[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Again ... Re: security.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Matus UHLAR - fantomas wrote:
>>>> On Thu, 2007-03-29 at 10:32 -0700, Raquel wrote:
>>>>> This is happening again.  IP #:  128.101.240.212
> 
>>> On Thu Mar 29, 2007 at 13:44:40 -0400, Jim Popovitch wrote:
>>>> Yep, I saw it too a bit earlier.  :-(
>>>>
>>>> I wonder if the server is under high load or DDoS attack?
> 
>> On Thu, 29 Mar 2007 19:48:29 +0200
>> Martin Zobel-Helas <zobel@ftbfs.de> wrote:
>>> Yesterday evening, the openoffice.org DSA seems have to DDoSed
>>> security.d.o :)
> 
> On 29.03.07 10:55, Raquel wrote:
>> Didn't this happen a few months (maybe a year ago?) back with
>> another upgrade, where it caused problems with a security server?
> 
> yes, it happened with Xfree86 upgrade. 2 new servers were then introduced in
> order to prevent this problem from re-appearing.
> 
> However this does not _seem_ to be enough, and I guess it's due to "feature"
> of glibc, that sorts IP addresses from numerically lowest one to numerically
> highest one (so it spoils attempts for DNS load-balancing), so if any program
> is the order of addresses returned via gethostbyname() or getnameinfo(), it
> tries them always in the following order:
> 
> % getent hosts security.debian.org
> 128.101.240.212 security.debian.org
> 212.211.132.32  security.debian.org
> 212.211.132.250 security.debian.org
> 
> so no wonder _if_ 128.101.240.212 is loaded more than other servers.
> many times I have to re-try update/upgrade to ask other servers and
> 128.101.240.212 seems to be the slowest for me.
- -------------------------
I was under the impression that why netselect (picks closets and fastest
server) was implemented.

vrode@promiscious:~$ sudo netselect -vv security.debian.org
Running netselect to choose 1 out of 3 addresses.
....................................
212.211.132.32                         195 ms  14 hops   90% ok ( 9/10)
[  520]
212.211.132.250                        209 ms  11 hops   90% ok ( 9/10)
[  487]
128.101.240.212                        212 ms  23 hops   90% ok ( 9/10)
[  778]
  487 212.211.132.250



regards,
/virendra

> 
> I tried to discuss this "feature" in debian-glibc list
> (http://lists.debian.org/debian-glibc/2006/05/msg00427.html
>  http://lists.debian.org/debian-glibc/2006/06/msg00002.html
>  http://lists.debian.org/debian-glibc/2006/06/msg00016.html
> )
> but first time I did not guess the right problem, then I gave up "solving"
> this issue...
> 
> I hope someone will confirm or deny this... I don't know how are debian
> security servers loaded... I only know that 128.101.240.212 is usually very
> slow...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGDCS/pbZvCIJx1bcRAu1ZAKCSYcdmI1HuoUmILxXSMXiuJ7xTlwCg4MLZ
RW3S706D1fRMhEqQKMYNnYQ=
=TjKc
-----END PGP SIGNATURE-----
Reply to: