docker:403 禁止

tag-icon tag-icon apt 18.04
docker:403 禁止

每次我尝试更新我的 18.04

Err:13 https://get.docker.com/ubuntu docker InRelease                                                                                            
  403  Forbidden [IP: 143.204.15.85 443]

我的 curl 和 dig 输出

curl -I https://get.docker.com/ubuntu/
HTTP/1.1 200 OK
Content-Type: binary/octet-stream
Content-Length: 110
Connection: keep-alive
Date: Wed, 12 Jun 2019 09:21:30 GMT
Last-Modified: Tue, 16 Oct 2018 23:00:23 GMT
x-amz-version-id: HeHCl3LN6plpzhibKU1V5uZfpGiawVdA
ETag: "b619bbda54539f24a971070244d36e37"
Server: AmazonS3
Age: 39195
X-Cache: Hit from cloudfront
Via: 1.1 ea2e21f6a5c3ec2f96b0dac1b769e00e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA50-C1
X-Amz-Cf-Id: I8WALw5UgBf5i8FvDNgScFHeK9cpljOVQMr8-404Xl1_WJrWIQCOxg==

dig get.docker.com

; <<>> DiG 9.11.3-1ubuntu1.7-Ubuntu <<>> get.docker.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40498
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;get.docker.com.            IN  A

;; ANSWER SECTION:
get.docker.com.     299 IN  CNAME   d3cxuo8f8w64ms.cloudfront.net.
d3cxuo8f8w64ms.cloudfront.net. 58 IN    A   143.204.101.25
d3cxuo8f8w64ms.cloudfront.net. 58 IN    A   143.204.101.126
d3cxuo8f8w64ms.cloudfront.net. 58 IN    A   143.204.101.29
d3cxuo8f8w64ms.cloudfront.net. 58 IN    A   143.204.101.37

;; Query time: 78 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Tue Jun 18 20:43:49 CEST 2019
;; MSG SIZE  rcvd: 150

为什么我会遇到这个错误?

答案1

我猜是 DNS 解析太差。get.docker.com使用 Amazon Cloudfront。

$ curl -I https://get.docker.com/ubuntu/
HTTP/1.1 200 OK
Content-Type: binary/octet-stream
Content-Length: 110
Connection: keep-alive
Date: Tue, 18 Jun 2019 11:24:03 GMT
Last-Modified: Tue, 16 Oct 2018 23:00:23 GMT
x-amz-version-id: HeHCl3LN6plpzhibKU1V5uZfpGiawVdA
ETag: "b619bbda54539f24a971070244d36e37"
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 0ea2ca4542be08b5610e21d1ffd6aa5b.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MAN50-C1
X-Amz-Cf-Id: 6BPw0Cj6kObi8MPSpTteMhm3pxrlhSPCl3OkABfCuC7SsjR7mCL0iw==


$ ping get.docker.com
PING d3cxuo8f8w64ms.cloudfront.net (52.85.140.74) 56(84) bytes of data
...

$ dig get.docker.com
...
get.docker.com.     300 IN  CNAME   d3cxuo8f8w64ms.cloudfront.net.
d3cxuo8f8w64ms.cloudfront.net. 59 IN    A   52.85.140.2
d3cxuo8f8w64ms.cloudfront.net. 59 IN    A   52.85.140.94
d3cxuo8f8w64ms.cloudfront.net. 59 IN    A   52.85.140.74
d3cxuo8f8w64ms.cloudfront.net. 59 IN    A   52.85.140.25

我们看到的是不同的 IP,但这就是全球 CDN 的本质。它们会根据您所在的位置以及它们为该任务分配的服务器返回不同的 IP。DNS 可能会发生变化每时每刻, 频繁地。

最有可能的原因是您的 DNS 缓存保留了旧的解析度,指向现在不再保存数据的 Amazon 服务器get.docker.com。正如我所说,这些东西会四处迁移,因此任何超过设定 TTL 的缓存都是有风险的。

相关内容