Page MenuHomeMiraheze
Create Task
Maniphest T5988

Review all custom domains with unusual rDNS entries
Closed, ResolvedPublic
Actions

Description

By checking the rDNS entries for resolved IP addresses for custom domains, we can determine whether they directly point to Miraheze cache proxies or not. For example, some wikis use Cloudflare's proxy options, despite telling them in the manual they shouldn't do that.

An automated check was introduced in this commit. Per IRC asking RhinosF1 to review all warnings and criticals:

For each wiki, the actionable (after asking the user with the ability to change DNS records) can be:

  1. Switch the record to CNAME mw-lb.miraheze.org, with the proxy option disabled, or
  2. Set the DNS nameservers to our auth DNS servers, or
  3. If the domain does not longer (indirectly) point to Miraheze: remove the custom domain.

Related Objects
Search...

Event Timeline

Southparkfan created this task.Jul 29 2020, 21:12
Herald added a subscriber: RhinosF1. · View Herald TranscriptJul 29 2020, 21:12
Southparkfan assigned this task to RhinosF1.Jul 29 2020, 21:17
Southparkfan triaged this task as Normal priority.
Southparkfan updated the task description. (Show Details)
Southparkfan updated the task description. (Show Details)
RhinosF1 added a comment.Jul 29 2020, 21:22

Thanks @Southparkfan,

As discussed on IRC, we'll send 2 notifications within the next 14 days. No response = CD revoked.

I plan to send both on wiki message and email.

RhinosF1 added a comment.EditedJul 29 2020, 21:34

Wikis where they don't serve a Miraheze wiki will be removed in the morning. For ones that do, as above crats will have 14 days to make the change.

Reception123 subscribed.Jul 30 2020, 04:56
Reception123 added a project: SSL.Jul 30 2020, 05:07
Herald added a subscriber: NDKilla. · View Herald TranscriptJul 30 2020, 05:07
RhinosF1 updated the task description. (Show Details)Jul 30 2020, 08:23
Restricted Repository Identity mentioned this in rSSL018104ab8970: Remove domains not poiniting at us (#347).Jul 30 2020, 08:41
RhinosF1 added a comment.Jul 30 2020, 08:54

All not serving Miraheze have been pulled and unset, I will alert crats for them wikis shortly.

RhinosF1 updated the task description. (Show Details)Jul 30 2020, 08:57
Restricted Repository Identity mentioned this in rSSL696066ba1d85: More (#348).Jul 30 2020, 09:27
RhinosF1 updated the task description. (Show Details)Jul 30 2020, 09:38
RhinosF1 updated the task description. (Show Details)Jul 30 2020, 09:56
RhinosF1 changed the task status from Open to Stalled.Jul 30 2020, 10:01
RhinosF1 removed RhinosF1 as the assignee of this task.

Stalling for 7 days, then will send 2nd notification.

7 days after that, we'll drop any left.

RhinosF1 added a subtask: T5990: remove custom domain wiki.bydorn.de.Jul 30 2020, 19:53
Reception123 closed subtask T5990: remove custom domain wiki.bydorn.de as Resolved.Jul 31 2020, 06:52
RhinosF1 updated the task description. (Show Details)Jul 31 2020, 06:53
Johann.dorn reopened subtask T5990: remove custom domain wiki.bydorn.de as Open.Jul 31 2020, 18:08
Reception123 closed subtask T5990: remove custom domain wiki.bydorn.de as Resolved.Aug 1 2020, 06:17
Reception123 closed this task as Resolved.Aug 11 2020, 05:26
Reception123 claimed this task.
In T5988#117036, @RhinosF1 wrote:

Stalling for 7 days, then will send 2nd notification.

7 days after that, we'll drop any left.

Have the second notifications been sent?

Reception123 reopened this task as Open.Aug 11 2020, 05:26
Reception123 removed Reception123 as the assignee of this task.

whoops

RhinosF1 added a comment.Aug 11 2020, 06:08

Plan to do it this morning

RhinosF1 updated the task description. (Show Details)Aug 11 2020, 09:24
RhinosF1 added a comment.Aug 11 2020, 09:29

Notifications sent

Reception123 added a comment.Aug 22 2020, 05:47

Status?

RhinosF1 added a comment.Aug 22 2020, 06:28
In T5988#118785, @Reception123 wrote:

Status?

I'm marked as busy (see staffwiki) but any on the list that still trigger icinga alerts can be removed.

Reception123 closed this task as Resolved.Aug 26 2020, 05:03
Reception123 claimed this task.

rDNS OK - wiki.iufs.jp reverse DNS resolves to cp6.miraheze.org

wiki.titan.land was removed by Paladox already

therefore this task is resolved.

Reception123 updated the task description. (Show Details)Aug 26 2020, 05:03