Why does Cloudflare returns NXDomain status even for valid gmail server ip address? - cloudflare

I am calling cloudflare API over https for reverse DNS lookup. Following is the URL for reverse dns lookup of one of the gmail server ip address, but cloud flare returns the status as NXDomain, which is wrong.
URL:-
https://cloudflare-dns.com/dns-query?ct=application/dns-json&type=A&name=19.24.125.74.in-addr.arpa
JSON Reply:-
{"Status": 3,"TC": false,"RD": true, "RA": true, "AD": false,"CD": false,"Question":[{"name": "19.24.125.74.in-addr.arpa.", "type": 1}],"Authority":[{"name": "125.74.in-addr.arpa.", "type": 6, "TTL": 60, "data": "ns1.google.com. dns-admin.google.com. 222769408 900 900 1800 60"}]}
If we look at the Authority key data, it shows the proper values which are expected to return for gmail ip address reverse dns lookup.
My assumption is if status is NXDomain, that represents CloudFlare doesnt have any record for the given IP, and this could be the case of some malware attack with DNS server being tampered for the requester.
~Ashish

Related

My ssl certificate generates with lets encrypt but does not install

I'm using [this][1] library to generate SSL certificates. My storage generates 4 files: certificate.pem, private_key.pem, chain.pem, and fullchain.pem.
I want to install this certificate in acquia cloud using their Rest API post endpoint to install ssl certificate. The payload looks like the following:
{
"legacy": 0,
"certificate": "pasted the content inside our certificate.pem",
"private_key": "pasted the content inside private_key.pem",
"ca_certificates": "pasted the content inside the fullchain.pem",
"label": "My New Cert"
}
When I send a request, I received an error to contact they api owner support, and searching around through the server log I came across this:
Error response: 500 (Internal Server Error). Error message: Site certificate CA chain certificates are out of order..
What exactly does this error mean by saying out of order?

Duende IdentityServer error: using 2 issuers and invalid token issue

Problem starts by getting many errors like this in my logs:
{
"#mt": "Your license for Duende IdentityServer only permits {issuerLimit} number of issuers.
You have processed requests for {issuerCount}. The issuers used were: {issuers}.",
"#l": "Error",
"issuerLimit": 1,
"issuerCount": 2,
"issuers": [
"https://www.example.org",
"https://example.org"
],
"SourceContext": "Duende.IdentityServer",
"RequestPath": "/connect/checksession"
},
I am using default MS template for Hosted Blazor WebAssembly with Individual accounts. I did not set any issuer explicitly because I have test.mydomain.org and it seemed convenient.
I have DNS CNAME www.example.org to example.org, and in IIS I have one site example.org with 4 bindings: http and https for www and non www versions.
When everything work normally, no matter how I try to open my site using www or non www version, in incognito mode, logged in or logged out, no matter what I try I cannot intentionally get this error in log.
But then it starts to appear and it is noticed by user who can log in normally, but trying to access any API endpoint requiring authorization returns Bearer error="invalid_token", error_description="The issuer 'https://example.com' is invalid" (How to debug only occasional Bearer error="invalid_token").
I wonder how is it even possible to receive request from www.mydomain.org to IdentityServer if I cant do it by manually requesting www version? Where does the IdentityServer get these issuers from? And, does Identity server starts throwing these error on purpose after some time?

.net core get RemoteIpAddress.MapToIPv4() that is behind cloudflare proxy

I need to extract the user IP address (v4).
I have the following code to do so:
HttpContext.Connection.RemoteIpAddress.MapToIPv4().ToString();
The problem is that in this case I am getting cloud flare ip address.
How can I get the forwarded v4 IP address?
Thanks
Cloudflare passes all HTTP request headers to your origin web server and adds additional headers.
The header:
CF-Connecting-IP
provides the client IP address connecting to Cloudflare to the origin
web server.
You can also use the header:
X-Forwarded-For
which maintains proxy server and original visitor IP addresses.
For more information about the CloudFlare headers you can refer to the documentation
Actually, you can created a method that tries to check all these headers and return the client IP address value.
private string getRemoteIpAddress(HttpContext accessor) {
// try reading the CloudFlare client IP address header
if (!string.IsNullOrEmpty(accessor.Request.Headers["CF-CONNECTING-IP"]))
return accessor.Request.Headers["CF-CONNECTING-IP"];
// try reading the proxy server and original visitor IP addresses header
var ipAddress = accessor.GetServerVariable("HTTP_X_FORWARDED_FOR");
if (!string.IsNullOrEmpty(ipAddress)) {
var addresses = ipAddress.Split(',');
if (addresses.Length != 0) return addresses.Last();
}
// try reading the remote IpAddress without a proxy
return accessor.Connection.RemoteIpAddress.ToString();
}

ERR_SSL_VERSION_OR_CIPHER_MISMATCH from AWS API Gateway into Lambda

I have set up a lambda and attached an API Gateway deployment to it. The tests in the gateway console all work fine. I created an AWS certificate for *.hazeapp.net. I created a custom domain in the API gateway and attached that certificate. In the Route 53 zone, I created the alias record and used the target that came up under API gateway (the only one available). I named the alias rest.hazeapp.net. My client gets the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error. Curl indicates that the TLS server handshake failed, which agrees with the SSL error. Curl indicates that the certificate CA checks out.
Am I doing something wrong?
I had this problem when my DNS entry pointed directly to the API gateway deployment rather than that backing the custom domain name.
To find the domain name to point to:
aws apigateway get-domain-name --domain-name "<YOUR DOMAIN>"
The response contains the domain name to use. In my case I had a Regional deployment so the result was:
{
"domainName": "<DOMAIN_NAME>",
"certificateUploadDate": 1553011117,
"regionalDomainName": "<API_GATEWAY_ID>.execute-api.eu-west-1.amazonaws.com",
"regionalHostedZoneId": "...",
"regionalCertificateArn": "arn:aws:acm:eu-west-1:<ACCOUNT>:certificate/<CERT_ID>",
"endpointConfiguration": {
"types": [
"REGIONAL"
]
}
}

Not Getting Custom Nameservers Using Godaddy Api

I used this api call to get DNS records and nameservers using domain name
https://api.godaddy.com/v1/domains/testsd34.com/records/NS
GetRecords here is the api call
For default godaddy nameservers its giving everything perfectly but whenever i am using custom nameservers for domain that time this api call not giving nameservers in response its giving empty array,
anyone knows how to get custom nameservers using this api call?
Finally, I found a way to get and edit nameservers for domain.
(For custom nameservers, records are not set by GoDaddy, therefore you have to
query nameserver provider.)
Following is the API call for getting nameservers:
HTTP request:
GET https://api.godaddy.com/api/v1/domains/mydomain.com
HTTP headers:
Authorization -> sso-key my-key:my-secret
Content-Type -> application/json
Response will contain JSON object which has key "nameservers"
with pair of nameservers that you have. Example:
"nameServers": [
"ns1.mynameservers.com",
"ns2.mynameservers.com"
]
To edit the nameservers via API call, you can use following API call:
HTTP request:
PATCH https://api.godaddy.com/api/v1/domains/mydomain.com
HTTP headers:
Authorization -> sso-key my-key:my-secret
Content-Type -> application/json
HTTP body:
{
"nameServers": [
"ns3.mynameservers.com",
"ns4.mynameservers.com"
]
}