Turns out, I am unable to use Cloudflare's DNS within my network because Gentoo's DNS are misconfigured. I am using pihole with DNSSEC validation. For Gentoo's domains, the result is "BOGUS" with SERVFAIL response for both of rsync.gentoo.org and distfiles.gentoo.org. Reproducible: Always Steps to Reproduce: 1. Configure 1.1.1.1 as resolver 2. Validate DNSSEC within DNS responses 3. rsync portage Actual Results: getaddrinfo failed for 'rsync.gentoo.org': [Errno -3] Temporary failure in name resolution Expected Results: rsync running # dig rsync.gentoo.org +dnssec +multi ; <<>> DiG 9.12.3-P4 <<>> rsync.gentoo.org +dnssec +multi ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 27894 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;rsync.gentoo.org. IN A ;; Query time: 199 msec ;; SERVER: 192.168.2.1#53(192.168.2.1) ;; WHEN: wto lip 02 10:16:52 CEST 2019 ;; MSG SIZE rcvd: 34
I also can't rsync portage, but AFAIK I have not set anything special for DNSSEC. !!! getaddrinfo failed for 'rsync.europe.gentoo.org': [Errno -2] Name or service not known Do you want to sync your ebuild repository with the mirror at rsync://rsync.europe.gentoo.org/gentoo-portage? [Yes/No] >>> Starting rsync with rsync://rsync.europe.gentoo.org/gentoo-portage... timed out rsync error: received SIGINT, SIGTERM, or SIGHUP (code 20) at rsync.c(642) [Receiver=3.1.3] >>> Retrying... !!! Exhausted addresses for rsync.europe.gentoo.org # dig rsync.europe.gentoo.org +dnssec +multi ; <<>> DiG 9.12.3-P4 <<>> rsync.europe.gentoo.org +dnssec +multi ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 23422 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ; COOKIE: 0f6288070bbc7ec627b4b7bf5d1b2a955858bed9cb56acb9 (good) ;; QUESTION SECTION: ;rsync.europe.gentoo.org. IN A ;; Query time: 4957 msec ;; SERVER: 192.168.1.1#53(192.168.1.1) ;; WHEN: O jūl 02 12:57:48 EEST 2019 ;; MSG SIZE rcvd: 80
Idem for dev.gentoo.org: http://dnsviz.net/d/dev.gentoo.org/dnssec/
distfiles.gentoo.org is having the same issue. http://dnsviz.net/d/distfiles.gentoo.org/dnssec/
Looks good now
Concerning layman: . . . anongit.gentoo.org suffers same problems here (Munich, Germany)
(In reply to Manfred Knick from comment #5) > . . . anongit.gentoo.org Layman also finds it's way, now. Thanks a lot!
(In reply to Manfred Knick from comment #5) > Concerning layman: > > . . . anongit.gentoo.org > > suffers same problems here (Munich, Germany) In future, please file a new bug rather than commenting on one which is 3 years old. Anyway, a newer bug got filed earlier - and is now fixed - bug 855695.
(In reply to Sam James from comment #7) > (In reply to Manfred Knick from comment #5) Sorry, Sam - copy'n'paste into the wrong open TAB :-( Thanks anyway! Kind regards
(In reply to Manfred Knick from comment #8) > (In reply to Sam James from comment #7) > > (In reply to Manfred Knick from comment #5) > > Sorry, Sam - copy'n'paste into the wrong open TAB :-( > > Thanks anyway! > Kind regards np! :)