From b3d18327d965802b1f29bca44e99a04ac3f2f4db Mon Sep 17 00:00:00 2001 From: Stephen Gran Date: Sun, 7 Jun 2009 14:07:37 +0100 Subject: [PATCH] Some Denglish modification, and a link to the patch Signed-off-by: Stephen Gran --- ..._setup_GeoDNS_for_security.debian.org.mdwn | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/input/dsablog/2009/06/Howto_setup_GeoDNS_for_security.debian.org.mdwn b/input/dsablog/2009/06/Howto_setup_GeoDNS_for_security.debian.org.mdwn index edf8379..abd5e02 100644 --- a/input/dsablog/2009/06/Howto_setup_GeoDNS_for_security.debian.org.mdwn +++ b/input/dsablog/2009/06/Howto_setup_GeoDNS_for_security.debian.org.mdwn @@ -1,6 +1,6 @@ -DSA is currently play around with a patched version of bind9 (based on a +DSA is currently playing around with a patched version of bind9 (based on a patch we received from kernel.org people) to implement GeoDNS for -security.debian.org. You might have noticed, that we currently have a +security.debian.org. You might have noticed that we currently have a round robin list of up to seven hosts in the security.debian.org rotation. Depending on time and luck your apt currently might pick a host which is located half around the globe for you, resulting in @@ -8,11 +8,10 @@ sometimes really slow download rates. ## Idea -The current idea is only present a list of security mirrors to you which -is located on the continent you live on. That won't work for all -continents at the moment, we are aware of that. For that reason we are -in paralell currently moving machines around the globe, to get that -fixed in foreseeable future. +The current idea is to only present a list of security mirrors to +you which are located on the continent you live on. We are aware that +this won't work for all continents at the moment. For this reason we +are also currently moving machines around the globe. ## How to test @@ -35,10 +34,12 @@ zobel@gluck:~% dig -ttxt +short security.geo.debian.org The patch we used for bind9 uses [libgeoip](http://packages.debian.org/geoip) and [MaxMind's GeoLite Country database](http://www.maxmind.com/app/geolitecountry). +[This](http://vancouver.yorkcabal.org.uk/~steve/.bind/geoip.patch) +patch was necessary to get bind to play nicely. As we don't want to break security.debian.org at this stage of our -testing, we decided to add a new subdomain security.geo.debian.org which -with we are currently playing. +testing, we decided to add a new subdomain security.geo.debian.org with +which we are currently playing. Having an ACL for EU defining all the countries belonging to the European Subcontinent, a config sniplet for security.debian.org's zone -- 2.20.1