The move to the new PDS v2 hosts seems to have been transparent and problem-free for almost everyone. But anyone having trouble should check that their adblocker/plugins are not preventing access to the new DNS names. One (imperfect) method of checking is the debug page: bsky-debug.app

Thanks for the tip! For some reason the mushrooms are unavailable on the company VPN but work just fine outside it 🤷🏻‍♂️

All good for ink-cap, thanks Jake : )

Hey Jake, I tried the handles tab of the debug page with my own handle, and it says DNS verification fails with a lookup timeout. I checked with dig that the NS and TXT record work. What's the best channel to pass this bug to BS?

What's the handle, I can check it from other places? Maybe it was a temporary problem with a nameserver?

My handle is : albert\.aribaud\.net If it's just a temporary issue then maybe BS could rephrase the warning to make it clear(er)?

Looks like the debug page showed success, and then reverted to failure for timeout. Is the validation mechanism using a caching nameserver, or does it query the authoritative server every time? The latter could explain timeouts if the authoritative server has any sort of DDoS protection.

Yeah, the afraid dot org service seems pretty unreliable, either because some of the NS are down/don't response, or because of anti-DDoS measures. Pretty sure that's the entire problem.

So far I haven't had issues with afraid.org except in the present case, so I'd assume DDoS limitation -- but that's also assuming BS hits the authoritative server, not a recursive server that would cache the answer and lessen the load on afraid. Would you perchance know?

We may do authoritative lookups in some cases, the debug page does. But it's very few requests (like one) so their system is pretty aggressive if that triggers a response.

In theory the authoritative server shouldn't be queried from the same source for the same record more often than the TTL; that's what the TTL is for after all. I'll try and find what DDoS limits afraid.org has.

OperaGX built-in adblocker is literally the worst thing I've dealt with. People who use it should definitely check if it doesn't mess up their Bluesky experience

Please consider hosting mushroom cloud on the same DNS name as the old server.

Not a real option. There needs to be lots PDS hosts in different regions ultimately. This is just the first set.

I mean subdomains of the same domain. a.bsky.social b.bsky.social And so on. That tld is already whitelisted at most places.

Yeah, point taken, but there would probably still be cases where the entire domain hasn't been trusted. It's common to have CDNs and other things like this on alternative domains for various reasons. And fortunately, this is the last domain to worry about for the foreseeable future.

when do the wars start? #oystergang

hope i'll end up on amanita.us-east.host.bsky.network