Gentoo Archives: gentoo-mirrors

From: "Robin H. Johnson" <robbat2@g.o>
To: gentoo-mirrors@l.g.o
Subject: Re: [gentoo-mirrors] Please whitelist
Date: Mon, 22 Mar 2010 20:03:50
In Reply to: [gentoo-mirrors] Please whitelist by Mark Loeser
On Sun, Mar 21, 2010 at 05:31:30PM -0400, Mark Loeser wrote:
> Please make sure that you have in your whitelists > for your mirrors. It is a CNAME that points to the machine we have > monitoring all of the mirrors, so please only check that > resolves to who is connecting. If the IP is blocked > by your mirror, it makes our monitoring much more difficult.
I should have clarified when I asked Mark to pursue the whitelisting. I do not want a DNS lookup involved in day-to-day ACLs. In our case, we resolve DNS entries to IPs in firewall rules when the rule is loaded (or reloaded), not at any other point. Neither forward nor reverse DNS are sufficiently reliable or fast enough for continuous lookups. is presently a CNAME record to the actual machine A record,, which is at We moved it there from the older mirrorstats box, warbler, which was at Mirrorstats may move again in a few months, as part of some services shuffling (consolidation of services along different axes that previously). -- Robin Hugh Johnson Gentoo Linux: Developer, Trustee & Infrastructure Lead E-Mail : robbat2@g.o GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85