I have a firewall with some whitelisted addresses for the kids, one of them is security.debian.org.
The firewall flushes the tables with fresh IP addresses using a scripted cronjob with a nslookup that pulls the addresses and automatically adds them to the whitelist. Doing a nslookup on the firewall and on the kids boxes provides the same IP addresses for security.debian.org: # nslookup security.debian.org Non-authoritative answer: Name: security.debian.org Address: 212.211.132.32 Name: security.debian.org Address: 195.20.242.89 Name: security.debian.org Address: 212.211.132.250 And those IPs are added to the whitelist. However, when APT is run: "Could not connect to security.debian.org:http: [IP: 149.20.20.6 80]" Where does APT get this IP address from? If from some crazy pool of IPs how is it doing lookup?
