1. Forum
  2. Usenet
  3. LINUX.DEBIAN.PROJECT

  • Re: Debian website is blocked in Argentina. Or it's a misconfiguration?

    From Pierre-Elliott =?utf-8?Q?B=C3=A9cue@21:1/5 to maritom83@yahoo.com on Tue Apr 4 11:40:01 2023
    Adding DSA as this is a DNS matter which falls under our scope.

    "maritom83@yahoo.com" <maritom83@yahoo.com> wrote on 04/04/2023 at 05:36:35+0200:

    I will start comparing some domains:

    root@LEDE:~# nslookup debian.org 1.1.1.1
    Server:         1.1.1.1
    Address:        1.1.1.1#53

    Name:      debian.org
    Address 1: 130.89.148.77
    Address 2: 128.31.0.62
    Address 3: 149.20.4.15
    Address 4: 2603:400a:ffff:bb8::801f:3e
    Address 5: 2001:67c:2564:a119::77
    Address 6: 2001:4f8:1:c::15

    root@LEDE:~# nslookup www.debian.org 1.1.1.1
    Server:         1.1.1.1
    Address:        1.1.1.1#53

    Name:      www.debian.org
    Address 1: 200.17.202.197
    Address 2: 2801:82:80ff:8009:e61f:13ff:fe63:8e88


    The second one only gives Brazilian IP. Why?. Cannot be viewed here. Manually editing hosts can "fix" this problem.

    200.17.202.197 is from UFPR, a blocked network by Telecom Argentina and Internexa. Well, the entire AS1916 (including ftp.br.debian.org, uepg, c3sl...).

    Further explanations here: (spanish) https://foros.3dgames.com.ar/threads/315307?p=24601216&viewfull=1#post24601216
    https://foros.3dgames.com.ar/threads/315307?p=24602387&viewfull=1#post24602387

    www.debian.org name resolution is done through GeoIP DNS (multiple
    mirrors over multiple continents). For South America in general, the
    only record we put for www.debian.org is santoro.debian.org which is
    hosted in brazil.

    The solution here would probably to put an exception on Argentina and
    put the IP of a US server for GeoIP DNS.

    I'll see with my DSA Teammates if that's fine with them and consider
    this option.

    --
    PEB

    --=-=-Content-Type: application/pgp-signature; name="signature.asc"

    -----BEGIN PGP SIGNATURE-----

    iQJDBAEBCgAtFiEE5CQeth7uIW7ehIz87iFbn7jEWwsFAmQr7G8PHHBlYkBkZWJp YW4ub3JnAAoJEO4hW5+4xFsLnfYP/2ExWrVtoW00UvfJocEnO6TJyDNM8vM6Nxi5 gGx3/WHX0fbZwdc3a7WzKvlwJYJW6Pe9l/VAmQYIL58jOrGZxfngxUKzoqe0b3Hc z10f7FqRBCSg8g9td0/nKM8aJQLqn8lV6n3N7kuvLXcgJyfaFp7iOAwmIUgYy79d G/jb8Drm2mropAU8nG8BACkt4HXphVyDNDw5qhnJjzFwGqX3VIUXRuMwI+tk+huo u8T6OBXay7clOK4/dMABICLGybBWipluS5i5kSHhwh3KBzdTbvgBqQrxbMmgcxPz KKFBKjWfL6RZfvjhMSlC/WPqpfJw9AOrQJq0jMOytkSE51wFJT68EM2uWDLbfRm3 zFGej6ybOEgZcz3xrgEyokFxN4KTdtm8PZxZ71Vk4qPCnxVPLSv+EQiW2y0xUoDI VevDNGG+MFA5rxGfHmpM/uKEmbylxGgnaM+nC7mDIlwGExQg/AmjGM/3rAvr0AQm 4T5pr8xK1nP+MUXPid0vPZI1v2oYHMU+VXZ7hpkIbXBHLBW86J4LL0pgwUJ3gnsY hjshyMN1VwDBSExDeRgpXFSBFmgNdyZnoTyI3dWmwh/GGy97qe6MT7P/toxUFY8B xXJxsrb6juigd5KoHLtTsrKbL+ovt2OReY0ikH8Ndqj7Tqu/MQCufbAjqBK1v4Y1
    4vfb0e8b
    =1hNV
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Pierre-Elliott =?utf-8?Q?B=C3=A9cue@21:1/5 to peb@debian.org on Tue Apr 4 16:40:01 2023
    Pierre-Elliott Bécue <peb@debian.org> wrote on 04/04/2023 at 11:13:46+0200:

    [[PGP Signed Part:Good signature from EE215B9FB8C45B0B Pierre-Elliott Bécue <becue@crans.org> (trust ultimate) created at 2023-04-04T11:22:55+0200 using RSA]]
    Adding DSA as this is a DNS matter which falls under our scope.

