3

Something is rendering receiving keys from keyserver.ubuntu.com impossible and I'm not even sure where to begin in trying to resolve this.

As an example, we'll use the Spotify linux app found here: http://www.spotify.com/us/download/previews/

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 4E9CFF4E
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/apt/trustdb.gpg --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyserver keyserver.ubuntu.com --recv-keys 4E9CFF4E
gpg: requesting key 4E9CFF4E from hkp server keyserver.ubuntu.com
gpg: keyserver timed out
gpg: keyserver receive failed: keyserver error

To be clear, though, this has nothing to do with Spotify. The same result comes from every one of my attempts to grab keys from ubuntu. There is something wrong on my side. As always, any help in tracking this down would be appreciated.

Prior to submitting this, I've discovered that the problem is with my DNS and/or router. Currently I have my router configured to use Google DNS (8.8.8.8 / 8.8.4.4) and in my router logs I'm receiving a flood of DNS errors. The following is an excerpt:

(GMT-06:00)02:48:10 Tue Sep 06 2011 syslog: failed dns request len=145,srcip=8.8.4.4, url=_pgpkey-http._tcp.keyserver.ubuntu.com  
(GMT-06:00)02:48:12 Tue Sep 06 2011 syslog: No response for DNS request to server 68.94.156.1 yet. 
(GMT-06:00)02:48:14 Tue Sep 06 2011 syslog: No response for DNS request to server 68.94.157.1 yet. 
(GMT-06:00)02:48:14 Tue Sep 06 2011 syslog: failed dns request len=83,srcip=192.168.0.1, url=keyserver.ubuntu.com.domain.actdsltmp  
(GMT-06:00)02:48:14 Tue Sep 06 2011 syslog: All DNS servers tried, no response. 
(GMT-06:00)02:48:14 Tue Sep 06 2011 syslog: failed dns request len=158,srcip=8.8.4.4, url=keyserver.ubuntu.com.domain.actdsltmp  
(GMT-06:00)02:49:02 Tue Sep 06 2011 syslog: failed dns request len=145,srcip=8.8.4.4, url=_pgpkey-http._tcp.keyserver.ubuntu.com  
(GMT-06:00)02:49:05 Tue Sep 06 2011 syslog: No response for DNS request to server 68.94.156.1 yet. 
(GMT-06:00)02:49:07 Tue Sep 06 2011 syslog: failed dns request len=158,srcip=8.8.4.4, url=keyserver.ubuntu.com.domain.actdsltmp  
(GMT-06:00)02:49:08 Tue Sep 06 2011 syslog: No response for DNS request to server 68.94.157.1 yet. 
(GMT-06:00)02:49:08 Tue Sep 06 2011 syslog: failed dns request len=83,srcip=192.168.0.1, url=keyserver.ubuntu.com.domain.actdsltmp  
(GMT-06:00)02:49:08 Tue Sep 06 2011 syslog: All DNS servers tried, no response.

Very confused. I'm not even sure if I'm posting this on the correct StackExchange site now.

Jorge Castro
  • 71,754
trench
  • 508
  • So you have solved changing nameserver? – enzotib Sep 06 '11 at 12:13
  • No, I haven't solved this at all. I've two nameservers listed in /etc/resolv.conf. 8.8.8.8 and 8.8.4.4 -- yet, when I run a traceroute to 8.8.8.8 it completely fails. The router is listed on the first hop and nothing else after that. I've also changed /etc/dhcp3/dhclient.conf to include "prepend domain-name-servers 8.8.8.8, 8.8.4.4;". – trench Sep 06 '11 at 12:25
  • Change you dns to opendsn (208.67.222.222, 208.67.220.220) or some other free dsn service, then try again. – enzotib Sep 06 '11 at 12:26
  • I've also attempted to revert back to dynamic acquisition of DNS via my router and that doesn't even seem to be working. Well, at least not like it should. Something is obviously very messed up here. – trench Sep 06 '11 at 12:27
  • Same results with different DNS services. However, I think I'm narrowing this down. Considering the possibility, now, that I fixed the problem 2 hours ago and that traceroute is returning false fails due to either UFW or router firewall settings. Rebooting and testing now. – trench Sep 06 '11 at 12:45
  • I was wrong. I mean, it is possible that firewall settings are confusing traceroute, but I still cannot get keys from ubuntu and my router is still logging massive DNS failures. – trench Sep 06 '11 at 13:00
  • 1
    Shutdown the firewall, and try without. – enzotib Sep 06 '11 at 13:07
  • Apparently the answer is to spend hours on myriads of troubleshooting only to discover you are blocking yourself via firewalls. Still seems odd that DNS errors would propagate from firewall blockage, but alas... it worked. I'll try to write an appropriate answer to this question by the end of the day. Thanks enzotib. – trench Sep 06 '11 at 14:08

1 Answers1

2

(OP has solved the issue and posted answer as a comment)

Apparently the answer is to spend hours on myriads of troubleshooting only to discover you are blocking yourself via firewalls. Still seems odd that DNS errors would propagate from firewall blockage, but alas... it worked

Ringtail
  • 16,127
Mark Rooney
  • 6,289