This is actually getting very frustrating! Doing a nslookup specifying the DNS server provides different results when done minutes apart!
$ nslookup security.debian.org 208.67.222.222 Server: 208.67.222.222 Address: 208.67.222.222#53 Non-authoritative answer: Name: security.debian.org Address: 149.20.20.6 Name: security.debian.org Address: 128.31.0.63 Name: security.debian.org Address: 128.61.240.73 Then a couple of minutes after: nslookup security.debian.org 208.67.222.222 Server: 208.67.222.222 Address: 208.67.222.222#53 Non-authoritative answer: Name: security.debian.org Address: 212.211.132.32 Name: security.debian.org Address: 212.211.132.250 Name: security.debian.org Address: 195.20.242.89 Most likely OpenDNS has some load balancing of their own perhaps forwarding the request to different internal servers. Perhaps the only solution is to fix a specific IP address for security.debian.org in my local DNS server and then only use that! On Thu, Oct 22, 2015 at 3:08 AM, Greencopper <greencopperm...@gmail.com> wrote: > >> Doing a nslookup on the firewall and on the kids boxes provides the same IP > >> addresses for security.debian.org: > >> > >> # nslookup security.debian.org > >> Non-authoritative answer: > >> Name: security.debian.org > >> Address: 212.211.132.32 > >> Name: security.debian.org > >> Address: 195.20.242.89 > >> Name: security.debian.org > >> Address: 212.211.132.250 > >> > >> And those IPs are added to the whitelist. However, when APT is run: > >> > >> "Could not connect to security.debian.org:http: [IP: 149.20.20.6 80]" > > > > Always the same address ? Or does it change ? > > > >> Where does APT get this IP address from? > > > > /etc/hosts ? > > Any local DNS server ? > > There is a local DNS server on the firewall, but that's where the > whitelisted IP address gets generated and the result of the nslookup > is the same whether performed on the box or on any other machine in > the house since they all use the same box. > > No, there is nothing in /etc/hosts > > Apt-get is getting different results from using "host" or "nslookup". > >
