FreeBSD › freebsd-ports

Please test geodns.portsnap.freebsd.org

Classic

List

Threaded

14 messages Options

Colin Percival-4

Please test geodns.portsnap.freebsd.org

Hi all,

Please test:
# portsnap fetch -s geodns.portsnap.freebsd.org

If you experience any problems, please let me know where you are, which mirror
was selected, and what address `host -t a $mirror` returns for it. (As the
name suggests, different people should will get different mirrors.)

--
Colin Percival
Security Officer, FreeBSD | freebsd.org | The power to serve
Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "[hidden email]"

Jason Hellenthal-2

Re: Please test geodns.portsnap.freebsd.org

There is no A record @8.8.8.8 or @8.8.4.4 or at the root servers.

or here:
dig +short @72.52.71.1 geodns.portsnap.freebsd.org A
dig +short @38.103.2.1 geodns.portsnap.freebsd.org A
dig +short @63.243.194.1 geodns.portsnap.freebsd.org A

Maybe this hasnt propogated yet ? or is it @ 127.0.0.1 ;)

On Fri, May 11, 2012 at 08:54:17PM -0700, Colin Percival wrote:

> Hi all,
>
> Please test:
> # portsnap fetch -s geodns.portsnap.freebsd.org
>
> If you experience any problems, please let me know where you are, which mirror
> was selected, and what address `host -t a $mirror` returns for it. (As the
> name suggests, different people should will get different mirrors.)
>
> --
> Colin Percival
> Security Officer, FreeBSD | freebsd.org | The power to serve
> Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid
> _______________________________________________
> [hidden email] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ports
> To unsubscribe, send any mail to "[hidden email]"

--

- (2^(N-1))

attachment0 (465 bytes) Download Attachment

Colin Percival-4

Re: Please test geodns.portsnap.freebsd.org

On 05/11/12 21:54, Jason Hellenthal wrote:
> There is no A record @8.8.8.8 or @8.8.4.4 or at the root servers.

There's not supposed to be an A record. Portsnap should work
anyway... it uses SRV. :-)

--
Colin Percival
Security Officer, FreeBSD | freebsd.org | The power to serve
Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "[hidden email]"

Jason Hellenthal-2

Re: Please test geodns.portsnap.freebsd.org

On Fri, May 11, 2012 at 09:55:13PM -0700, Colin Percival wrote:
> On 05/11/12 21:54, Jason Hellenthal wrote:
> > There is no A record @8.8.8.8 or @8.8.4.4 or at the root servers.
>
> There's not supposed to be an A record. Portsnap should work
> anyway... it uses SRV. :-)

Aaah! you got me there. Confused with the request of "host -t a $mirror"

As that will always return:
Console> host -t a geodns.portsnap.freebsd.org
Host geodns.portsnap.freebsd.org not found: 3(NXDOMAIN)

Anyway... coming from:
portsnap fetch -s geodns.portsnap.freebsd.org
[...]
Fetching snapshot tag from geodns-1.portsnap.freebsd.org... done.
[...]

traceroute -a geodns-1.portsnap.freebsd.org
[...Hop 1 & 2 Removed...]
3 [AS65534] 10.179.128.1 (10.179.128.1) 29.264 ms 17.160 ms 19.436 ms
4 [AS20115] dtr01hlldmi-gbe-1-15.hlld.mi.charter.com (96.34.36.6) 19.179 ms 26.340 ms 20.013 ms
5 * [AS20115] crr02aldlmi-tge-0-2-0-2.aldl.mi.charter.com (96.34.32.76) 20.143 ms 16.769 ms
6 [AS20115] bbr01aldlmi-tge-0-1-0-3.aldl.mi.charter.com (96.34.2.216) 19.888 ms 17.378 ms 29.909 ms
7 [AS20115] bbr01chcgil-tge-0-2-0-6.chcg.il.charter.com (96.34.0.99) 29.639 ms 17.517 ms 30.024 ms
8 [AS20115] prr01chcgil-tge-0-1-0-1.chcg.il.charter.com (96.34.3.200) 19.815 ms 27.360 ms 19.918 ms
9 [AS6939] v201.core1.chi1.he.net (216.66.73.241) 29.967 ms 37.066 ms 29.795 ms
10 [AS6939] 64.71.148.238 (64.71.148.238) 19.928 ms 27.328 ms 29.942 ms
11 [AS26943] update5.freebsd.org (204.9.55.80) 19.831 ms 27.494 ms 19.926 ms

Hope this helps.

