[pkg-gnupg-maint] Bug#867268: Bug#867268: dirmngr: Can't set nameserver port
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Jul 11 22:37:40 UTC 2017
Control: severity 867268 wishlist
Control: reassign 867268 dirmngr
Control: reassign 867268 dirmngr: allow to set nameserver port
Hi Sandro--
On Wed 2017-07-05 12:43:45 +0200, Sandro Knauß wrote:
> I'm using gnupg with use-tor option and a onion address as keyserver.
> All wents find to search keys over the keyserver and so one.
I'm not sure i understand this second sentence, sorry :/
> so it looks like he is unhappy about my nameserver entry in dirmgr.conf:
> nameserver 127.0.0.1:1053
>
> it is quite unexpected, that I can't overwrite the port for the
> nameserver.
hm, the "nameserver" directive in dirmngr(8) is pretty clearly "ipaddr",
not "ipaddr[:port]" or anything else. I understand that it would be
"nice to have" to be able to identify a port, but it doesn't seem like
it's unexpected that it doesn't work yet.
> and I actually wants to make sure that gnupg is using dns over tor.
If GnuPG is *not* using DNS over Tor on these modern versions when
--use-tor is present, i think that would be a bug. Please do file a
ticket if that's the case!
I don't think that tor's DNSPort is capable of resolving anything other
than A, AAAA, or PTR requests, so this wouldn't have worked for you
anyway -- dirmngr prefers to use SRV records where possible.
(for more details on why this is:
https://trac.torproject.org/projects/tor/ticket/7829)
So i don't think what you're asking for in this ticket (setting the
nameserver port) provides the bigger picture of what you want in any
case. Let's try to ensure that dirmngr is constrained to accessing tor
where possible; that seems like a good goal. but this particular ticket
(about setting nameserver port) seems like an orthogonal, independent
wishlist request.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20170711/c936a091/attachment.sig>
More information about the pkg-gnupg-maint
mailing list