| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Bruce Momjian <bruce(at)momjian(dot)us> |
| Cc: | PostgreSQL www <pgsql-www(at)postgresql(dot)org> |
| Subject: | Re: DNS lookup for git.postgresql.org |
| Date: | 2021-06-30 20:20:28 |
| Message-ID: | 623184.1625084428@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-www |
Bruce Momjian <bruce(at)momjian(dot)us> writes:
> On Wed, Jun 30, 2021 at 12:53:24PM -0400, Tom Lane wrote:
>> ... I'll try the hack mentioned in the serverfault thread.
> I will also add the bind options mentioned to disable
> dnssec and aaaa records.
I found better practice described at
https://kb.isc.org/docs/aa-00576
to wit you can set "filter-aaaa-on-v4" to "break-dnssec" to just
adjust what is returned to clients, rather than disabling DNSSEC
globally. Also, if you use views to configure your bind setup,
it works to make that an option in the view that serves your
local clients (the ones you don't want to see IPv6 addys).
I have that installed locally now, but it'll take awhile to
determine whether it improves matters.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2021-06-30 21:04:23 | Re: DNS lookup for git.postgresql.org |
| Previous Message | Bruce Momjian | 2021-06-30 19:20:44 | Re: DNS lookup for git.postgresql.org |