I realize that on default apt uses http and not https, there has been much discussion of this on the Debian lists, Debian still uses http and ftp for updates.
root@microlaser-IdeaPad-Slim-3-15IRU8:/home/microlaser# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=24.04
DISTRIB_CODENAME=noble
DISTRIB_DESCRIPTION="Ubuntu 24.04.2 LTS"
This is what I am running. I do not trust this subdomain but when I block it, apt no longer works.
root@microlaser-IdeaPad-Slim-3-15IRU8:/home/microlaser# cat /etc/resolv.conf
nameserver 9.9.9.9
I hard coded quad9 into my resolv.conf with chattr+i, I realize this is unconventional but I have my reasons for doing this. I am using Cloudflare DOH in Firefox and it works as expected. Has anyone seen traffic like this when updating packages or just doing system updates? The subdomain in the photo looks weird to me and I am loath to allow it without verifying it is legit despite the fact the domain itself looks normal. Has anyone seen this subdomain when updating? I use Opensnitch because I think a zero trust attitude is healthy even when using Linux at home.
Michael Lazin
.. τὸ γὰρ αὐτὸ νοεῖν ἐστίν τε καὶ εἶναι.
