Feuerfest

Just the private blog of a Linux sysadmin

"It's always DNS."

  • November 14, 2024 •
  • IT
  • Christian

Photo by Visual Tag Mx: https://www.pexels.com/photo/white-and-black-scrabble-tiles-on-a-white-surface-5652026/

"It's always DNS."
   - Common saying among system administrators, developers and network admins alike.

Recently my blogpost about Puppet's move to go semi-open-source gained some attention and I grew curious where it was mentioned and what people thought about it. Therefore I did a quick search for "puppet goes enshittyfication" and was presented with a few results. Mostly Mastodon posts but also one website from Austria (the one without Kangaroos 😁). Strangely they also copied the site title, not just the texts' title, as it showed up as "Feuerfest | Puppet goes enshittyfication".

Strange.

I clicked on it and received a certificate warning that the domain in the certificate doesn't match the domain I'm trying to visit.

I ignored the warning and was presented with a 1:1 copy of my blog. Just the images were missing. Huh? What? Is somebody copying my blog?

A short whois on the domain name revealed nothing shady. It belonged to an Austrian organization whose goal it is to inform about becoming a priest of the catholic church and help seminarians. Ok, so definitely nothing shady.

I looked at the certificate and.. What? It was issued for "admin.brennt.net" by Let's Encrypt. That shouldn't be possible from all I know, as that domain is validated to my Let's Encrypt account. I checked the certificates fingerprints and.. They were identical, huh?

That would mean that either someone managed to get the private key for my certificate (not good!) or created a fake private key which somehow a webserver accepted. And wouldn't Firefox complain about that or would the TLS handshake fail? (If somebody knows the answer to this, please comment. Thank you!)

I was confused.

Maybe the IP/hoster of the server will shed some light on this?

Aaaaand it was the current IP of this blog/host. Nothing shady. Nothing strange. Just orphaned DNS-records from a long-gone web-project.

As I know that Google - and probably any other search engine too - doesn't like duplicate content I helped myself with a RewriteRule inside this vHost. The important part is, that you either send a HTTP-301 (Moved Permanently) or a HTTP-410 (Gone) to indicate that the content moved to a new domain. Just using a Rewrite rule will use HTTP-302 and this can cause issues with duplicate content.

RewriteEngine On
# Do not redirect requests for the robots.txt received via HTTP
<If "%{HTTP_HOST} == 'admin.brennt.net' && %{REQUEST_URI} != '/robots.txt'">
    RewriteRule "(.*)"      "https://%{HTTP_HOST}$1" [R=302] [L]
</If>
# Rewrite for old, orphaned DNS records from other people..
<If "%{HTTP_HOST} =~ /^([a-z0-9-]+\.)*berufungimzentrum\.at/">
    Redirect gone
</If>
<If "%{HTTP_HOST} =~ /^([a-z0-9-]+\.)*hochbau-planung\.at/">
    Redirect gone
</If>

Now everyone visiting my site via "the other domains" will see an error page from my webserver, indicating that nothing is reachable under this domain.

It certainly IS always DNS.

Tags: DNS, Story