Gentoo Logo
Gentoo Spaceship

Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-mirrors
Lists: gentoo-mirrors: < Prev By Thread Next > < Prev By Date Next >
To: gentoo-mirrors@g.o
From: mirror-maintainer@...
Subject: Re: Please whitelist
Date: Mon, 22 Mar 2010 09:33:39 +0800 (SGT)
On Sun, 21 Mar 2010, Mark Loeser wrote:

> Please make sure that you have in your whitelists
> for your mirrors.  It is a CNAME that points to the machine we have
> monitoring all of the mirrors, so please only check that
> resolves to who is connecting.  If the IP is blocked
> by your mirror, it makes our monitoring much more difficult.


Does the IP change frequently / at all?  What you're asking for is 

Access rules for incoming traffic (especially for firewalls) typically 
require an IP address/network and cannot specify a host by the DNS 
hostname.  It is probably unhealthy to depend on an external (DNS) query 
before deciding whether to permit or deny a packet.

Access rules running at a higher (application) layer may support DNS 
hostnames, but not in the way you envision.  For example, rsyncd.conf(5) 
says hosts.allow can be "a hostname.  The hostname as determined by a 
reverse lookup will be matched (case insensitive)  against the pattern. 
Only an exact match is allowed in."  So, the current IP of 
would resolve to, and that is the name to be specified.

Apache is even more stringent.  Specifying a domain name in an Allow 
directive "will cause Apache to perform a double reverse DNS lookup on the 
client IP address[...]. It will do a reverse DNS lookup on the IP address 
to find the associated hostname, and then do a forward lookup on the 
hostname to assure that it matches the original IP address. Only if the 
forward and reverse DNS are consistent and the hostname matches will 
access be allowed."

Re: Please whitelist
-- Mark Loeser
Please whitelist
-- Mark Loeser
Lists: gentoo-mirrors: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Please whitelist
Next by thread:
Re: Please whitelist
Previous by date:
Please whitelist
Next by date:
Re: Please whitelist

Updated May 07, 2012

Summary: Archive of the gentoo-mirrors mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.