DNS issues accessing PyPI from china

[ewdurbin]

Originally reported by: eduardo schettino (Bitbucket: schettino72, GitHub: schettino72)

---

Using dig I get intermittent results, sometimes it gets no response, sometimes:

;; ANSWER SECTION:
pypi.python.org.    67201   IN  CNAME   prod.python.map.fastly.net.
prod.python.map.fastly.net. 5   IN  CNAME   prod.python.map.fastlylb.net.
prod.python.map.fastlylb.net. 21 IN A   43.249.72.223

On my machine whois can not find a match for the given IP:

$ whois 43.249.72.223
[ JPNIC database provides information regarding IP address and ASN. Its use   ]
[ is restricted to network administration purposes. For further information,  ]
[ use 'whois -h whois.nic.ad.jp help'. To only display English output,        ]
[ add '/e' at the end of command, e.g. 'whois -h whois.nic.ad.jp xxx/e'.      ]

No match!!

Reference: WHOIS servers of RIRs
  APNIC WHOIS(whois.apnic.net)
  ARIN WHOIS(whois.arin.net)
  RIPE WHOIS(whois.ripe.net)
  LACNIC WHOIS(whois.lacnic.net)
  AfriNIC WHOIS(whois.afrinic.net)

I have talked to a few friends and got mixed responses. It works for some people but I am not the only person experiencing problems...

---

• Bitbucket: https://bitbucket.org/pypa/pypi/issue/350

[di]

@schettino72, are you still having problems accessing pypi.python.org or pypi.org from China?

It seems like there may be some action we can take if so: https://community.fastly.com/t/fastly-cdn-content-blocked-by-the-great-firewall-of-china/447

[schettino72]

I have been using a mirror PIP_INDEX_URL=https://pypi.tuna.tsinghua.edu.cn/simple/

The official one seems to be working... but very slow and no idea how reliable it is (since I do not use it when in china).

[di]

@brainwane Any ideas about where we might want to document some "known good" PyPI mirrors? We could include the tuna mirror, also https://pypi.mirror.ng/ perhaps (https://twitter.com/takinbo/status/985921961070157825).

[brainwane]

@di I'm torn. I was not around when our community was talking about PEPs 449 and 464 and don't know how we judge whether a PyPI mirror is known good or what our criteria ought to be for officially linking to/blessing certain mirrors. My current thinking is that someone ought to post a blog post on their own blog (and update it when pinged) that we then link to from packaging.python.org and the PyPI FAQ with a clear "this may be wrong/outdated" disclaimer. That way we can avoid the implication of officially blessing certain mirrors, but still point to them pretty reliably.

[ewdurbin]

Based on the Fastly support link, I’ve contacted them for details on what we can do.

[ewdurbin]

If it comes down to it, it is worth considering the cost of operating an official mirror if we can find reasonably priced hosting for a small machine with 2-3TB of storage.

[dstufft]

We should probably not bless a third party mirror. Having someone point to a mirror is giving the mirror operator the ability to run arbitrary python scripts on the users computer. Once we get TUF in place that will no longer be true, but until then i think we’d be hard pressed to delegate our trust in that manner.

Sent from my iPhone

On Apr 21, 2018, at 7:29 PM, Ernest W. Durbin III notifications@github.com wrote:

If it comes down to it, it is worth considering the cost of operating an official mirror if we can find reasonably priced hosting for a small machine with 2-3TB of storage.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

[ewdurbin]

Absolutely +1