    "maritom83@yahoo.com" <maritom83@yahoo.com> wrote on 04/04/2023 at 05:36:35+0200:

    I will start comparing some domains:

    root@LEDE:~# nslookup debian.org 1.1.1.1
    Server:         1.1.1.1
    Address:        1.1.1.1#53

    Name:      debian.org
    Address 1: 130.89.148.77
    Address 2: 128.31.0.62
    Address 3: 149.20.4.15
    Address 4: 2603:400a:ffff:bb8::801f:3e
    Address 5: 2001:67c:2564:a119::77
    Address 6: 2001:4f8:1:c::15

    root@LEDE:~# nslookup www.debian.org 1.1.1.1
    Server:         1.1.1.1
    Address:        1.1.1.1#53

    Name:      www.debian.org
    Address 1: 200.17.202.197
    Address 2: 2801:82:80ff:8009:e61f:13ff:fe63:8e88


    The second one only gives Brazilian IP. Why?. Cannot be viewed here. Manually editing hosts can "fix" this problem.

    200.17.202.197 is from UFPR, a blocked network by Telecom Argentina and Internexa. Well, the entire AS1916 (including ftp.br.debian.org, uepg, c3sl...).

    Further explanations here: (spanish)
    https://foros.3dgames.com.ar/threads/315307?p=24601216&viewfull=1#post24601216
    https://foros.3dgames.com.ar/threads/315307?p=24602387&viewfull=1#post24602387

    www.debian.org name resolution is done through GeoIP DNS (multiple
    mirrors over multiple continents). For South America in general, the
    only record we put for www.debian.org is santoro.debian.org which is
    hosted in brazil.

    The solution here would probably to put an exception on Argentina and
    put the IP of a US server for GeoIP DNS.

    I'll see with my DSA Teammates if that's fine with them and consider
    this option.

    After discussing with them internally, it is our opinion that you should probably bring this matter with your ISP as it's not really normal that
    they block a whole network on web ports.

    On our side, we do not want to do specific work for specific ISPs having
    what looks like a bad policy.

    Regards,
    --
    PEB

    --=-=-Content-Type: application/pgp-signature; name="signature.asc"

    -----BEGIN PGP SIGNATURE-----

    iQJDBAEBCgAtFiEE5CQeth7uIW7ehIz87iFbn7jEWwsFAmQsM+4PHHBlYkBkZWJp YW4ub3JnAAoJEO4hW5+4xFsL4QQP/3mT/Ltq3gxGkUuzrR72sRvBszq3NMyV37Gj WFODvXwk0kOIJHxl7tIX3EzJ5WPMycSTdBCvVBP98SIeYTyxIFf9rHCuJ65kMCpG yuTZs08J7MEWNfvpie7adxFVHSjXG5AFF6/jA9TRMEjUKUJJ902ia3dtccNbXG0v GcZlNS0F66HrVHL+srscorpCS0hCrXYm8N80Rm2CjWRxisijy6LPeaY5bKMIv1V6 ZzdJ0ilK7j/AG+xbRkFl2KiObjjUOupQnkrW3MPxbWGjuRD8E8i/AKVNrZxN8pbA ArFdCdZHuE68cnYabBIxyGedhHxOqFo9eZracbA5WtNO36G+nVoWqhQ5z/LnNu4B fuscm4nISVTTx7SzbZBh68Xn4r1HWLGW4OOQ7DWLhdCgcm+5Iseio4xRu269KBZj yQcK2fUMfoXENMnmsdPOAc/jPmAHL+leR29QZOs50qrABEQtmi4SVLZ5DDHfVdof /Nbht+c3ihEC0VE+E/vO9dRkuYG9C1Ll2Kk3hglJGA+umMIB35wCe0blLOFE2yBE Oi+iunXMP1q0l0+3DFwRyIYAeuJt6hzGy7PvxRaN5LWq+m1TevIIYZP47euZtXDB 7TMpXH4NZ2INdrjHVKMeNDZnd8+oVvNQvI+XGdzzNVz+67ENijdzQapORBbogkbz
    Nk7Cltc5
    =vk9x
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)