>
> --
> Colin Percival
> Security Officer, FreeBSD | freebsd.org | The power to serve
> Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid

--

- (2^(N-1))

attachment0 (465 bytes) Download Attachment

Bryan Drewery

Re: Please test geodns.portsnap.freebsd.org

On 5/12/2012 1:13 AM, Jason Hellenthal wrote:
>
> On Fri, May 11, 2012 at 09:55:13PM -0700, Colin Percival wrote:
>> > On 05/11/12 21:54, Jason Hellenthal wrote:
>>> > > There is no A record @8.8.8.8 or @8.8.4.4 or at the root servers.
>> >
>> > There's not supposed to be an A record. Portsnap should work
>> > anyway... it uses SRV. :-)
> Aaah! you got me there. Confused with the request of "host -t a $mirror"

You're not the only one! Happened to me too.

Bryan
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "[hidden email]"

Leslie Jensen

Re: Please test geodns.portsnap.freebsd.org

In reply to this post by Colin Percival-4

2012-05-12 05:54, Colin Percival skrev:
> Hi all,
>
> Please test:
> # portsnap fetch -s geodns.portsnap.freebsd.org
>
> If you experience any problems, please let me know where you are, which mirror
> was selected, and what address `host -t a $mirror` returns for it. (As the
> name suggests, different people should will get different mirrors.)
>

I get

portsnap fetch -s geodns.portsnap.freebsd.org
Looking up geodns.portsnap.freebsd.org mirrors... none found.
Fetching snapshot tag from geodns.portsnap.freebsd.org... failed.
No mirrors remaining, giving up.

_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "[hidden email]"

Colin Percival-4

Re: Please test geodns.portsnap.freebsd.org

On 05/12/12 00:02, Leslie Jensen wrote:
> portsnap fetch -s geodns.portsnap.freebsd.org
> Looking up geodns.portsnap.freebsd.org mirrors... none found.
> Fetching snapshot tag from geodns.portsnap.freebsd.org... failed.
> No mirrors remaining, giving up.

Hmm, that's not good. What do
# host -t srv _http._tcp.geodns.portsnap.freebsd.org
and
# portsnap fetch -s portsnap.freebsd.org
give you?

--
Colin Percival
Security Officer, FreeBSD | freebsd.org | The power to serve
Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "[hidden email]"

Leslie Jensen

Re: Please test geodns.portsnap.freebsd.org

2012-05-12 09:04, Colin Percival skrev:

> On 05/12/12 00:02, Leslie Jensen wrote:
>> portsnap fetch -s geodns.portsnap.freebsd.org
>> Looking up geodns.portsnap.freebsd.org mirrors... none found.
>> Fetching snapshot tag from geodns.portsnap.freebsd.org... failed.
>> No mirrors remaining, giving up.
>
> Hmm, that's not good. What do
> # host -t srv _http._tcp.geodns.portsnap.freebsd.org
> and
> # portsnap fetch -s portsnap.freebsd.org
> give you?
>

host -t srv _http._tcp.geodns.portsnap.freebsd.org
;; Truncated, retrying in TCP mode.
;; Connection to 172.17.0.1#53(172.17.0.1) for
_http._tcp.geodns.portsnap.freebsd.org failed: connection refused.

portsnap fetch -s portsnap.freebsd.org
Looking up portsnap.freebsd.org mirrors... 4 mirrors found.
Fetching snapshot tag from portsnap5.freebsd.org... done.
Latest snapshot on server matches what we already have.
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "[hidden email]"

Colin Percival-4

Re: Please test geodns.portsnap.freebsd.org

On 05/12/12 00:22, Leslie Jensen wrote:
> host -t srv _http._tcp.geodns.portsnap.freebsd.org
> ;; Truncated, retrying in TCP mode.
> ;; Connection to 172.17.0.1#53(172.17.0.1) for
> _http._tcp.geodns.portsnap.freebsd.org failed: connection refused.

Ok, you have a broken recursive DNS server configuration.

I'll have A records as a fallback for situations like this where SRV can't be used.

--
Colin Percival
Security Officer, FreeBSD | freebsd.org | The power to serve
Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "[hidden email]"

Leslie Jensen

Re: Please test geodns.portsnap.freebsd.org

2012-05-12 12:34, Colin Percival skrev:

> On 05/12/12 00:22, Leslie Jensen wrote:
>> host -t srv _http._tcp.geodns.portsnap.freebsd.org
>> ;; Truncated, retrying in TCP mode.
>> ;; Connection to 172.17.0.1#53(172.17.0.1) for
>> _http._tcp.geodns.portsnap.freebsd.org failed: connection refused.
>
> Ok, you have a broken recursive DNS server configuration.
>
> I'll have A records as a fallback for situations like this where SRV can't be used.
>

What exactly does that mean? The IP-address is my home router that acts
as a caching DNS for my network. The router in turn uses my ISP's DNS.

So if there is a configuration issue I'll be willing to drop a letter to
my ISP in order to get it fixed.

