@ShadowJonathan@tech.lgbt
PSA: queer.af's domain has been seized by the Afghanistan NIC
the domain does not resolve anymore, this means that the website cannot be accessed anymore
(i'm going to contact the admin to help them with allowing users to login still and press "migrate" on their accounts, since i have a feeling thats still possible, as a last-gasp effort of the server)
edit: for manual resolving and pinning, the IP address is 65.108.48.233
edit 2: the admin has a post up where they give more details: https://akko.erincandescent.net/objects/0b812887-3946-4722-aae6-08fb64141247
@ShadowJonathanFor anyone pinning the domain name to an IP address, the IP address is 65.108.48.233
You can verify this with;
curl https://queer.af/ --resolve queer.af:443:65.108.48.233 -v
@ShadowJonathan Shit. Will the old fashion hosts file modification work? Sucks that it’s come to that…
@fluffy@plush.city@mori @ShadowJonathan It should work but you’ll need to disable DNS-over-https (DoH).
@fluffy @mori @ShadowJonathan I managed to grab a cached DNS record from somewhere (which is now out of cache)
but yes, /etc/hosts works to kickstart the migration for now
@fluffy @mori @ShadowJonathan ugh... I saw that they were going to shut down or migrate due to the domain being in Afghanistan - no surprise it came to this I guess :-(
I hope everyone can migrate away and manage to keep their connections!
@ShadowJonathan Instance owners can also add it to their instances' /etc/hosts to allow the server-to-server communication to continue to function during this time.
LB 
Unfortunately if you're a Mastodon instance offering to help members of queer.af to migrate to your server, editing /etc/hosts to manually add the IP address won't help, because Mastodon uses its own DNS resolver that bypasses /etc/hosts.
Edit: open issue here: https://github.com/mastodon/mastodon/issues/9436
@jaystephens You'll have to elaborate on which "why" you mean. Why offer to help queer.af users? Why does the Mastodon resolver do that? Why has the bug not been fixed in six years?
@futzle @jaystephens I see how this can be misunderstood but this is not a bug.
I’m not developing server software but I think that using glibc to resolve would make DNS resolution a lot more complex since it would entirely depend on the config of the local machine. Which may again be interesting (in a bad way) with containerization.
So directing requests to a nameserver seems to be the right decision because it will work in most cases and only gives the option to change resolution if needed.
@futzle sorry... Why does the Mastodon resolver do that?
@jaystephens Good question! The issue sort of suggests it was an accidental side-effect of a code refactor, but no one considered the regression important enough to fix.
It looks like the workaround is pretty easy and low risk: install a local resolver like dnsmasq and point resolv.conf at localhost. I've done it on my server.
@futzle It is not intentionally ‘bypassing‘ /etc/hosts, but its stub is querying a nameserver - which can be the local machine. Whether this nameserver includes the hostfile (or statically resolves queer.af in a different way) depends on the choice of software/ configuration on the nameserver.
The easiest way to solve this would be the people operating queer.af setting up a temporary nameserver to use for their instance and their users while everyone is migrating.
(ignoring DNSSEC for now :)
@chris Please desist from explaining to me how DNS works, and from offering unsolicited and incorrect solutions.
@futzle As an aging person who after a few decades of doing sysadmin stuff currently is trying to wrap their head around systemd’s intricacies in name resolution I’d be very interested to learn where my explanation is incorrect to … learn from it.
But be it as it may be, goodbye.
@futzle OTOH .af as TLD was a bold move. I’d hate if they were burned by it. Do you know how many people are affected?
@ShadowJonathan: While I sympathise with the people who are caught in the middle of this, this is a good argument against the practice of TLD hacks.
Is it ok to cross-post this on Bluesky or have you already done that?
@ShadowJonathan@JustJimWillDo I use bluesky, so go for it
@ShadowJonathan I saw the (admin?) advertise
65.108.48.233 queer.af as an IP which can be used to find it.
@ShadowJonathan Not surprising, since a domain like "queer" would have been a red rag to a bull for their, shall we say, "conservative" government… but nonetheless understand the pain.
Is there a DNS server we can delegate queries to? Obviously I can fiddle /etc/hosts, but it might be easier if some of us could just tell our servers to forward "queer.af" to a specific DNS server that hosts it (with the correct A-record).
All the best with the migration to a new domain. 
@ShadowJonathan For those who need it… I've set up one of my DNS servers to "host" a minimal queer.af domain.
vk4msl-bne.dmz.longlandclan.id.au will respond to requests for queer.af, pointing it to the above IP address.
You can delegate queer.af to this host for access to this instance if needed.
unbound config:
```
forward-zone:
name: "queer.af."
forward-addr: 103.16.130.3
forward-addr: 2404:9400:1:0:216:3eff:fef2:73f2
```