Resolving 'ftp.geo.freebsd.org' in Brazil: $ host ftp.geo.freebsd.org ftp.geo.freebsd.org has address 96.47.72.72 ftp.geo.freebsd.org has IPv6 address 2610:1c1:1:606c::15:0 ftp.geo.freebsd.org mail is handled by 0 . Available (official) mirrors in Brazil: $ host ftp.br.freebsd.org ftp.br.freebsd.org is an alias for linorg.usp.br. linorg.usp.br has address 200.144.183.235 linorg.usp.br has IPv6 address 2001:12d0:0:71::183:235 $ host ftp2.br.freebsd.org ftp2.br.freebsd.org is an alias for linorg.usp.br. linorg.usp.br has address 200.144.183.235 linorg.usp.br has IPv6 address 2001:12d0:0:71::183:235 $ host ftp3.br.freebsd.org ftp3.br.freebsd.org has address 143.106.10.152 $ host ftp4.br.freebsd.org ftp4.br.freebsd.org has address 200.132.0.80 ftp4.br.freebsd.org has IPv6 address 2804:0:0:faca::80 List of AS numbers and netblocks used to run the test: AS1916 200.17.32.0/20 200.129.0.0/18 AS16735 201.48.192.0/18 2001:1291::/32 AS26599 152.240/12 AS28573 181.222.128.0/19 2804:14c:de00::/40 AS263516 177.84.60/22 ##################################################################### Resolving 'ftp.geo.freebsd.org' in France: $ host ftp.geo.freebsd.org ftp.geo.freebsd.org has address 213.138.116.78 ftp.geo.freebsd.org has IPv6 address 2610:1c1:1:606c::15:0 ftp.geo.freebsd.org mail is handled by 0 . Available (official) mirrors in France: $ host ftp2.fr.freebsd.org ftp2.fr.freebsd.org is an alias for ftp.free.org. ftp.free.org has address 88.191.250.131 $ host ftp3.fr.freebsd.org ftp3.fr.freebsd.org is an alias for nova.uvsq.fr. nova.uvsq.fr has address 193.51.24.2 nova.uvsq.fr mail is handled by 100 soleil.uvsq.fr. nova.uvsq.fr mail is handled by 200 titan.uvsq.fr. $ host ftp4.fr.freebsd.org ftp4.fr.freebsd.org is an alias for ftp.deuza.net. ftp.deuza.net is an alias for beastie.deuza.net. beastie.deuza.net has address 94.23.217.75 beastie.deuza.net has IPv6 address 2001:41d0:2:5c4b:: List of AS numbers and netblocks used to run the test: AS16276 46.105.0.0/16 2001:41d0::/32 ##################################################################### Resolving 'ftp.geo.freebsd.org' in the U.S.: $ host ftp.geo.freebsd.org ftp.geo.freebsd.org has address 140.113.168.172 ftp.geo.freebsd.org has IPv6 address 2001:f18:113:fb5d::15:0 ftp.geo.freebsd.org mail is handled by 0 . Available (official) mirrors in the U.S.: ... :3 List of AS numbers and netblocks used to run the test: AS46652 192.241.128.0/19 2604:a880:400::/48 ##################################################################### Reverse lookups from what 'ftp.geo.freebsd.org' returned: $ dig +short -x 96.47.72.72 ftp0.nyi.freebsd.org. $ dig +short -x 140.113.168.172 ftp0.twn.freebsd.org. $ dig +short -x 213.138.116.78 ftp0.bme.freebsd.org. $ dig +short -x 2610:1c1:1:606c::15:0 ftp0.nyi.freebsd.org. Who is ... $ whois 2001:f18:113:fb5d::15:0 descr: National Chiao Tung University descr: Hsinchu, Taiwan 300 ##################################################################### Some machines used for troubleshooting are running local NS. Enforcing the use of geo.freebsd.org's NS did not solve the issue. List of geo.freebsd.org's NS, and how to get it: $ dig +short NS freebsd.org ns2.isc-sns.com. ns1.isc-sns.net. ns3.isc-sns.info. $ host ns1.isc-sns.net. ns1.isc-sns.net has address 72.52.71.1 ns1.isc-sns.net has IPv6 address 2001:470:1a::1 $ drill NS geo.freebsd.org @72.52.71.1 ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 40195 ;; flags: qr rd ; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 3 ;; QUESTION SECTION: ;; geo.freebsd.org. IN NS ;; ANSWER SECTION: ;; AUTHORITY SECTION: geo.freebsd.org. 600 IN NS gns0.freebsd.org. geo.freebsd.org. 600 IN NS gns2.freebsd.org. geo.freebsd.org. 600 IN NS gns1.freebsd.org. ;; ADDITIONAL SECTION: gns0.freebsd.org. 600 IN A 8.8.178.30 gns1.freebsd.org. 600 IN A 96.47.72.24 gns2.freebsd.org. 600 IN A 213.138.116.75 ;; Query time: 106 msec ;; SERVER: 72.52.71.1 ;; WHEN: Thu Sep 29 16:00:40 2016 ;; MSG SIZE rcvd: 138
