Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-mirrors
Navigation:
Lists: gentoo-mirrors: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-mirrors@g.o
From: mirror-maintainer@...
Subject: Re: Please whitelist mirrorstats.gentoo.org
Date: Mon, 22 Mar 2010 09:33:39 +0800 (SGT)
On Sun, 21 Mar 2010, Mark Loeser wrote:

> Please make sure that you have mirrorstats.gentoo.org in your whitelists
> for your mirrors.  It is a CNAME that points to the machine we have
> monitoring all of the mirrors, so please only check that
> mirrorstats.gentoo.org resolves to who is connecting.  If the IP is blocked
> by your mirror, it makes our monitoring much more difficult.

Mark,

Does the IP change frequently / at all?  What you're asking for is 
atypical...

Access rules for incoming traffic (especially for firewalls) typically 
require an IP address/network and cannot specify a host by the DNS 
hostname.  It is probably unhealthy to depend on an external (DNS) query 
before deciding whether to permit or deny a packet.

Access rules running at a higher (application) layer may support DNS 
hostnames, but not in the way you envision.  For example, rsyncd.conf(5) 
says hosts.allow can be "a hostname.  The hostname as determined by a 
reverse lookup will be matched (case insensitive)  against the pattern. 
Only an exact match is allowed in."  So, the current IP of 209.177.148.226 
would resolve to magpie.gentoo.org, and that is the name to be specified.

Apache is even more stringent.  Specifying a domain name in an Allow 
directive "will cause Apache to perform a double reverse DNS lookup on the 
client IP address[...]. It will do a reverse DNS lookup on the IP address 
to find the associated hostname, and then do a forward lookup on the 
hostname to assure that it matches the original IP address. Only if the 
forward and reverse DNS are consistent and the hostname matches will 
access be allowed."


Replies:
Re: Please whitelist mirrorstats.gentoo.org
-- Mark Loeser
References:
Please whitelist mirrorstats.gentoo.org
-- Mark Loeser
Navigation:
Lists: gentoo-mirrors: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Please whitelist mirrorstats.gentoo.org
Next by thread:
Re: Please whitelist mirrorstats.gentoo.org
Previous by date:
Please whitelist mirrorstats.gentoo.org
Next by date:
Re: Please whitelist mirrorstats.gentoo.org


Updated May 07, 2012

Summary: Archive of the gentoo-mirrors mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.