Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
How to hide DNS records from Cloudflare Resolvers?
#1
Take the below link as an example.

How can I hide all my DNS records, including mail?
#2
You want to hide them from Cloudflare?

You'll need to proxy then to another service.

Cloudflare -> New Proxy Service -> You

Mail records have to be legit if you want mail to work. You can't really proxy your way out of that. You can however pay for SMTP services from a provider but be aware SMTP is not cheap.
#3
Rather than use a proxy, I just deleted all the records except these.

http://i.imgur.com/AgriC.png

Now, none of my IPs show up on the resolver except direct connect, which is shown as 127.0.0.1, sometimes. Something very odd happens however. When I used this resolver:

<snip>

It sometimes showed my real server IP. It would switch on and off between 127.0.0.1 and the real IP.

How to fix?
#4
Please don't link to sites with hacking or unethical content. To be honest, you shouldn't be using CloudFlare as a service to hide your server IP. That's not what it's meant for, nor will it help to much extent. CloudFlare will still reveal your server IP under certain circumstances. If you're using a decent web host they should be able to mitigate any attacks directly against the server.
No longer involved in the MyBB project.
#5
Quote:To be honest, you shouldn't be using CloudFlare as a service to hide your server IP. That's not what it's meant for, nor will it help to much extent.

Originally that may not have been there intent but that's changed.

The upgraded accounts have security features including those for DDOS protection. Which in general are pointless if your real server IP is exposed.

Quote:If you're using a decent web host they should be able to mitigate any attacks directly against the server.

Unsure what experience you have but most hosts even decent ones consider DDOS mitigation to be null routing you. A lot of them won't lift a finger. Especially shared hosts.

Even Cloudflares free service can assist in mitigating attacks.

Quote:Rather than use a proxy, I just deleted all the records except these.

http://i.imgur.com/AgriC.png

Now, none of my IPs show up on the resolver except direct connect, which is shown as 127.0.0.1, sometimes. Something very odd happens however. When I used this resolver:

Cloudflare doesn't protect MX records. 174.132.166.2 is your server IP.
#6
This user has been denied support. This user has been denied support.
Just keep a few small records, and make sure they are cloudflare protected. PM me and i can help you set it up. But still, their is a funny glitch in MyBB where you need to disable avatars otherwise they can upload a iplogger and it will get the servers IP while its checking if its a valid image.

Just get a good host.
#7
(2012-12-18, 02:08 AM)norradjer99 Wrote: Just keep a few small records, and make sure they are cloudflare protected. PM me and i can help you set it up. But still, their is a funny glitch in MyBB where you need to disable avatars otherwise they can upload a iplogger and it will get the servers IP while its checking if its a valid image.

Just get a good host.

You can prevent that too with some fancy scripting. Smile
#8
(2012-12-18, 02:02 AM)labrocca Wrote: Originally that may not have been there intent but that's changed.

The upgraded accounts have security features including those for DDOS protection. Which in general are pointless if your real server IP is exposed.

I understand your point, but a lot of people think that CloudFlare is the ultimate solution to protecting your site. I feel a lot of people are using it for the wrong reasons. With little effort someone can obtain a server IP address regardless of whether you're using CloudFlare or not. I'm confident when I say you shouldn't solely rely on CloudFlare and I'm sure you'll agree with that.

(2012-12-18, 02:02 AM)labrocca Wrote: Unsure what experience you have but most hosts even decent ones consider DDOS mitigation to be null routing you. A lot of them won't lift a finger. Especially shared hosts.

Even Cloudflares free service can assist in mitigating attacks.

In such a case where a shared host is being attacked you'd still feel the impact of it if they were trying to take down another site on the server. For example, AFAIK you host a bunch of sites on Dreamhost. You could use CloudFlare on all those sites but if someone manages to obtain the IP range Dreamhost uses, CloudFlare is useless when it comes to protecting your site from DDOS attacks because it's not your domain being targeted.

In no way does CloudFlare advertise, or advise you, to use CloudFlare to hide your server IP. They actually encourage you to add a subdomain for services which run on unsupported ports. The point I'm trying to get across is CloudFlare is not an ultimate solution. Use it and love it, but it can't help you to read minds or levitate.
No longer involved in the MyBB project.
#9
Quote:I'm confident when I say you shouldn't solely rely on CloudFlare and I'm sure you'll agree with that.

True but anyone who doesn't know this probably doesn't have the skill to do more anyways.

Quote:In such a case where a shared host is being attacked you'd still feel the impact of it if they were trying to take down another site on the server. For example, AFAIK you host a bunch of sites on Dreamhost. You could use CloudFlare on all those sites but if someone manages to obtain the IP range Dreamhost uses, CloudFlare is useless when it comes to protecting your site from DDOS attacks because it's not your domain being targeted.

I have smaller sites even MyBBCentral on Dreamhost with Cloudflare protection. Works fairly well. Even I was a noob without skill or knowledge I'd be pretty happy with this setup. Uptime isn't my highest priority for most of my smaller sites and the set it and forget it experience I have with CF and shared hosting is very positive.

Quote:In no way does CloudFlare advertise, or advise you, to use CloudFlare to hide your server IP.

No one has said that. But you can't have any type of DDOS protection (which they do offer) without hiding original server IP. But if you can't protect yourself at the server level you'll likely experience downtime from attacks. With or without Cloudflare that's the end result.
#10
(2012-12-18, 02:14 AM)labrocca Wrote:
(2012-12-18, 02:08 AM)norradjer99 Wrote: Just keep a few small records, and make sure they are cloudflare protected. PM me and i can help you set it up. But still, their is a funny glitch in MyBB where you need to disable avatars otherwise they can upload a iplogger and it will get the servers IP while its checking if its a valid image.

Just get a good host.

You can prevent that too with some fancy scripting. Smile

What kind of scripting are you talking about? Is there a plugin that could accomplish this?


Forum Jump:


Users browsing this thread: 1 Guest(s)