJt5MNPZ50KDI/2E4b83t+YqNobZroZo3o7s/DuIhHiTOHWp4Kf
3BeRMmYzdd4guBsJS3b6pr+PsxXbolECE2g31lWWKck8P+rUxhkZ8kCBVIohx0s4
Ae5bXb4yCA1e/Xh4lIFi61IRcjlLNiPAoVT6hZ0bSDBjsesxdzKgHOmTteUKOLAn
sE2QGl4XwN3BhJttOEXZva4GDLPAU9idw/fIljhuvu/dBn3hV6DdOl5HxLpCyVtW
dDAaObvwP16TTdO7vYH0dDNC/1CjtUHnk/AeTG1eO3Ji49eJfYn++5L3GEf149Kw
voRq82b/X6IGKlm2DVBbEpBUTxU1HyOrPUjC5Kl+hDINxMBmnLl5QIt54fVmhvWP
+LEQD9KorvYmEnyj+f7+zbrCL0BOtuKynHRGp4mmCRWOL1cwHkI=
=/2O4
-----END PGP SIGNATURE-----
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