Unfortunately ftp.freebsd.org isn't really meant to be a mirror selector. It was only really meant to solve the problem where the two project-operated "ftp.freebsd.org" servers were selected at random. We have had a huge problem with shared 3rd party mirrors over the last few years. What would often happen is that ftpN.cc.freebsd.org was a cname to a jumbo mirror server at a university and it also carried things like the sourceforge binary uploads directory. This would cause people like google to blacklist "freebsd.org" for hosting malware - even though it was a 3rd party mirror - eg: "http://ftp4.ie.freebsd.org/pub/SourceForge/m/ma/malware.exe" etc. You'd get malware warnings for trying to download via chrome / firefox / etc for *all* of freebsd.org until somebody intervened. There were many secondary effects negative that were tied to the google safebrowsing list - eg: email blacklists, services refused, etc. As a result, at this time we are unwilling to point "ftp.freebdsd.org" (ftp/http) or "https://download.freebsd.org" to mirrors that are not under project control and we have had to de-list some 3rd party mirrors that cause malware flagging on freebsd.org. While we probably should use an actual closest-mirror selection system, I don't expect it to be tied to ftp.freebsd.org/download.freebsd.org. If we did such a thing I would be strongly in favor of having people see the proper names for the servers rather than ftp*.cc.freebsd.org. pkg.freebsd.org and svn.freebsd.org runs on the same infrastructure as ftp/download.freebsd.org.
I didn't give an example. This works: http://ftp.br.freebsd.org/ubuntu-releases/ - I don't mean to pick on ubuntu, but imagine if it's the sourceforge malware site.
(In reply to Peter Wemm from comment #1) That is really a good point (not to be reported as malware/virus source), but... how odd can it be to use a FreeBSD machine in the U.S. and resolve 'ftp.geo.freebsd.org' to an IP address of a server hosted in Taiwan? We can check it on my first message.
(In reply to Peter Wemm from comment #2) I did read https://www.freebsd.org/doc/en/articles/hubs/index.html to get more information about how to contribute (again) with FreeBSD on mirroring its FTP server, but it says that "We are not accepting new mirrors at this time". Let's say that I can try to 'donate' you a machine in Brazil to host FreeBSD's releases+snapshots, and maybe share the hosting service with only a partial OpenBSD mirror. Would it be helpful, or is it out of question/discussion? What about mirroring 'pkg.freebsd.org'? Follows the same policy? Thank you for taking your time to write considerations and give us clear feedback about FreeBSD's geodns solution.
I was wondering if the source data was erroneous so I did some quick check on one of the machines in question (gns0): Here's what I see, based on the addresses you provided: First sample, Brazil: $ geoiplookup 200.17.32.0 BR, 06, Ceara, Aracoiaba, 62750, -4.490500, -38.677601, 0, 0 $ geoiplookup 201.48.192.0 BR, 27, Sao Paulo, São Paulo, N/A, -23.473301, -46.665798, 0, 0 $ geoiplookup 152.240.0.0 BR, 28, Sergipe, Aracaju, N/A, -10.916700, 0, 0 $ geoiplookup 181.222.128.0 BR, 06, Ceara, Fortaleza, N/A, -3.316700, -41.416698, 0, 0 $ geoiplookup 177.84.60.0 BR, 26, Santa Catarina, Pouso Redondo, 89172, -27.303900, -49.984699, 0, 0 Second, France: $ geoiplookup 46.105.0.0 FR, N/A, N/A, N/A, N/A, 48.858200, 2.338700, 0, 0 Third, US: $ geoiplookup 192.241.128.0 US, NY, New York, New York, 10011, 40.742100, -74.001801, 501, 212 I was concerned that the source data might be incorrect but it seems plausible. However, now that I look at the timing, I am wondering if you encountered a failover scenario. We were doing openssl patching and taking machines out of the pool. The lack of connectivity would have caused an alternate to be selected. I am wondering if both the UK and NY mirrors were offline while you did the test. Under normal circumstances I would expect the geo-rules to direct Brazil to the NY site, and France to the UK site. Do you still see queries from that US site resolving to Taiwan? What do you get when you query the gns*.freebsd.org servers directly? eg: $ host ftp.geo.freebsd.org gns0.freebsd.org ftp.geo.freebsd.org has address 96.47.72.72 ftp.geo.freebsd.org has IPv6 address 2610:1c1:1:606c::15:0 We only give out a 300 second TTL on those records so caching effects should be fairly minimal.
