| 1 |
On Sun, Mar 21, 2010 at 05:31:30PM -0400, Mark Loeser wrote: |
| 2 |
> Please make sure that you have mirrorstats.gentoo.org in your whitelists |
| 3 |
> for your mirrors. It is a CNAME that points to the machine we have |
| 4 |
> monitoring all of the mirrors, so please only check that |
| 5 |
> mirrorstats.gentoo.org resolves to who is connecting. If the IP is blocked |
| 6 |
> by your mirror, it makes our monitoring much more difficult. |
| 7 |
I should have clarified when I asked Mark to pursue the whitelisting. |
| 8 |
|
| 9 |
I do not want a DNS lookup involved in day-to-day ACLs. In our case, we |
| 10 |
resolve DNS entries to IPs in firewall rules when the rule is loaded (or |
| 11 |
reloaded), not at any other point. |
| 12 |
|
| 13 |
Neither forward nor reverse DNS are sufficiently reliable or fast enough |
| 14 |
for continuous lookups. |
| 15 |
|
| 16 |
mirrorstats.gentoo.org is presently a CNAME record to the actual machine |
| 17 |
A record, magpie.gentoo.org, which is at 209.177.148.226. |
| 18 |
|
| 19 |
We moved it there from the older mirrorstats box, warbler, which was at |
| 20 |
140.211.166.162. |
| 21 |
|
| 22 |
Mirrorstats may move again in a few months, as part of some services |
| 23 |
shuffling (consolidation of services along different axes that |
| 24 |
previously). |
| 25 |
|
| 26 |
-- |
| 27 |
Robin Hugh Johnson |
| 28 |
Gentoo Linux: Developer, Trustee & Infrastructure Lead |
| 29 |
E-Mail : robbat2@g.o |
| 30 |
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85 |
Archives