dns – GPG on MacOS: dirmngr unable to resolve keyserver URI, frequent causes dominated out, how one can troubleshoot additional?

December 8, 2025

8

I’ve just lately migrated to a brand new Macbook Professional the place I am having points with gpg. The next points happen solely on the brand new laptop computer. I am unable to discover any distinction between the GPG configuration on the 2 laptops that might clarify the distinction and I am fairly perplexed as to the place else to search for a trigger or what extra steps may assist troubleshoot.

Each laptops are VPN’d to company networks, and are behind Tailscale and Cisco Umbrella. The GPG keyserver is in a company AWS VPC.

Can anybody level me to one thing else to verify or a method of isolating the obvious problem for dirmngr?

There’s a model distinction. Earlier than I resort to downgrading GPG on the brand new laptop computer, I would prefer to see if there’s anything I ought to discover:

Previous laptop computer:
Apple M2 Max operating Sequoia 15.6
gpg (GnuPG/MacGPG2) 2.2.41, libgcrypt 1.8.10, dirmngr (GnuPG/MacGPG2) 2.2.41

New laptop computer:
Apple M2 Max operating Sequoia 15.7.1
gpg (GnuPG/MacGPG2) 2.4.7, libgcrypt 1.11.0, dirmngr (GnuPG/MacGPG2) 2.4.7

These points happen on the brand new laptop computer however not the previous one:

Operations that search a distant keyserver fail with error looking out keyserver: Attempt once more later.
Working with –debug-level=guru reveals it fails the KS_SEARCH dirmngr operation. This may be reproduced operating dirmngr CLI immediately and doing KS_SEARCH.

gpg: DBG: chan_3 -> KS_SEARCH -- foo
gpg: DBG: chan_3 <- ERR 167772472 Attempt once more later 
gpg: error looking out keyserver: Attempt once more later

dirmngr fails a direct KS_SEARCH command on the brand new laptop computer, succeeds on the previous laptop computer. The failure:

$ dirmngr
OK Dirmngr 2.4.7 at your service, course of 69135
KS_SEARCH joeuser
dirmngr[69135.0]: command 'KS_SEARCH' failed: Attempt once more later
ERR 167772472 Attempt once more later

That is the results of the identical KS_SEARCH in dirmngr on the previous, working laptop computer:

$ dirmngr
KS_SEARCH joeuser
dirmngr[16259.0]: resolve_dns_addr for 'gpgkeyserver-hkps-http1.mycompany.web': '10.145.2.80'
dirmngr[16259.0]: resolve_dns_addr for 'gpgkeyserver-hkps-http1.mycompany.web': '10.145.1.248'
dirmngr[16259.0]: resolve_dns_addr for 'gpgkeyserver-hkps-http1.mycompany.web': '10.145.4.47'
dirmngr[16259.0]: DBG: load system certificates authorities into the cache
dirmngr[16259.0]: system certificates authorities caching full - discovered 158 certificates authorities
dirmngr[16259.0]: DBG: gnutls: including 158 system certificates authorities
dirmngr[16259.0]: variety of system offered CAs: 158
S SOURCE https://10.145.2.80:443
D data:1:1percent0Apub:

I’ve been cautious to restart dirmngr and gpg-agent as wanted between configuration adjustments. Issues I’ve decided:

$HOME/.gnupg contents seem the identical. Config information are an identical.
The problem is unaffected by altering to a brew put in gpg.
The problem is unaffected by specifying keyserver with –keyserver .
The error is similar if the keyserver is about to keys.openpgp.org, both in dirmngr.conf or with –keyserver.
The keyserver URLs resolve with dig. DNS is working superb in each different context.
If I set the keyserver to a numeric IP in dirmngr.conf, the error adjustments to gpg: error looking out keyserver: Basic error on each the previous and new laptops.

Configuration file contents:

$HOME/.gnupg/dirmngr.conf

standard-resolver
keyserver hkps://gpgkeyserver-hkps-http1.mycompany.web

$HOME/.gnupg/gpg-agent.conf

default-cache-ttl 600
max-cache-ttl 7200

$HOME/.gnupg/gpg.conf

auto-key-retrieve
no-emit-version

Itemizing of ~/.gnupg, the management/config kind information have the identical content material on the previous and new laptop computer:

$ ls -l ~/.gnupg
complete 4544
drwx------@  3 userid  workers       96 Dec  4 17:21 crls.d
-rw-------@  1 userid  workers      119 Dec  4 16:44 dirmngr.conf
-rw-------@  1 userid  workers       84 Nov 17 15:01 dirmngr.conf.bak
-rw-------@  1 userid  workers      137 Dec  5 13:58 gpg-agent.conf
-rw-------@  1 userid  workers       35 Nov 19 16:18 gpg.conf
drwx------@  6 userid  workers      192 Mar  3  2023 openpgp-revocs.d
drwx------@ 11 userid  workers      352 Mar  3  2023 private-keys-v1.d
drwx------@  2 userid  workers       64 Nov 20 11:01 public-keys.d
-rw-r--r--   1 userid  workers  1115868 Dec  2 16:35 pubring.kbx
-rw-r--r--   1 userid  workers  1113274 Dec  2 16:35 pubring.kbx~
-rw-------@  1 userid  workers      600 Dec  5 11:21 random_seed
srwx------@  1 userid  workers        0 Dec  4 17:45 S.dirmngr
srwx------@  1 userid  workers        0 Dec  5 13:59 S.gpg-agent
srwx------@  1 userid  workers        0 Dec  5 13:59 S.gpg-agent.browser
srwx------@  1 userid  workers        0 Dec  5 13:59 S.gpg-agent.additional
srwx------@  1 userid  workers        0 Dec  5 13:59 S.gpg-agent.ssh
-rw-------@  1 userid  workers      676 Mar  3  2023 sshcontrol
-rw-------@  1 userid  workers    49152 Sep 10  2019 tofu.db
-rw-------@  1 userid  workers    13600 Dec  2 16:36 trustdb.gpg

dns – GPG on MacOS: dirmngr unable to resolve keyserver URI, frequent causes dominated out, how one can troubleshoot additional?

Related Articles

The Metrics That the Very Finest Multifamily Traders Preserve an Eye On

What My Well being Danger Evaluation Confirmed Me (and How It Can Assist You Too)

The Delusion of the “Good Mother”: How Self-Sacrifice Is Hurting Moms—and Their Youngsters

LEAVE A REPLY Cancel reply

Latest Articles

The Metrics That the Very Finest Multifamily Traders Preserve an Eye On

What My Well being Danger Evaluation Confirmed Me (and How It Can Assist You Too)

The Delusion of the “Good Mother”: How Self-Sacrifice Is Hurting Moms—and Their Youngsters

Simple Noodle Casserole – SHK

Google and Apple reportedly warn staff on visas to keep away from worldwide journey