diff --git a/gnupg/gpg.conf b/gnupg/gpg.conf
index 98c8031..cc265a5 100644
--- a/gnupg/gpg.conf
+++ b/gnupg/gpg.conf
@@ -83,18 +83,14 @@ use-agent
 
 # This is the server that --recv-keys, --send-keys, and --search-keys will
 # communicate with to receive keys from, send keys to, and search for keys on
-keyserver hkps://hkps.pool.sks-keyservers.net
+# (use the HTTPS protocol in order to bypass crappy network policies)
+keyserver https://hkps.pool.sks-keyservers.net
+# keyserver https://pgp.mit.edu/
+# keyserver hkps://hkps.pool.sks-keyservers.net
 
 # Provide a certificate store to override the system default
 # Get this from https://sks-keyservers.net/sks-keyservers.netCA.pem
-# :keyserver-options ca-cert-file=/usr/local/etc/ssl/certs/hkps.pool.sks-keyservers.net.pem
-keyserver-options ca-cert-file=~/.gnupg/certs/sks-keyservers.netCA.pem
-
-# Default key server
-keyserver https://pgp.mit.edu/
-
-# Don't leak DNS, see https://trac.torproject.org/projects/tor/ticket/2846
-keyserver-options no-try-dns-srv
+keyserver-options hkp-cacert=~/.gnupg/certs/sks-keyservers.netCA.pem
 
 # When using --refresh-keys, if the key in question has a preferred keyserver
 # URL, then disable use of that preferred keyserver to refresh the key from