On Tue, Feb 21, 2006 at 09:18:16AM +0100, martin f krafft wrote: > also sprach Michal Sabala <[EMAIL PROTECTED]> [2006.02.20.2328 +0100]: > > host -t a security.debian.org > > security.debian.org has address 82.94.249.158 <----- slow > > Please see > http://lists.debian.org/debian-security/2006/02/msg00041.html > > > Editing /etc/hosts to contain: > > 128.101.80.133 security.debian.org > > > > solves the problem. Our network is working properly BTW. > > Please do not do this. A better fix is to REJECT 82.94.249.158/32 > with iptables: > > iptables -I OUTPUT -d 82.94.249.158/32 -j REJECT > > (amend as needed). This leaves a round-robin of two servers rather > than everyone banging on 128.101.80.133 (or the other one).
*blink* - erm, just out of interest, how does this help? This is just going to stop packets from going to that IP, it's not going to stop things resolving to that IP, so instead of getting a slow connection you're just going to get a connection refused... seems like an odd way of doing things - maybe it would be better to use a local caching nameserver that you can configure to filter out that IP when there is more than one A record available instead? (I can't think of a simple way of doing that off the top of my head, though) Cheers, Brett. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
