Re: Whitelist security.debian.org
Quoting Greencopper (greencoppermine@gmail.com):
> I have a firewall with some whitelisted addresses for the kids, one of them is
> security.debian.org.
>
> The firewall flushes the tables with fresh IP addresses using a scripted
> cronjob with a nslookup that pulls the addresses and automatically adds them to
> the whitelist.
>
> Doing a nslookup on the firewall and on the kids boxes provides the same IP
> addresses for security.debian.org:
>
> # nslookup security.debian.org
> Non-authoritative answer:
> Name: security.debian.org
> Address: 212.211.132.32
> Name: security.debian.org
> Address: 195.20.242.89
> Name: security.debian.org
> Address: 212.211.132.250
My whois shows those addresses are in Germany.
security.debian.org is in the US.
> And those IPs are added to the whitelist. However, when APT is run:
>
> "Could not connect to security.debian.org:http: [IP: 149.20.20.6 80]"
>
> Where does APT get this IP address from?
>
> If from some crazy pool of IPs how is it doing lookup?
$ dig @8.8.8.8 security.debian.org
; <<>> DiG 9.9.5-9+deb8u3-Debian <<>> @8.8.8.8 security.debian.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51777
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;security.debian.org. IN A
;; ANSWER SECTION:
security.debian.org. 292 IN A 149.20.20.6
security.debian.org. 292 IN A 128.31.0.63
security.debian.org. 292 IN A 128.61.240.73
;; Query time: 33 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Oct 21 13:26:32 CDT 2015
;; MSG SIZE rcvd: 96
$
The only things German (and Austrian) there are the phone numbers!
Cheers,
David.
Reply to: