What Linux kernel configuration options are required by GPG for --refresh-keys?

Daniel Bomar dbdaniel42 at gmail.com
Fri May 15 16:20:01 CEST 2015

I verified this to be the case in Wireshark.  It's sending both A and
AAAA queries for hostname vod.ohai.su (not sure how it got that from
pool.sks-keyservers.net but whatever probably not relevant.)  However
it's only GPG that seems to do this.  If I ping either of those
hostnames it sends only an A query.  Same for my web browser and all
other traffic I observed.  It's only GPG that's trying to do these
AAAA DNS queries.

How do I change my resolver as you suggested?  I don't have any kind
of special setup.  I'm just using Google's public DNS ( and set in /etc/resolv.conf along with a static IP.

On Fri, May 15, 2015 at 6:43 AM, Werner Koch <wk at gnupg.org> wrote:
> On Thu, 14 May 2015 04:41, dbdaniel42 at gmail.com said:
>> #  gpg --homedir /etc/pacman.d/gnupg --refresh-keys
>> gpg: refreshing 80 keys from hkp://pool.sks-keyservers.net
>> gpg: keyserver refresh failed: Address family not supported by protocol
> DNS tells that there are v6 keyservers but your kernel seems to support
> only legacy IP.  Change your resolver not to return AAAA records.
> I won't consider this a bug but I suspect that we will have a bug the
> other way around (No legacy IP but DNS returned A records).
> Shalom-Salam,
>    Werner
> --
> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list