DNS Wildcard problem?

[bl-ue]

Problem:
https://asdfiasdfuaspdajlrg.nodejs.org/ is a valid URL. You can put anything in place of asdfiasdfuaspdajlrg.

[nschonni]

@nodejs/build I'm not sure if this is something on your side

[bnb]

we should do something about this. +1 to fixing.

[jbergstroem]

The tricky part is finding the legacy reason for why adding a wildcard in the first place. I can look around a bit.

[ovflowd]

@nodejs/build we talked about this last week, right?

[ovflowd]

I'm transferring this to @nodejs/build as this is a CloudFlare configuration issue.

[richardlau]

The tricky part is finding the legacy reason for why adding a wildcard in the first place. I can look around a bit.

@jbergstroem I don't suppose you ever found out why the wildcard was added?

[jbergstroem]

The tricky part is finding the legacy reason for why adding a wildcard in the first place. I can look around a bit.

@jbergstroem I don't suppose you ever found out why the wildcard was added?

Unfortunately, no.

[richardlau]

I've tried searches on https://github.com/nodejs/build and https://github.com/nodejs/iojs.org but couldn't find anything indicating why we have the wildcard CNAME entry for nodejs.org. In the absence of any evidence as to what it was for, I'm leaning towards removing it and seeing if anyone notices/complains.

[MoLow]

I think we discussed in the TSC meeting adding a 301 redirect rule to all undefined DNS records to just redirect them to www.nodejs.org. AFAIK cloudflare has this built-in

[richardlau]

Actually I think I may have a theory... in https://github.com/nodejs/build/blob/main/ansible/www-standalone/resources/config/nodejs.org?plain=1 we have a number of subdomains being redirected in nginx, e.g. docs.nodejs.org

build/ansible/www-standalone/resources/config/nodejs.org

Line 355 in 621e462

server_name doc.nodejs.org docs.nodejs.org;

that we do not have explicit CNAME entries for. So we should probably first add explicit CNAME entries for those subdomains before removing the wildcard so that those redirects continue to work. Some of these could be turned into Cloudflare rules.

[targos]

We found out yesterday that a few subdomains are (ab)used to directly access our server: registry.nodejs.org (our old friend, the broken Artifactory setup) capacitacioni-release.nodejs.org kdxwif.cn.nodejs.org sticky.nodejs.org shaikon.com.nodejs.org.
Removing the wildcard should help to reduce load issues on the server.

[targos]

List of server_name (based on files in ansible/www-standalone/resources/config) that are not explicitly defined in Cloudflare DNS:

• benchmarking.nodejs.org
• doc.nodejs.org
• docs.nodejs.org
• api.nodejs.org
• dist.nodejs.org
• blog.nodejs.org

[richardlau]

• benchmarking.nodejs.org

I think we used to have a CNAME for this but it was removed #2485

[richardlau]

I've added CNAME entries for everything in #3404 (comment).

I've just removed the * CNAME entry. FTR it looked like this:

[richardlau]

It looks like enabling proxy on blog.nodejs.org breaks test/internet/test-dns.js: nodejs/node#48868
dns.resolveCname() is returning ENODATA for any of our proxied CNAME entries.

We did not have proxy enabled on the now removed *.nodejs.org CNAME entry that used to catch blog.nodejs.org. I've turned off proxy status just for blog.nodejs.org.