From: | Bruce Momjian <bruce(at)momjian(dot)us> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | PostgreSQL www <pgsql-www(at)postgresql(dot)org> |
Subject: | Re: DNS lookup for git.postgresql.org |
Date: | 2021-06-30 21:39:03 |
Message-ID: | 20210630213903.GA2778@momjian.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-www |
On Wed, Jun 30, 2021 at 04:20:28PM -0400, Tom Lane wrote:
> Bruce Momjian <bruce(at)momjian(dot)us> writes:
> > On Wed, Jun 30, 2021 at 12:53:24PM -0400, Tom Lane wrote:
> >> ... I'll try the hack mentioned in the serverfault thread.
>
> > I will also add the bind options mentioned to disable
> > dnssec and aaaa records.
>
> I found better practice described at
> https://kb.isc.org/docs/aa-00576
> to wit you can set "filter-aaaa-on-v4" to "break-dnssec" to just
> adjust what is returned to clients, rather than disabling DNSSEC
> globally. Also, if you use views to configure your bind setup,
> it works to make that an option in the view that serves your
> local clients (the ones you don't want to see IPv6 addys).
Oh, I am now trying just the "filter-aaaa-on-v4 break-dnssec" option.
Not sure why this is so complicated --- there must be many people
without IPv6 who use bind.
> I have that installed locally now, but it'll take awhile to
> determine whether it improves matters.
OK, I will keep an eye on my bind debug logs to see if I see failures.
--
Bruce Momjian <bruce(at)momjian(dot)us> https://momjian.us
EDB https://enterprisedb.com
If only the physical world exists, free will is an illusion.
From | Date | Subject | |
---|---|---|---|
Next Message | Bruce Momjian | 2021-06-30 21:54:16 | Re: DNS lookup for git.postgresql.org |
Previous Message | Magnus Hagander | 2021-06-30 21:04:23 | Re: DNS lookup for git.postgresql.org |