Gentoo Archives: gentoo-mirrors

From: "Robin H. Johnson" <robbat2@g.o>
To: gentoo-mirrors@l.g.o
Subject: Re: [gentoo-mirrors] Please whitelist mirrorstats.gentoo.org
Date: Mon, 22 Mar 2010 20:03:50
Message-Id: robbat2-20100322T193410-063742404Z@orbis-terrarum.net
In Reply to: [gentoo-mirrors] Please whitelist mirrorstats.gentoo.org by Mark Loeser
On Sun, Mar 21, 2010 at 05:31:30PM -0400, Mark Loeser wrote:
> Please make sure that you have mirrorstats.gentoo.org in your whitelists > for your mirrors. It is a CNAME that points to the machine we have > monitoring all of the mirrors, so please only check that > mirrorstats.gentoo.org resolves to who is connecting. If the IP is blocked > by your mirror, it makes our monitoring much more difficult.
I should have clarified when I asked Mark to pursue the whitelisting. I do not want a DNS lookup involved in day-to-day ACLs. In our case, we resolve DNS entries to IPs in firewall rules when the rule is loaded (or reloaded), not at any other point. Neither forward nor reverse DNS are sufficiently reliable or fast enough for continuous lookups. mirrorstats.gentoo.org is presently a CNAME record to the actual machine A record, magpie.gentoo.org, which is at 209.177.148.226. We moved it there from the older mirrorstats box, warbler, which was at 140.211.166.162. Mirrorstats may move again in a few months, as part of some services shuffling (consolidation of services along different axes that previously). -- Robin Hugh Johnson Gentoo Linux: Developer, Trustee & Infrastructure Lead E-Mail : robbat2@g.o GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85