From owner-freebsd-stable@freebsd.org  Thu Dec  8 21:52:04 2016
Return-Path: <owner-freebsd-stable@freebsd.org>
Delivered-To: freebsd-stable@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 88866C6EB08
 for <freebsd-stable@mailman.ysv.freebsd.org>;
 Thu,  8 Dec 2016 21:52:04 +0000 (UTC)
 (envelope-from paul@gromit.dlib.vt.edu)
Received: from gromit.dlib.vt.edu (gromit.dlib.vt.edu [128.173.126.120])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "gromit.dlib.vt.edu",
 Issuer "Chumby Certificate Authority" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 696057B3
 for <freebsd-stable@freebsd.org>; Thu,  8 Dec 2016 21:52:04 +0000 (UTC)
 (envelope-from paul@gromit.dlib.vt.edu)
Received: from mather.chumby.lan (c-71-63-91-41.hsd1.va.comcast.net
 [71.63.91.41])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by gromit.dlib.vt.edu (Postfix) with ESMTPSA id D8DFF272;
 Thu,  8 Dec 2016 16:42:33 -0500 (EST)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
Subject: Re: freebsd-update <bleep>
From: Paul Mather <paul@gromit.dlib.vt.edu>
In-Reply-To: <m2eg1i6s64.wl-randy@psg.com>
Date: Thu, 8 Dec 2016 16:42:33 -0500
Cc: FreeBSD Stable <freebsd-stable@freebsd.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <3E6BDFC3-78C4-4D40-AF40-2E06456D72CF@gromit.dlib.vt.edu>
References: <m2eg1i6s64.wl-randy@psg.com>
To: Randy Bush <randy@psg.com>
X-Mailer: Apple Mail (2.3124)
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-stable>, 
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Dec 2016 21:52:04 -0000

On Dec 8, 2016, at 4:13 PM, Randy Bush <randy@psg.com> wrote:

> Basic symptom:
>=20
>    #  /usr/sbin/freebsd-update fetch
>    Looking up update.FreeBSD.org mirrors... none found.
>    Fetching metadata signature for 10.3-STABLE from =
update.FreeBSD.org... failed.
>    No mirrors remaining, giving up.


I had this problem a while ago.  In my case, it turned out that my =
upstream DNS was filtering out SRV requests, which breaks freebsd-update =
mirror handling.  My upstream DNS was via an OpenWRT box.  According to =
their documentation (https://wiki.openwrt.org/doc/howto/dhcp.dnsmasq) in =
the "SIP-Phones and dnsmasq" section they say, "By default, the option =
filterwin2k in dnsmasq is activated, which seems to cause to block =
queries for SRV records."  True enough, disabling "filterwin2k" in =
/etc/config/dhcp "fixed" my problem.

I don't know if this is related to your problem, but in my case I wasn't =
getting *any* SRV records returned for _http._tcp.update.FreeBSD.org... =
:-(

I believe freebsd-update falls back to a standard server if no mirrors =
can be enumerated, but this server tends to get overloaded when security =
advisories come out (at least that was my experience when I had the SRV =
records problem) and so freebsd-update can fail.

Cheers,

Paul.=