John Carver's picture

I just discovered that Debian's cdn.debian.net has been deprecated (see https://wiki.debian.org/DebianGeoMirror).  Because TurnKey appliances use this address to determine the nearest mirror server, this means that apt-get update is broken until you change the source lists. According to the wiki, all references to this address should be replaced by 'http.debian.net'.  I used the following sed command to make sure I caught all occurrances. 

sed -i 's/cdn.debian.net/http.debian.net/' /etc/apt/sources.list.d/*

Older appliances may need to edit /etc/apt/sources.list

Forum: 
OnePressTech's picture

I was scratching my head today over the same error as I tried to install gitannex with my gitlab. I finally tracked the issue down as you did after some varied googling.

I should have looked here first though, it would have saved me some time.

Well spotted and thanks for posting :-)

Cheers,

Tim (Managing Director - OnePressTech)

Liraz Siri's picture

Guys, could you try again with cdn.debian.net? I can't reproduce this.

cdn.debian.net is an alias to http.debian.net. What versions of TurnKey are you seeing this with? APT has had support for HTTP redirections since Squeeze so TurnKey 12 and up should be good.

Supposedly they recently switched the DNS over so maybe this is a propogation issue?

Anyhow, I wasn't aware that cdn.debian.net has been deprecated. I committed a fix to common sources:

https://github.com/turnkeylinux/common/commit/5d36937c06e746c33944fac333...

OnePressTech's picture

When I access http://cdn.debian.net now I get the http.debian results (though why they would think http://http was a sensible prefix...especially https://http when repositories all move to https as is inevitable).

So you're probably right...DNS propogation error (they should have left the original mirror intact, cloned it to the http domain and left them both running for 1-2 days before decommissioing the cdn site to avoid this issue).

All good now though. Minor ripple in the TKLX pond :-)

Cheers,

Tim (Managing Director - OnePressTech)

John Carver's picture

From where I'm at in Iowa, I'm still getting the default Apache page (no redirection) at cdn.debian.net.

It works!

This is the default web page for this server.

The web server software is running but no content has been added, yet.

This may just be a screwup that affects a few servers, but at least two of us have experienced the problem.  I think there are more users that haven't noticed the problem yet.  Fortunately it doesn't prevent security updates from being installed.

Information is free, knowledge is acquired, but wisdom is earned.

Jeremy Davis's picture

Although it seems to be ok now. I updated my laptop and a couple of the VMs I'm working in (to http.debian.net) but I checked on another VM that I hadn't updated and it appears to work now. cdn.debian.net was down for at least 2 days for me though. I didn't check in my browser but apt certainly wasn't working. Now when I browse to cdn.debian.net I get "Welcome to http.debian.net" so perhaps it a DNS propagation issue?

FWIW John, might be worth checking your DNS provider. Not sure about the US, but In Australia ISPs are notorious for caching DNS way too long. I use google public DNS (8.8.8.8) now and find that much better...

John Carver's picture

I used dig to compare the DNS responses

;; QUESTION SECTION:
;http.debian.net.        IN    A

;; ANSWER SECTION:
http.debian.net.    1397    IN    A    46.4.205.44
;; QUESTION SECTION:
;cdn.debian.net.            IN    A

;; ANSWER SECTION:
cdn.debian.net.        637    IN    CNAME    deb.cdn.araki.net.
deb.cdn.araki.net.    19993    IN    CNAME    http.debian.net.
http.debian.net.    1469    IN    A    46.4.205.44

As you can see, they both resolve to the same Apache server.  I think it's a misconfigured server alias. When I request cdn.debian.net, I get the default apache "It works" page. When I request http://http.debian.net, I get the "Welcome to http.debian.net" page.

PS: Wiping egg off face :)  I was fooled into thinking it was still failing because of the browser cache. Once I thought to clear the cache, I now get the correct page.  apt-get update would have worked had I bothered to login and check one of my unmodified servers.

Information is free, knowledge is acquired, but wisdom is earned.

Add new comment