Andre Felipe Machado scrisse: > Hello, > That is it! Thanks a lot! > I disabled the dns relay function at the Dlink DSL-2640T and now my > home Debian machine can update using security.debian.org and > volatile.debian.org that changed to ipv6 addresses some days ago. > I will submit a bug report to Dlink site. Good to have it pin-pointed. Just to take notes, which firmware version is that using? And by the way, Florian's mail already mentioned that under "most frequent issues". > But what still really worries me is how to exactly track, prove and > demonstrate, that the problem at company is some kind of error at dns > caching. As a country wide, servicing multiple agencies, I guess it > is using some high end network hardware and some kind of software and > security infrastructure. I *must* have 100% demonstrable, 100% sure, > log and or report to submit a ticket to their net/security teams. > What commands could prove and register the dns caching problem at > their network? Also, it have layers of ips, ids, routers, swithches, > firewalls, etc, and something in that setup could also be causing the > problem. Suggestions? It may be almost anything in-between, like dns-cacher, firewall, load balancer, etc... https://bugzilla.redhat.com/show_bug.cgi?id=505105 already contains quite a discrete list of things, including Cisco, Juniper and Foundry stuff. You can start comparing a `dig ANY volatile.debian.org` from your company and from another good-working place, checking for inconsistencies. If there's a dns wrong-resolution, pinging/reaching it will reveal an IP not pertaining to a proper repository-hosting machine. Otherwise there could be something weird in routing, which can be spotted via mtr or traceroute. If you have ipv6 connectivity at company (ie. a configured v6 route) it may be something different. But as we've pin-pointed first issue, and the second one looks like something due to internal network configuration, I think we can move this discussion away from -project to private, if nobody else interested (maybe summarising back the result at the end). Ciao, Luca -- .''`. ** Debian GNU/Linux ** | Luca Bruno (kaeso) : :' : The Universal O.S. | lucab (AT) debian.org `. `'` | GPG Key ID: 3BFB9FB3 `- http://www.debian.org | Debian GNU/Linux Developer
Attachment:
pgpzWkhAvkTwD.pgp
Description: PGP signature