Brian a écrit : > On Thu 22 Oct 2015 at 11:44:41 +0200, Sven Hartge wrote: > >> Pascal Hambourg <[email protected]> wrote: >>> Greencopper a écrit : >> >>>> Most likely OpenDNS has some load balancing of their own perhaps >>>> forwarding the request to different internal servers. >>>> >>>> Perhaps the only solution is to fix a specific IP address for >>>> security.debian.org in my local DNS server and then only use that! >>> >>> Or don't use OpenDNS servers. >> >> Or don't try to build firewall rules based on DNS lookups. > > Or amend sources.list to not require DNS. 149.20.20.6 is schein; use > villa if preferred. > > deb ftp://149.20.20.6/debian-security jessie/updates main
I don't second that suggestion because it has several drawbacks. - It cancels the redundancy provided by security.debian.org. - It does not work with HTTP, so you have to use FTP which is harder to manage by firewalls. - If one day this one address does not serve as a Debian security mirror any more, you're stuck. - Changing a mirror forces APT to reload all the package list at the next update. This can be annoying with a low speed link. I was serious when suggesting not tu use OpenDNS. Why use it if you have your own local recursive DNS cache ?
