Quoting Greencopper (greencopperm...@gmail.com): > I have a firewall with some whitelisted addresses for the kids, one of them is > security.debian.org. > > The firewall flushes the tables with fresh IP addresses using a scripted > cronjob with a nslookup that pulls the addresses and automatically adds them > to > the whitelist. > > Doing a nslookup on the firewall and on the kids boxes provides the same IP > addresses for security.debian.org: > > # nslookup security.debian.org > Non-authoritative answer: > Name: security.debian.org > Address: 212.211.132.32 > Name: security.debian.org > Address: 195.20.242.89 > Name: security.debian.org > Address: 212.211.132.250
My whois shows those addresses are in Germany. security.debian.org is in the US. > And those IPs are added to the whitelist. However, when APT is run: > > "Could not connect to security.debian.org:http: [IP: 149.20.20.6 80]" > > Where does APT get this IP address from? > > If from some crazy pool of IPs how is it doing lookup? $ dig @8.8.8.8 security.debian.org ; <<>> DiG 9.9.5-9+deb8u3-Debian <<>> @8.8.8.8 security.debian.org ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51777 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;security.debian.org. IN A ;; ANSWER SECTION: security.debian.org. 292 IN A 149.20.20.6 security.debian.org. 292 IN A 128.31.0.63 security.debian.org. 292 IN A 128.61.240.73 ;; Query time: 33 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Wed Oct 21 13:26:32 CDT 2015 ;; MSG SIZE rcvd: 96 $ The only things German (and Austrian) there are the phone numbers! Cheers, David.