Skip to main content
Topic: Trouble with DNS on fresh Artix Base install OpenRC, connmand, (dhcpd?) (Read 4412 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Trouble with DNS on fresh Artix Base install OpenRC, connmand, (dhcpd?)

I've tried so so so much I promise I just have no idea where to go now.

So I've been trying to install some packages with yay as usual, and some require a pgp key which it tries to import with gpg. It then fails to receive the key with an error that basically just says it fails. So I dug deeper and found I can reproduce it just with gpg, and that I can't get gpg to resolve any keys. I went even deeper and I can't even ping keyserver.ubuntu.com (but I can ping keys.openpgp.org???). Anyways I went into /etc/resolv.conf and the nameserver is set to 172.16.0.1 instead of 1.1.1.1 and 8.8.8.8 and earlier it was set to 127.0.0.1. I'm reasonably sure this is part of my issue, and I've tried really hard to resolve it, I installed dhcpd and tried to configure it but I couldn't get anywhere with that by myself. Basically dns is failing and I have no idea how to fix it or where to look. I feel like I could fix it but only in really unstable manual ways and I'd rather make my system reasonably robust for wireless because it's a laptop. It's still entirely possible that this isn't the root of my issues with gpg and if anyone knows what I could try in order to solve that more directly please let me know.

Re: Trouble with DNS on fresh Artix Base install OpenRC, connmand, (dhcpd?)

Reply #1
It is hard to know how to fix this because we don't know how your local network is set up.

Either your DNS is set by hand in /etc/resolv.conf or it is generated by a dhcpd server to your dhcpcd client - or some vairation (BTW - I like Vixies DHCPCD and don't trust the new ones like dhclient et al... from experience)...

Since it failed out of the box, you need to know how your network is set up specifically, including the DNS and the routing gateway.

8.8.8.8 et al... not good, FWIW.  Those are public DNS and they track you.

Ping them and see if you can hit it.

ping 8.8.8.8

One final note... I have no idea why you are trying to access umbuntu keys.  Unless I misunderstand, we have nothing to do with Umbuntu and its keys.

BTW, you can run DHCPCD by hand and see what it is doing.

Re: Trouble with DNS on fresh Artix Base install OpenRC, connmand, (dhcpd?)

Reply #2
I honestly know so little about networking so that's prolly why my attempts have been so busted (like using 8.8.8.8 or whatever)

resolv.conf was generated by dhcpcd and I've tried my best to not handwrite that because that seems..... silly. I can ping 1.1.1.1 and 8.8.8.8 just fine btw. Also idk why I'm using the ubuntu thing either, I just figured public key server.... uh... prolly has keys I need or whatever? I'm super inexperienced in that kinda stuff.

Is there any specific info I can give about my network that could help? I'm pretty lost here and I feel like I keep going in circles or doing things that just end up cluttering my install.

Re: Trouble with DNS on fresh Artix Base install OpenRC, connmand, (dhcpd?)

Reply #3
It seems keyserver.ubuntu.com just doesn't pong.
Code: [Select]
$ ping keyserver.ubuntu.com
PING keyserver.ubuntu.com (2620:2d:4000:1007::70c) 56 data bytes
^C
--- keyserver.ubuntu.com ping statistics ---
45 packets transmitted, 0 received, 100% packet loss, time 44583ms
But https://keyserver.ubuntu.com/ is accessible, so it's up.

I doubt your issue is even network-related. Maybe post the commands you're using and the error messages you're getting?

Re: Trouble with DNS on fresh Artix Base install OpenRC, connmand, (dhcpd?)

Reply #4
Quote from: lotuskip – on
Maybe post the commands you're using and the error messages you're getting?
This.

The more you detail you post the more chance someone will be able to help.

Quote from: Ducky – on
So I dug deeper and found I can reproduce it just with gpg, and that I can't get gpg to resolve any keys.
May not help but add --verbose to your manual gpg command.

Re: Trouble with DNS on fresh Artix Base install OpenRC, connmand, (dhcpd?)

Reply #5
It's not just you and lotuskip. Can't ping it either (see below). I do not think your dns is failing. I have very basic knowledge of networking, but I think it's sufficient enough.
I agree with his statement that:
Quote from: lotuskip – on
I doubt your issue is even network-related. Maybe post the commands you're using and the error messages you're getting?

Just to elaborate and try to clear the confusion (on the networking side) to the best of my abilities:

I think ubuntu (some companies do this too, not an uncommon practice) maybe blocking pings (icmp echo requests) or does not send out ping replies (icmp echo replies). Since like lotuskip and I cannot ping keyserver.ubuntu.com but I can also access it via the website.

Since you've mentioned that you can ping the other website: "keys.openpgp.org" try pinging this forum and other websites just to confirm. If you can ping other websites just fine then your dns is working. If you cannot ping all websites but can ping ip addresses directly, then it might be a dns config/server issue.

