Re: Debian website is blocked in Argentina. Or it's a misconfiguration?

To: "maritom83@yahoo.com" <maritom83@yahoo.com>
Cc: "security@debian.org" <security@debian.org>, "mirrors@debian.org" <mirrors@debian.org>, debian-project@lists.debian.org, dsa@debian.org
Subject: Re: Debian website is blocked in Argentina. Or it's a misconfiguration?
From: Pierre-Elliott Bécue <peb@debian.org>
Date: Tue, 04 Apr 2023 16:25:39 +0200
Message-id: <[🔎] 87a5znsowh.fsf@daath>
In-reply-to: <[🔎] 87ilecrogg.fsf@daath>
References: <636014369.1798803.1680579395474.ref@mail.yahoo.com> <[🔎] 636014369.1798803.1680579395474@mail.yahoo.com> <[🔎] 87ilecrogg.fsf@daath>

Pierre-Elliott Bécue <peb@debian.org> wrote on 04/04/2023 at 11:13:46+0200:

> [[PGP Signed Part:Good signature from EE215B9FB8C45B0B Pierre-Elliott Bécue <becue@crans.org> (trust ultimate) created at 2023-04-04T11:22:55+0200 using RSA]]
> Adding DSA as this is a DNS matter which falls under our scope.
>
> "maritom83@yahoo.com" <maritom83@yahoo.com> wrote on 04/04/2023 at 05:36:35+0200:
>
>> I will start comparing some domains:
>>
>> root@LEDE:~# nslookup debian.org 1.1.1.1
>> Server:         1.1.1.1
>> Address:        1.1.1.1#53
>>
>> Name:      debian.org
>> Address 1: 130.89.148.77
>> Address 2: 128.31.0.62
>> Address 3: 149.20.4.15
>> Address 4: 2603:400a:ffff:bb8::801f:3e
>> Address 5: 2001:67c:2564:a119::77
>> Address 6: 2001:4f8:1:c::15
>>
>> root@LEDE:~# nslookup www.debian.org 1.1.1.1
>> Server:         1.1.1.1
>> Address:        1.1.1.1#53
>>
>> Name:      www.debian.org
>> Address 1: 200.17.202.197
>> Address 2: 2801:82:80ff:8009:e61f:13ff:fe63:8e88
>>
>>
>> The second one only gives Brazilian IP. Why?. Cannot be viewed here. Manually editing hosts can "fix" this problem.
>>
>> 200.17.202.197 is from UFPR, a blocked network by Telecom Argentina and Internexa. Well, the entire AS1916 (including ftp.br.debian.org, uepg, c3sl...).
>>
>> Further explanations here: (spanish)
>> https://foros.3dgames.com.ar/threads/315307?p=24601216&viewfull=1#post24601216
>> https://foros.3dgames.com.ar/threads/315307?p=24602387&viewfull=1#post24602387
>
> www.debian.org name resolution is done through GeoIP DNS (multiple
> mirrors over multiple continents). For South America in general, the
> only record we put for www.debian.org is santoro.debian.org which is
> hosted in brazil.
>
> The solution here would probably to put an exception on Argentina and
> put the IP of a US server for GeoIP DNS.
>
> I'll see with my DSA Teammates if that's fine with them and consider
> this option.

After discussing with them internally, it is our opinion that you should
probably bring this matter with your ISP as it's not really normal that
they block a whole network on web ports.

On our side, we do not want to do specific work for specific ISPs having
what looks like a bad policy.

Regards,
-- 
PEB

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Debian website is blocked in Argentina. Or it's a misconfiguration?
  - From: "maritom83@yahoo.com" <maritom83@yahoo.com>

References:
- Debian website is blocked in Argentina. Or it's a misconfiguration?
  - From: "maritom83@yahoo.com" <maritom83@yahoo.com>
- Re: Debian website is blocked in Argentina. Or it's a misconfiguration?
  - From: Pierre-Elliott Bécue <peb@debian.org>

Prev by Date: Re: Debian website is blocked in Argentina. Or it's a misconfiguration?
Next by Date: Re: Debian website is blocked in Argentina. Or it's a misconfiguration?
Previous by thread: Re: Debian website is blocked in Argentina. Or it's a misconfiguration?
Next by thread: Re: Debian website is blocked in Argentina. Or it's a misconfiguration?
Index(es):
- Date
- Thread