[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Whitelist security.debian.org

This is actually getting very frustrating!

Doing a nslookup specifying the DNS server provides different results when done minutes apart!

$ nslookup security.debian.org 208.67.222.222
Server:        208.67.222.222
Address:    208.67.222.222#53

Non-authoritative answer:
Name:    security.debian.org
Address: 149.20.20.6
Name:    security.debian.org
Address: 128.31.0.63
Name:    security.debian.org
Address: 128.61.240.73

Then a couple of minutes after:

nslookup security.debian.org 208.67.222.222
Server:        208.67.222.222
Address:    208.67.222.222#53

Non-authoritative answer:
Name:    security.debian.org
Address: 212.211.132.32
Name:    security.debian.org
Address: 212.211.132.250
Name:    security.debian.org
Address: 195.20.242.89

Most likely OpenDNS has some load balancing of their own perhaps forwarding the request to different internal servers.

Perhaps the only solution is to fix a specific IP address for security.debian.org in my local DNS server and then only use that!

On Thu, Oct 22, 2015 at 3:08 AM, Greencopper <greencoppermine@gmail.com> wrote:
>> Doing a nslookup on the firewall and on the kids boxes provides the same IP
>> addresses for security.debian.org:
>> 
>> # nslookup security.debian.org
>> Non-authoritative answer:
>> Name:   security.debian.org
>> Address: 212.211.132.32
>> Name:   security.debian.org
>> Address: 195.20.242.89
>> Name:   security.debian.org
>> Address: 212.211.132.250
>> 
>> And those IPs are added to the whitelist. However, when APT is run:
>> 
>> "Could not connect to security.debian.org:http: [IP: 149.20.20.6 80]"
>
> Always the same address ? Or does it change ?
>
>> Where does APT get this IP address from?
>
> /etc/hosts ?
> Any local DNS server ?

There is a local DNS server on the firewall, but that's where the
whitelisted IP address gets generated and the result of the nslookup 
is the same whether performed on the box or on any other machine in 
the house since they all use the same box.

No, there is nothing in /etc/hosts

Apt-get is getting different results from using "host" or "nslookup".


Reply to: