Re: Whitelist security.debian.org
Brian a écrit :
> On Thu 22 Oct 2015 at 11:44:41 +0200, Sven Hartge wrote:
>
>> Pascal Hambourg <pascal@plouf.fr.eu.org> wrote:
>>> Greencopper a écrit :
>>
>>>> Most likely OpenDNS has some load balancing of their own perhaps
>>>> forwarding the request to different internal servers.
>>>>
>>>> Perhaps the only solution is to fix a specific IP address for
>>>> security.debian.org in my local DNS server and then only use that!
>>>
>>> Or don't use OpenDNS servers.
>>
>> Or don't try to build firewall rules based on DNS lookups.
>
> Or amend sources.list to not require DNS. 149.20.20.6 is schein; use
> villa if preferred.
>
> deb ftp://149.20.20.6/debian-security jessie/updates main
I don't second that suggestion because it has several drawbacks.
- It cancels the redundancy provided by security.debian.org.
- It does not work with HTTP, so you have to use FTP which is harder to
manage by firewalls.
- If one day this one address does not serve as a Debian security mirror
any more, you're stuck.
- Changing a mirror forces APT to reload all the package list at the
next update. This can be annoying with a low speed link.
I was serious when suggesting not tu use OpenDNS. Why use it if you have
your own local recursive DNS cache ?
Reply to: