Page MenuHomeMiraheze

cloudflare-related RDNS issues
Closed, ResolvedPublic

Description

RDNS accounts for the largest chunk of the icinga alerts right now. Many of the alerts are for miraheze.org subdomains, because DNS returns cloudflare IPs which don't have PTRs set. I see two possible solutions. 1. somehow have PTRs set in Cloudflare, 2. modify the RDNS check to detect and exempt cloudflare.

Event Timeline

Collei triaged this task as Normal priority.Sat, Jun 8, 06:14

I don't think the rDNS check serves a purpose once we have moved to Cloudflare fully.

I'm not even sure why .miraheze.org domains use them tbh.

I think we were maybe going to make use of it in RequestSSL (cc @OrangeStar)

The aim of the checks were to make sure traffic goes directly through us and not any unexpected third party.

I suppose we could check it's a cloudflare ip

RequestSSL doesn't know nor care about Icinga's checks, the plan is to have it do the checks for if a domain is pointed in the extension itself as part of a job queued when a request is filed.

MacFan4000 claimed this task.

Change is deployed and working.