mirrorlist.centos.org no longer resolve?

Question

mirrorlist.centos.org no longer online?

I can resolve to centos.org but not to mirrorlist.centos.org

Here is the output of my resolv.conf, dig, and nslookup if anyone interested.

rosdi@H-TQ0nmTkQIbRhN:~/test_ssl$ nslookup mirrorlist.centos.org
Server:         1.1.1.1
Address:        1.1.1.1#53
** server can't find mirrorlist.centos.org: NXDOMAIN
rosdi@H-TQ0nmTkQIbRhN:~/test_ssl$ nslookup centos.org
Server:         1.1.1.1
Address:        1.1.1.1#53
Non-authoritative answer:
Name:   centos.org
Address: 52.56.83.118
Name:   centos.org
Address: 81.171.33.201
Name:   centos.org
Address: 81.171.33.202
Name:   centos.org
Address: 2001:4de0:aaae::202
Name:   centos.org
Address: 2a05:d01c:c6a:cc02:225e:ab54:d58c:8b14
Name:   centos.org
Address: 2001:4de0:aaae::201
rosdi@H-TQ0nmTkQIbRhN:~/test_ssl$ cat /etc/resolv.conf
nameserver 1.1.1.1
nameserver 8.8.8.8
rosdi@H-TQ0nmTkQIbRhN:~/test_ssl$ dig mirrorlist.centos.org
; <<>> DiG 9.18.24-0ubuntu5-Ubuntu <<>> mirrorlist.centos.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 61636
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;mirrorlist.centos.org.         IN      A
;; AUTHORITY SECTION:
centos.org.             2795    IN      SOA     ns1.centos.org. hostmaster.centos.org. 2024070102 28800 7200 2400000 3600
;; Query time: 70 msec
;; SERVER: 1.1.1.1#53(1.1.1.1) (UDP)
;; WHEN: Mon Jul 01 16:31:41 +08 2024
;; MSG SIZE  rcvd: 101
rosdi@H-TQ0nmTkQIbRhN:~/test_ssl$ nslookup mirrorlist.centos.org
Server:         1.1.1.1
Address:        1.1.1.1#53
** server can't find mirrorlist.centos.org: NXDOMAIN
rosdi@H-TQ0nmTkQIbRhN:~/test_ssl$

mxtoolbox also showing the same thing.

Answer 1

mirrorlist.centos.org doesn't exists anymore.

From the .repo file:

# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client.  You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.

To resolve the issue you can mass update all .repo files:

sed -i 's/mirror\.centos\.org/vault.centos.org/g' /etc/yum.repos.d/CentOS-*.repo
sed -i 's/^#.*baseurl=http/baseurl=http/g' /etc/yum.repos.d/CentOS-*.repo
sed -i 's/^mirrorlist=http/#mirrorlist=http/g' /etc/yum.repos.d/CentOS-*.repo

Answer 2

Centos 7 has reached EOL (End of Life) today, 1 July 2024, thus mirrorlist.centos.org is no longer required. In order to install packages, you have to adjust repositories from "mirrorlist" to "baseurl". For most cases vault.centos.org will work well.

Answer 3

Try this :

sed -i 's|^mirrorlist=|#mirrorlist=|g' /etc/yum.repos.d/CentOS-*.repo
sed -i 's|^#\?baseurl=http://mirror\.centos\.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*.repo

Answer 4

I had to do a little bit different. As @mlazarov says, we need to update the repo files, but, instead of http, I changed to use https:

sed -i s/mirror.centos.org/vault.centos.org/g /etc/yum.repos.d/*.repo
sed -i s/^#.*baseurl=http/baseurl=https/g /etc/yum.repos.d/*.repo
sed -i s/^mirrorlist=http/#mirrorlist=https/g /etc/yum.repos.d/*.repo

Running yum upgrade -y for example, I got:

failure: repodata/repomd.xml from base: [Errno 256] No more mirrors to try.
http://vault.centos.org/centos/7/os/x86_64/repodata/repomd.xml: [Errno 14] HTTPS Error 301 - Moved Permanently

The I added:

echo "sslverify=false" >> /etc/yum.conf

Update:

And it worked, but that breaks the reason for adding https :( so revert the sslverify hack and try this:

(For the impatient; Just paste the lines at the bottom and skip the waffle)

The issue here is that the Centos7 distribution Root and/or Intermediate Certificates are old and out of date. Some will have expired, some servers have moved and CAs may have come and gone. We need to source a verifiably trusted source of a more recent ca-certificates package and download it over a means that ensures it's integrity.

We can get a more recent ca-certificates bundle from any of the 'historic/archive' mirrors, but they need to be trust worthy. Here is a short list.

https://mirror.nsc.liu.se/centos-store/
https://mirror.fcix.net/centos-vault/
https://archive.kernel.org/centos-vault/

Good, we can just use wget, and instal.. ah, humm, ok, problem, no wget, think again. wget is missing, need yum to install it and that's broken have to find anyother way that will remove this deadlock.

Though there are ways to do a simple http GET from the shell on port 80, https (port 443) is more difficult. And getting ca-certificates without https would be insane. Of course you can use a memory stick, but I just found another way!

Luckily it seems a stock base install for Centos7 has urlgrabber, or at least the docker-hub container image centos:7 that I am using does.

The updated CA Certificates files we need can be fetched and installed with.

urlgrabber -o ca-certificates.rpm \
  http://archive.kernel.org/centos-vault/centos/7.9.2009/updates/Source/SPackages/ca-certificates-2023.2.60_v7.0.306-72.el7_9.src.rpm
rpm -i ca-certificates.rpm
Then, AFTER applying the sed re-writes, above
pull down all the updates
yum clean all && yum -y update

Answer 5

Wouldn't it be more reasonable to disable the Centos-Base.repo, enable the Centos-Vault.repo, and add the corresponding configuration?

My system is CentOS 7.6.1810.

Configuration steps:

Disable all Centos-Base.repo repositories.

[base]
name=CentOS-$releasever - Base
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
#released updates
[updates]
name=CentOS-$releasever - Updates
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

Add the following configuration to Centos-Vault.repo.

# Vault
[Vault-base]
name=Vault - CentOS-$releasever - Base
baseurl=http://vault.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-$releasever
[Vault-updates]
name=Vault - CentOS-$releasever - Updates
baseurl=http://vault.centos.org/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-$releasever
[Vault-extras]
name=Vault - CentOS-$releasever - Extras
baseurl=http://vault.centos.org/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-$releasever

Update the yum cache.

yum clean all ; yum makecache

Verification Results

[root@fab687ebbad7 yum.repos.d]# yum repolist
Loaded plugins: fastestmirror, ovl
Loading mirror speeds from cached hostfile
repo id                                                                              repo name                                                                               status
!Vault-base/7/x86_64                                                                 Vault - CentOS-7 - Base                                                                 10,072
!Vault-extras/7/x86_64                                                               Vault - CentOS-7 - Extras                                                                  526
!Vault-updates/7/x86_64                                                              Vault - CentOS-7 - Updates                                                               6,173
repolist: 16,771