172.16.0.1 is a private ip address (for your local network only, cannot be seen outside (or more accurately cannot be routed outside)). This is probably the gateway's (the wifi router if you're using a home router) address. It could be that your router is set to act as a dns server. No idea how your isp or you have setup the router. Cannot confirm this one, but is a common setup. Check the ip address of the wifi router to confirm. Usually it is at the back or at the bottom of the router on a sticker printed to it.

Anything that starts with 10.xxx.xxx.xxx, 172.16.xxx.xxx ~ 172.31.xxx.xxx, and 192.168.xxx.xxx are private ip addresses.

127.0.0.1 is a loopback address. Basically it goes back to your device. Anything that starts with 127.xxx.xxx.xxx is a loopback address. For fun you can even use these for self hosting.

1.1.1.1 and 8.8.8.8 are cloudflare and google's dns servers. I recommend using these instead or my prefered quad9.net (9.9.9.9 and 149.112.112.112) for privacy reasons.

Normally you shouldn't use 127.0.0.1 as a nameserver/dns server unless you're using dnscrypt with dnsmasq/unbound. If you haven't heard or use those programs then just use the ones I stated above.

Quote from: gripped – on
Quote from: lotuskip – on
Maybe post the commands you're using and the error messages you're getting?
This.

The more you detail you post the more chance someone will be able to help.

Quote from: Ducky – on
So I dug deeper and found I can reproduce it just with gpg, and that I can't get gpg to resolve any keys.
May not help but add --verbose to your manual gpg command.

This please.

Re: Trouble with DNS on fresh Artix Base install OpenRC, connmand, (dhcpd?)

Reply #6
For key problems with repo packages probably try this first :
https://wiki.artixlinux.org/Main/Troubleshooting#Invalid_or_corrupted_packages_.28PGP_signature.29
 - although I'd suggest skipping the pacman -Scc and just remove any potentially corrupted packages and their signatures individually, wiping the entire cache leaves you without an on disk backup for any unexpected downgrade requirements later.
The Arch wiki has more info too :
https://wiki.archlinux.org/title/Pacman/Package_signing
For AUR packages where you get an error relating to a specific key being missing sometimes this works, putting the key number in the error message you get at the end in place of 123ABC:
Code: [Select]
gpg --search-keys 123ABC
gpg --recv-keys 123ABC
I'm pretty sure gpg and pacman have different key databases hence the two approaches. There are different keyservers too, and there have been problems in the past with some not being updated and having keys missing. Another thing you could try is defining keyservers in /etc/pacman.d/gnupg/gpg.conf after making a .bak copy of the original, e.g. adding these lines to the existing content should work and remove the need to rely on ubuntu keyservers :
Code: [Select]
keyserver keys.openpgp.org
keyserver keys.gnupg.net

Re: Trouble with DNS on fresh Artix Base install OpenRC, connmand, (dhcpd?)

Reply #7
Quote from: gripped – on
May not help but add --verbose to your manual gpg command.

Unfortunately this doesn't do anything for the error I'm getting, but I'll post all the things I've been trying:

Code: [Select]
gpg --verbose --search-keys 034F7776EF5E0C613D2F7934D29FBD5F93C0CFC3

gpg: enabled compatibility flags:
gpg: error searching keyserver: Try again later
gpg: keyserver search failed: Try again later
Code: [Select]
gpg --verbose --recv-keys 034F7776EF5E0C613D2F7934D29FBD5F93C0CFC3

gpg: enabled compatibility flags:
gpg: keyserver receive failed: Try again later
Code: [Select]
yay -S librewolf

...

:: (1/1) Parsing SRCINFO: librewolf
gpg: ~/.gnupg/trustdb.gpg: trustdb created
gpg: error reading key: No public key

 :: PGP keys need importing:
 -> 034F7776EF5E0C613D2F7934D29FBD5F93C0CFC3, required by: librewolf
:: Import? [Y/n]
:: Importing keys with gpg...
gpg: keyserver receive failed: Try again later
 -> problem importing keys

^ the only thing that seems at all suspect here is the local trustdb when I feel that the generated one would be in like /etc or something, which would mean it doesn't have the keys where it's looking... but idk.

Quote from: ####### – on
Another thing you could try is defining keyservers in /etc/pacman.d/gnupg/gpg.conf after making a .bak copy of the original, e.g. adding these lines to the existing content should work and remove the need to rely on ubuntu keyservers :
Code: [Select]
keyserver keys.openpgp.org
keyserver keys.gnupg.net

Alright I did that, here's my current /etc/pacmand.d/gnupg/gpg.conf (I changed that before running the above commands). It still is broken in the same way unfortunately.
Code: [Select]
no-greeting
no-permission-warning
keyserver-options timeout=10
keyserver-options import-clean
keyserver-options no-self-sigs-only
keyserver keys.openpgp.org
keyserver keys.gnupg.net
(I also tried the above conf with hks:// in front just in case, didn't change anything)

Basically everything points to there being some invalid config for which keyserver I'm using, idrk where else I would be setting this than the places I've already set it.

One last command:
Code: [Select]
sudo pacman-key --verbose --recv-keys 034F7776EF5E0C613D2F7934D29FBD5F93C0CFC3

gpg: keyserver receive failed: No keyserver available
==> ERROR: Remote key not fetched correctly from keyserver.