_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "[hidden email]"

Colin Percival-4

Re: Please test geodns.portsnap.freebsd.org

On 05/12/12 05:16, Leslie Jensen wrote:

> 2012-05-12 12:34, Colin Percival skrev:
>> On 05/12/12 00:22, Leslie Jensen wrote:
>>> host -t srv _http._tcp.geodns.portsnap.freebsd.org
>>> ;; Truncated, retrying in TCP mode.
>>> ;; Connection to 172.17.0.1#53(172.17.0.1) for
>>> _http._tcp.geodns.portsnap.freebsd.org failed: connection refused.
>>
>> Ok, you have a broken recursive DNS server configuration.
>>
>> I'll have A records as a fallback for situations like this where SRV can't be
>> used.
>
> What exactly does that mean? The IP-address is my home router that acts as a
> caching DNS for my network. The router in turn uses my ISP's DNS.
>
> So if there is a configuration issue I'll be willing to drop a letter to my ISP
> in order to get it fixed.

It's your router. DNS is designed that you can fall back from UDP to TCP if
the response is too big tosend in a UDP packet, but your router seems to not
provide the fallback TCP service. This is sadly a common mis-design, but
usually doesn't cause a huge problem since most DNS responses fit into a UDP
packet.

The A fallback will point you at the closest portsnap mirror, but you won't
get the fail-over behaviour where portsnap will switch mirrors if the first
one isn't responding.

--
Colin Percival
Security Officer, FreeBSD | freebsd.org | The power to serve
Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "[hidden email]"

RW-15

Re: Please test geodns.portsnap.freebsd.org

In reply to this post by Leslie Jensen

On Sat, 12 May 2012 14:16:58 +0200
Leslie Jensen wrote:

>
>
> 2012-05-12 12:34, Colin Percival skrev:
> > On 05/12/12 00:22, Leslie Jensen wrote:
> >> host -t srv _http._tcp.geodns.portsnap.freebsd.org
> >> ;; Truncated, retrying in TCP mode.
> >> ;; Connection to 172.17.0.1#53(172.17.0.1) for
> >> _http._tcp.geodns.portsnap.freebsd.org failed: connection refused.
> >
> > Ok, you have a broken recursive DNS server configuration.
> >
> > I'll have A records as a fallback for situations like this where
> > SRV can't be used.
> >
>
> What exactly does that mean? The IP-address is my home router that
> acts as a caching DNS for my network. The router in turn uses my
> ISP's DNS.
>
> So if there is a configuration issue I'll be willing to drop a letter
> to my ISP in order to get it fixed.

Probably your router doesn't support SRV records, try putting external
servers in resolv.conf.
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "[hidden email]"

Leslie Jensen

Re: Please test geodns.portsnap.freebsd.org

2012-05-12 16:19, RW skrev:

> On Sat, 12 May 2012 14:16:58 +0200
> Leslie Jensen wrote:
>
>>
>>
>> 2012-05-12 12:34, Colin Percival skrev:
>>> On 05/12/12 00:22, Leslie Jensen wrote:
>>>> host -t srv _http._tcp.geodns.portsnap.freebsd.org
>>>> ;; Truncated, retrying in TCP mode.
>>>> ;; Connection to 172.17.0.1#53(172.17.0.1) for
>>>> _http._tcp.geodns.portsnap.freebsd.org failed: connection refused.
>>>
>>> Ok, you have a broken recursive DNS server configuration.
>>>
>>> I'll have A records as a fallback for situations like this where
>>> SRV can't be used.
>>>
>>
>> What exactly does that mean? The IP-address is my home router that
>> acts as a caching DNS for my network. The router in turn uses my
>> ISP's DNS.
>>
>> So if there is a configuration issue I'll be willing to drop a letter
>> to my ISP in order to get it fixed.
>
> Probably your router doesn't support SRV records, try putting external
> servers in resolv.conf.
> _______________________________________________
> [hidden email] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ports
> To unsubscribe, send any mail to "[hidden email]"

Well I had to read up on configuring dhclient.conf

After adding

prepend domain-name-servers y.y.y.y, x.x.x.x;