(In reply to Peter Wemm from comment #5) Date: Wednesday, 5 October 2016 ~ 14:57:29 UTC (GMT) I did ran the tests on the very same machines, and using the same CIDR mentioned before. It really looks good as you said, and the U.S. hosted machine got 'ftp.geo.freebsd.org' pointing to a NYI's (AS11403) mirror. * 8.8.178.30 == Yahoo!, AS10310 -- Brazil: % host ftp.geo.freebsd.org gns0.freebsd.org Using domain server: Name: gns0.freebsd.org Address: 8.8.178.30#53 Aliases: ftp.geo.freebsd.org has address 96.47.72.72 ftp.geo.freebsd.org has IPv6 address 2610:1c1:1:606c::15:0 ftp.geo.freebsd.org mail is handled by 0 . -- France: $ host ftp.geo.freebsd.org gns0.freebsd.org Using domain server: Name: gns0.freebsd.org Address: 8.8.178.30#53 Aliases: ftp.geo.freebsd.org has address 213.138.116.78 ftp.geo.freebsd.org has IPv6 address 2001:41c8:112:8300::15:0 ftp.geo.freebsd.org mail is handled by 0 . -- U.S.: % host ftp.geo.freebsd.org gns0.freebsd.org Using domain server: Name: gns0.freebsd.org Address: 8.8.178.30#53 Aliases: ftp.geo.freebsd.org has address 96.47.72.72 ftp.geo.freebsd.org has IPv6 address 2610:1c1:1:606c::15:0 ftp.geo.freebsd.org mail is handled by 0 . I was a bit curious, so I also ran the tests over v6 (same CIDR mentioned before). * 2001:4860:4860::8844 == Google, AS15169 * 2620:0:ccc::2 == OpenDNS, AS36692 * 2804:10:10::20 == IPv6 Internet, AS28299 -- Brazil: % host ftp.geo.freebsd.org 2620:0:ccc::2 Using domain server: Name: 2620:0:ccc::2 Address: 2620:0:ccc::2#53 Aliases: ftp.geo.freebsd.org has address 96.47.72.72 ftp.geo.freebsd.org has IPv6 address 2610:1c1:1:606c::15:0 ftp.geo.freebsd.org mail is handled by 0 . % host ftp.geo.freebsd.org 2001:4860:4860::8844 Using domain server: Name: 2001:4860:4860::8844 Address: 2001:4860:4860::8844#53 Aliases: ftp.geo.freebsd.org has address 140.113.168.172 ftp.geo.freebsd.org has IPv6 address 2001:f18:113:fb5d::15:0 ftp.geo.freebsd.org mail is handled by 0 . % host ftp.geo.freebsd.org 2804:10:10::20 Using domain server: Name: 2804:10:10::20 Address: 2804:10:10::20#53 Aliases: ftp.geo.freebsd.org has address 96.47.72.72 ftp.geo.freebsd.org has IPv6 address 2610:1c1:1:606c::15:0 ftp.geo.freebsd.org mail is handled by 0 . -- France: $ host ftp.geo.freebsd.org 2620:0:ccc::2 Using domain server: Name: 2620:0:ccc::2 Address: 2620:0:ccc::2#53 Aliases: ftp.geo.freebsd.org has address 96.47.72.72 ftp.geo.freebsd.org has IPv6 address 2001:41c8:112:8300::15:0 ftp.geo.freebsd.org mail is handled by 0 . $ host ftp.geo.freebsd.org 2001:4860:4860::8844 Using domain server: Name: 2001:4860:4860::8844 Address: 2001:4860:4860::8844#53 Aliases: ftp.geo.freebsd.org has address 140.113.168.172 ftp.geo.freebsd.org has IPv6 address 2001:f18:113:fb5d::15:0 ftp.geo.freebsd.org mail is handled by 0 . -- U.S.: % host ftp.geo.freebsd.org 2620:0:ccc::2 Using domain server: Name: 2620:0:ccc::2 Address: 2620:0:ccc::2#53 Aliases: ftp.geo.freebsd.org has address 96.47.72.72 ftp.geo.freebsd.org has IPv6 address 2610:1c1:1:606c::15:0 ftp.geo.freebsd.org mail is handled by 0 . % host ftp.geo.freebsd.org 2001:4860:4860::8844 Using domain server: Name: 2001:4860:4860::8844 Address: 2001:4860:4860::8844#53 Aliases: ftp.geo.freebsd.org has address 140.113.168.172 ftp.geo.freebsd.org has IPv6 address 2001:f18:113:fb5d::15:0 ftp.geo.freebsd.org mail is handled by 0 .