Please let me know if there's anything more specific I can provide to help, I really don't know what'd be useful here.

Re: Trouble with DNS on fresh Artix Base install OpenRC, connmand, (dhcpd?)

Reply #8
Searching the webs for your error message suggested that somehow gpg is unable to access the internet or perhaps that its traffic is getting firewalled. I don't know enough about gpg internals to say much more, but here are some workarounds to try:

1. Use the actual IP of the server to work around DNS issues, something like
Code: [Select]
pacman-key --keyserver 195.201.47.43 --recv-keys 034F7776EF5E0C613D2F7934D29FBD5F93C0CFC3
(that's the IP for keys.openpgp.org; note that pacman-key is just a wrapper for gpg)
or
2. If you can, download the key file from https://keys.openpgp.org/ and then add that:
Code: [Select]
pacman-key --add /path/to/downloaded/keyfile

Somebody even said that disconnecting and reconnecting their wifi fixed the issue...

Re: Trouble with DNS on fresh Artix Base install OpenRC, connmand, (dhcpd?)

Reply #9
The pacman-key stuff is a bit of a red herring as yay/makepkg need the keys in the user keyring.
It is informative though as it suggests a configuration issue is unlikely (unless both are misconfigured and if you changed nothing prior to the issue that does not seem possible) and a network issue is more so as lotuskip said.

If you do get the keys manually, or try a direct ip address, use gpg as your user not pacman-key when building AUR packages.

How do you connect to the internet?
If you haven't installed any firewall, messed with iptables, or changed the connman configuration then your system blocking the traffic to the keyserver, in at least one direction, seems improbable but one way to help rule it out would be to test the gpg commands after booting from the installation iso. If they don't work it's your network. If they do it's your system.

I'd also try temporarily disabling connman and making a network connection manually.

Also connecting to the internet in a different way. For instance making sure my phone was not connected to my local wifi and using it to connect to the internet either by wifi hotspot or usb or bluetooth etc.

All a bit of a stretch but I think those are the things I would try.

Re: Trouble with DNS on fresh Artix Base install OpenRC, connmand, (dhcpd?)

Reply #10
Quote from: gripped – on
The pacman-key stuff is a bit of a red herring as yay/makepkg need the keys in the user keyring.
Oh, of course! Sorry for getting mixed up there. So you should be calling gpg directly to add keys. And according to gpg man page, "--keyserver" is deprecated and you should use a config file instead. I'm not sure if that means the command line argument doesn't  work anymore or just that it'll be dropped in a future release.

Re: Trouble with DNS on fresh Artix Base install OpenRC, connmand, (dhcpd?)

Reply #11
Perhaps I missed some detail which reveals this, but yay will install packages from both repos (wrapping pacman) and the AUR so it isn't clear to me at least yet which approach is required - in the above example librewolf is in Omniverse but if that repo isn't enabled yay would get it from the AUR.
(Deprecated means will be removed in future, but should still be working now - it is a warning not to use it in scripts and so forth.)
Another unlikely but possible cause to consider, could this be a yay bug, or the result of using an outdated or experimental git version of yay? Perhaps trying another AUR helper might be a worthwhile test in the absence of success by other means.

Re: Trouble with DNS on fresh Artix Base install OpenRC, connmand, (dhcpd?)

Reply #12
Quote from: ####### – on
(Deprecated means will be removed in future, but should still be working now - it is a warning not to use it in scripts and so forth.)
That's what the word generally means. I just figured words might be wrongly used or man pages might not be up to date.

Re: Trouble with DNS on fresh Artix Base install OpenRC, connmand, (dhcpd?)

Reply #13
Quote from: ####### – on
Perhaps I missed some detail which reveals this, but yay will install packages from both repos (wrapping pacman) and the AUR so it isn't clear to me at least yet which approach is required - in the above example librewolf is in Omniverse but if that repo isn't enabled yay would get it from the AUR.
The keys pacman-key deals with are for signed packages.
Yay will use those  when its acting as a wrapper around pacman.
When installing from AUR yay is acting as a wrapper around makepkg (until the installation part) and needs the user gpg keys to verify signed source if the PKGBUILD has been set up that way (.sig files referenced after source code links in the  PKGBUILD source stanza).

It's slightly more complicated than that if you sign packages you build with your own key.

Re: Trouble with DNS on fresh Artix Base install OpenRC, connmand, (dhcpd?)

Reply #14
There have been some issues recorded with national firewalls apparently blocking keyservers and causing this error, if you live in a country which might find itself set apart:
https://unix.stackexchange.com/questions/399027/gpg-keyserver-receive-failed-server-indicated-a-failure

I am not 100% sure without knowing your setup, but resolv.conf is probably getting regenerated every time you boot or connect if you are using dhcp and not a manually configured static connection. The file creation time should confirm this, so if you make a backup too you can certainly experiment with the content quite safely, but check any mods are not overwritten.
Usually if you don't configure your own nameserver, this defaults to whatever your router is using for it's DNS nameserver I think.