Re: error searching keyserver: Network is unreachable

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: error searching keyserver: Network is unreachable

Christian Ribeaud

Stefan,

 

Thanks for your answer.

 

Up to you, which one should I take for testing? There is a lot of red here…

And, actually, we deployed our own (hkp://keyserver.dcc.sib.swiss:80) keyserver, which I am trying to access. But can't for some reason I do not understand.

This instance is working properly. This is for sure. The problem is only on my side and my gpg installation.

Best,

 

christian

 

From: Stefan Claas <[hidden email]>
Date: Saturday, 6 March 2021 at 15:18
To: Christian Ribeaud <[hidden email]>, "[hidden email]" <[hidden email]>
Subject: Re: gpg: error searching keyserver: Network is unreachable

 


Christian Ribeaud wrote:

> Good morning, > > > > Desperately searching for hours now… > > I am NOT able to run following command: > > > > gpg --keyserver hkp://keyserver.dcc.sib.swiss:80 --keyserver-options > no-self-sigs-only,no-import-clean --search-keys <any-key> > > > > Always getting following output: > > > > gpg: error searching keyserver: No keyserver available > > gpg: keyserver search failed: No keyserver available > > > > Changing keyserver does not help. I've tried > /ipv4.pool.sks-keyservers.net/ as well. > > Because the command takes some time to return, I would assume that it > is still trying to do something. > > > > What could be the reason? How to fix it? > > I am using v2.2.27, installed via Homebrew > (https://github.com/Homebrew/homebrew-core/blob/HEAD/Formula/gnupg.rb) > on Mac OS X Big Sur. > > Any help greatly appreciated here. Thanks a lot, and have a beautiful > day, >
Hello,


you may check out the current status of the SKS Network and try to select

a different server.


https://sks-keyservers.net/status/

Regards

Stefan


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: error searching keyserver: Network is unreachable

GnuPG - User mailing list

Hi, Christian
 >
 > And, actually, we deployed our own (hkp://keyserver.dcc.sib.swiss:80)
keyserver, which I am trying to access. But can't for some reason I do
not understand.

I can connect to that server from here, but it appear to contain only 85
keys. Did you import a dump, or is it meant to be internal-only?

> Desperately searching for hours now… I am NOT able to run following
> command:
 >
> gpg --keyserver hkp://keyserver.dcc.sib.swiss:80 --keyserver-options no-self-sigs-only,no-import-clean --search-keys <any-key>
 >
> Always getting following output:
 >
> gpg: error searching keyserver: No keyserver available > gpg: keyserver search failed: No keyserver available

In the title of this thread however, you report "Network is
unreachable". Are you getting both errors? "Network unreachable" is
usually a network routing issue.

What happens if you run the following in your terminal?

     host keyserver.dcc.sib.swiss
     ping keyserver.dcc.sib.swiss
     host keys.openpgp.org
     ping keys.openpgp.org

> Changing keyserver does not help. I've tried
> /ipv4.pool.sks-keyservers.net/ as well. Because the command takes
> some time to return, I would assume that it is still trying to do
> something. What could be the reason? How to fix it?
The pool algorithm doesn't include a test for server capacity, so it is
common to get directed to a node running a single-threaded SKS instance,
which can lead to long timeouts. Try testing against pgpkeys.uk,
pgpkeys.eu and keyserver.trifence.ch instead. If it times out on all of
those, then I would suspect a network issue, either a bad routing table
or a firewall DROP rule.

> I am using v2.2.27, installed via Homebrew
> (https://github.com/Homebrew/homebrew-core/blob/HEAD/Formula/gnupg.rb) on
> Mac OS X Big Sur.
Did you ever install from gpgtools.org or only homebrew?

Andrew

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: error searching keyserver: Network is unreachable

Christian Ribeaud
Hi,

Thanks to all for the great support and the warm feedbacks, I learned a lot.

Finally, after a long search and research, I was able to solve the problem by putting 'standard-resolver' in a '~/.gnupg/dirmngr.conf' file.
I could not explain to you why though... __

Wishing you a great Sunday.
Best regards,

christian

On 07.03.21, 11:12, "Andrew Gallagher via Gnupg-users" <[hidden email]> wrote:


    Hi, Christian
     >
     > And, actually, we deployed our own (hkp://keyserver.dcc.sib.swiss:80)
    keyserver, which I am trying to access. But can't for some reason I do
    not understand.

    I can connect to that server from here, but it appear to contain only 85
    keys. Did you import a dump, or is it meant to be internal-only?

    > Desperately searching for hours now… I am NOT able to run following
    > command:
     >
    > gpg --keyserver hkp://keyserver.dcc.sib.swiss:80 --keyserver-options no-self-sigs-only,no-import-clean --search-keys <any-key>
     >
    > Always getting following output:
     >
    > gpg: error searching keyserver: No keyserver available > gpg: keyserver search failed: No keyserver available

    In the title of this thread however, you report "Network is
    unreachable". Are you getting both errors? "Network unreachable" is
    usually a network routing issue.

    What happens if you run the following in your terminal?

         host keyserver.dcc.sib.swiss
         ping keyserver.dcc.sib.swiss
         host keys.openpgp.org
         ping keys.openpgp.org

    > Changing keyserver does not help. I've tried
    > /ipv4.pool.sks-keyservers.net/ as well. Because the command takes
    > some time to return, I would assume that it is still trying to do
    > something. What could be the reason? How to fix it?
    The pool algorithm doesn't include a test for server capacity, so it is
    common to get directed to a node running a single-threaded SKS instance,
    which can lead to long timeouts. Try testing against pgpkeys.uk,
    pgpkeys.eu and keyserver.trifence.ch instead. If it times out on all of
    those, then I would suspect a network issue, either a bad routing table
    or a firewall DROP rule.

    > I am using v2.2.27, installed via Homebrew
    > (https://github.com/Homebrew/homebrew-core/blob/HEAD/Formula/gnupg.rb) on
    > Mac OS X Big Sur.
    Did you ever install from gpgtools.org or only homebrew?

    Andrew

    _______________________________________________
    Gnupg-users mailing list
    [hidden email]
    http://lists.gnupg.org/mailman/listinfo/gnupg-users

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users