diff --git a/ansible/roles/plpsql/templates/pg_hba.conf b/ansible/roles/plpsql/templates/pg_hba.conf
index 6a855223..f16f72e0 100644
--- a/ansible/roles/plpsql/templates/pg_hba.conf
+++ b/ansible/roles/plpsql/templates/pg_hba.conf
@@ -94,7 +94,13 @@ host    all             all             ::1/128                 trust
 
 # NB: `ssl` is neither supported nor enforced.
 {% if 'db_active' in group_names %}
-host replication amsrepl {{ lookup('dig', 'amsmetadb.ooni.nu/A') }}/32 md5
+
+# Run active->standby replication over VPN
+host replication amsrepl 10.1.0.1/32 md5
+
+# Run active->standby replication without VPN - unused
+#host replication amsrepl {{ lookup('dig', 'amsmetadb.ooni.nu/A') }}/32 md5
+
 {% endif %}
 
 host all all all md5