To my /etc/dhclient.conf

I now get the following and it looks to me as it works :-)

host -t srv _http._tcp.geodns.portsnap.freebsd.org
;; Truncated, retrying in TCP mode.
_http._tcp.geodns.portsnap.freebsd.org has SRV record 4 10 80
ap-southeast-1.portsnap.freebsd.org.
_http._tcp.geodns.portsnap.freebsd.org has SRV record 1 10 80
geodns-1.portsnap.freebsd.org.
_http._tcp.geodns.portsnap.freebsd.org has SRV record 2 10 80
geodns-2.portsnap.freebsd.org.
_http._tcp.geodns.portsnap.freebsd.org has SRV record 3 10 80
geodns-3.portsnap.freebsd.org.
_http._tcp.geodns.portsnap.freebsd.org has SRV record 4 10 80
isc.portsnap.freebsd.org.
_http._tcp.geodns.portsnap.freebsd.org has SRV record 4 10 80
your-org.portsnap.freebsd.org.
_http._tcp.geodns.portsnap.freebsd.org has SRV record 4 10 80
ec2-eu-west-1.portsnap.freebsd.org.
_http._tcp.geodns.portsnap.freebsd.org has SRV record 4 10 80
ec2-sa-east-1.portsnap.freebsd.org.
_http._tcp.geodns.portsnap.freebsd.org has SRV record 4 10 80
ap-northeast-1.portsnap.freebsd.org.
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "[hidden email]"

Kevin Oberman-3

Re: Please test geodns.portsnap.freebsd.org

On Sat, May 12, 2012 at 8:58 AM, Leslie Jensen <[hidden email]> wrote:

>
>
> 2012-05-12 16:19, RW skrev:
>
>> On Sat, 12 May 2012 14:16:58 +0200
>> Leslie Jensen wrote:
>>
>>>
>>>
>>> 2012-05-12 12:34, Colin Percival skrev:
>>>>
>>>> On 05/12/12 00:22, Leslie Jensen wrote:
>>>>>
>>>>> host -t srv _http._tcp.geodns.portsnap.freebsd.org
>>>>> ;; Truncated, retrying in TCP mode.
>>>>> ;; Connection to 172.17.0.1#53(172.17.0.1) for
>>>>> _http._tcp.geodns.portsnap.freebsd.org failed: connection refused.
>>>>
>>>>
>>>> Ok, you have a broken recursive DNS server configuration.
>>>>
>>>> I'll have A records as a fallback for situations like this where
>>>> SRV can't be used.
>>>>
>>>
>>> What exactly does that mean? The IP-address is my home router that
>>> acts as a caching DNS for my network. The router in turn uses my
>>> ISP's DNS.
>>>
>>> So if there is a configuration issue I'll be willing to drop a letter
>>> to my ISP in order to get it fixed.
>>
>>
>> Probably your router doesn't support SRV records, try putting external
>> servers in resolv.conf.
>> _______________________________________________
>> [hidden email] mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-ports
>> To unsubscribe, send any mail to "[hidden email]"
>
>
>
> Well I had to read up on configuring dhclient.conf
>
> After adding
>
> prepend domain-name-servers y.y.y.y, x.x.x.x;
>
> To my /etc/dhclient.conf
>
> I now get the following and it looks to me as it works :-)
>
>
>
> host -t srv _http._tcp.geodns.portsnap.freebsd.org
> ;; Truncated, retrying in TCP mode.
> _http._tcp.geodns.portsnap.freebsd.org has SRV record 4 10 80
> ap-southeast-1.portsnap.freebsd.org.
> _http._tcp.geodns.portsnap.freebsd.org has SRV record 1 10 80
> geodns-1.portsnap.freebsd.org.
> _http._tcp.geodns.portsnap.freebsd.org has SRV record 2 10 80
> geodns-2.portsnap.freebsd.org.
> _http._tcp.geodns.portsnap.freebsd.org has SRV record 3 10 80
> geodns-3.portsnap.freebsd.org.
> _http._tcp.geodns.portsnap.freebsd.org has SRV record 4 10 80
> isc.portsnap.freebsd.org.
> _http._tcp.geodns.portsnap.freebsd.org has SRV record 4 10 80
> your-org.portsnap.freebsd.org.
> _http._tcp.geodns.portsnap.freebsd.org has SRV record 4 10 80
> ec2-eu-west-1.portsnap.freebsd.org.
> _http._tcp.geodns.portsnap.freebsd.org has SRV record 4 10 80
> ec2-sa-east-1.portsnap.freebsd.org.
> _http._tcp.geodns.portsnap.freebsd.org has SRV record 4 10 80
> ap-northeast-1.portsnap.freebsd.org.

Warning! You will have more problems down the road.

The real issue is that a firewall (or router ACL) is blocking port
53/tcp. This is distressingly common and will result in DNS issues
more and more often.

By default, DNS attempts to use UDP (53/udp) for DNS lookups. If the
response is too big to fit into a UDP packet, the operation will fall
back to using TCP, but many sites follow bad advice of blocking
53/tcp, so the lookup fails. This has been a growing problem as DNS
responses are getting longer due to things like this, IPv6, and
DNSSEC.

Please contact whoever is responsible for your router/firewall and ask
that 53/tcp be allowed. Otherwise, more and more things will break.
--
R. Kevin Oberman, Network Engineer
E-mail: [hidden email]
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "[hidden email]"