From owner-freebsd-current@FreeBSD.ORG Sat Nov 2 15:21:19 2013 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 00E25BFE for ; Sat, 2 Nov 2013 15:21:18 +0000 (UTC) (envelope-from decke@bluelife.at) Received: from mail-oa0-x22a.google.com (mail-oa0-x22a.google.com [IPv6:2607:f8b0:4003:c02::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id B4F1129EC for ; Sat, 2 Nov 2013 15:21:18 +0000 (UTC) Received: by mail-oa0-f42.google.com with SMTP id k14so5762539oag.29 for ; Sat, 02 Nov 2013 08:21:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bluelife.at; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=dv4Z4ca+T2ZtBr12mBLM+LcaEVyu609RRtHvH/pDT48=; b=ZBTDzdo6cGlZMagVvBLsHLI8g9vy74wne1/tQrRnM/QJRYOAc7mhdXQ30rvoGU611X KV+DJDPLB4gEAt8vbRxoJ2bXGM8iyucgN7LrFAghFGqkORZy1KF/9DVGjllzacLZnHAd KatCiSZAjNveuSfjRW74jGjVywMs5Lk+iPMCE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=dv4Z4ca+T2ZtBr12mBLM+LcaEVyu609RRtHvH/pDT48=; b=ZVmylvLRQfGyaBAxjsyt1Q1kC4oiQxJGhYuhxRR1XVy0HG2TL+0BvNa7mC0qVeOR9B OPnYStq+7rn6FRldrjy8jf5zrSRC2V/v/FbJgL+BQPuC+PsVv6beS6InAFyPoSjCn8ER GP8WZNW1doXtkjfgD86Fkhe6zPNtk1O5Y5D+blzfdKiA00SbWOA4XZtxBjbrn+I2/sa/ aQN6xYgw7u5LXWJw7QXJVuggSWsACwqs4PCow2fXK9qwn5RWjLKdq8UKO27dQwa08DuY +KkmGCoSBd4LGP6pAAq9g6fctzty2kmYY9WipHJvdsNB6zSPxf10a6cIb2GkGRGsWJhp +VJQ== X-Gm-Message-State: ALoCoQkXTffGNyzZKm/0Ix5AAvfbrERU85hQVyZQ1FUBdytzhevzuTg6wSU/wpbE3rJTuE+/ZE5K MIME-Version: 1.0 X-Received: by 10.182.16.227 with SMTP id j3mr96904obd.68.1383405677998; Sat, 02 Nov 2013 08:21:17 -0700 (PDT) Received: by 10.76.154.2 with HTTP; Sat, 2 Nov 2013 08:21:17 -0700 (PDT) X-Originating-IP: [46.206.119.247] Received: by 10.76.154.2 with HTTP; Sat, 2 Nov 2013 08:21:17 -0700 (PDT) In-Reply-To: <5274D90D.8040508@FreeBSD.org> References: <5271BC11.1010303@FreeBSD.org> <5272D0DE.4080209@FreeBSD.org> <52745B7F.2080608@vangyzen.net> <5274B947.7030607@FreeBSD.org> <1680682c-dc77-4ee3-8e59-ee7356f307a3@email.android.com> <5274D90D.8040508@FreeBSD.org> Date: Sat, 2 Nov 2013 16:21:17 +0100 Message-ID: Subject: Re: Official FreeBSD Binary Packages now available for pkgng From: =?ISO-8859-1?Q?Bernhard_Fr=F6hlich?= To: Matthew Seaman X-Mailman-Approved-At: Sat, 02 Nov 2013 16:00:53 +0000 Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: Matthias Andree , Current FreeBSD X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Nov 2013 15:21:19 -0000 Am 02.11.2013 11:51 schrieb "Matthew Seaman" : > > On 02/11/2013 10:15, Matthias Andree wrote: > > I understand from Eric's pist that the issue is that through his > > limiting proxies, the SRV are not available at all so he does not even > > get to the point where he could get the pkgN.nyi.freebsd.org > > name back. > > That doesn't make sense. All the DNS SRV lookups on pkg.freebsd.org are > done internally to pkg(8), which then issues an HTTP GET to the specific > mirror selected by its internal algorithms. The web cache won't see > literal 'pkg.freebsd.org' anywhere in the HTTP traffic -- as far as it > is concerned, it's a simple HTTP request to a specific mirror > 'pkg1.nyi.freebsd.org', and can be cached using the usual processes. > > What makes it cache unfriendly is that as far as the web cache is > concerned each of the different mirrors appears to be completely > independent of the others. So at the moment the chance of getting a > cache hit is reduced by a factor of three because of the traffic > distribution across the three mirrors. Just to add another viewpoint. The redports backendmachines are put into an IPv6 private address space without default router and without a dns server. The only internet connection that they have is via an squid proxy. This setup works fine now that libfetch supports http proxies also for https urls. This all works based on the assumption that no direct dns lookups are required on the machines itself but all dns stuff is done on the proxy. Your description makes me believe that this won't work for pkgng. So it's not that people in the real world break their network setups but we also use that in our own FreeBSD infrastructure.