From: Martin Zobel-Helas Date: Sun, 7 Jun 2009 13:31:24 +0000 (+0200) Subject: Merge branch 'master' of git+ssh://zobel@db.debian.org/git/dsa-wiki X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=13084b3ea11689e3881c216f1f1e0f957e741532;hp=fc494b5927df561d84bccc48e10c4028b7017cb9;p=mirror%2Fdsa-wiki.git Merge branch 'master' of git+ssh://zobel@db.debian.org/git/dsa-wiki --- diff --git a/input/dsablog/2009/06/Howto_setup_GeoDNS_for_security.debian.org.mdwn b/input/dsablog/2009/06/Howto_setup_GeoDNS_for_security.debian.org.mdwn index edf8379..abd5e02 100644 --- a/input/dsablog/2009/06/Howto_setup_GeoDNS_for_security.debian.org.mdwn +++ b/input/dsablog/2009/06/Howto_setup_GeoDNS_for_security.debian.org.mdwn @@ -1,6 +1,6 @@ -DSA is currently play around with a patched version of bind9 (based on a +DSA is currently playing around with a patched version of bind9 (based on a patch we received from kernel.org people) to implement GeoDNS for -security.debian.org. You might have noticed, that we currently have a +security.debian.org. You might have noticed that we currently have a round robin list of up to seven hosts in the security.debian.org rotation. Depending on time and luck your apt currently might pick a host which is located half around the globe for you, resulting in @@ -8,11 +8,10 @@ sometimes really slow download rates. ## Idea -The current idea is only present a list of security mirrors to you which -is located on the continent you live on. That won't work for all -continents at the moment, we are aware of that. For that reason we are -in paralell currently moving machines around the globe, to get that -fixed in foreseeable future. +The current idea is to only present a list of security mirrors to +you which are located on the continent you live on. We are aware that +this won't work for all continents at the moment. For this reason we +are also currently moving machines around the globe. ## How to test @@ -35,10 +34,12 @@ zobel@gluck:~% dig -ttxt +short security.geo.debian.org The patch we used for bind9 uses [libgeoip](http://packages.debian.org/geoip) and [MaxMind's GeoLite Country database](http://www.maxmind.com/app/geolitecountry). +[This](http://vancouver.yorkcabal.org.uk/~steve/.bind/geoip.patch) +patch was necessary to get bind to play nicely. As we don't want to break security.debian.org at this stage of our -testing, we decided to add a new subdomain security.geo.debian.org which -with we are currently playing. +testing, we decided to add a new subdomain security.geo.debian.org with +which we are currently playing. Having an ACL for EU defining all the countries belonging to the European Subcontinent, a config sniplet for security.debian.org's zone