0

Domain hosted on OVH cloud. Domain hosted on Failover IP on OVH server. DNS hosted on Cloudflare. A record of domain on Cloudflare points to this Failover IP.

Now I came to know that OVH puts a default reverse DNS and in format IP.ovh.net i.e. the ip of the domain is exposed. Google indexed http://XX-XX-XX-XX.ovh.net which gives away ip.

Now I have to manually change reverse DNS so that hopefully this problem doesn't persists.

Questions:

1)I will order a new Failover IP, so should I first put the Reverse DNS and then update the A record ? Or vice versa.

2)What reverse DNS should I put on this IP? I want the ip to remain anonymous. 3) shall I first order ip, 3.1)then put A recording Cloudflare 3.2)then reverse DNS 3.3) then on OVH server change ip of domain to this new ip.

Sun
  • 1
  • 1

1 Answers1

1

When requesting for reverse DNS, you already have the IP and request for a name. When having the name, the whole DNS system is designed to "reveal" the IP: in order to let the user know where the server is. There simply isn't anything secret about IP addresses.

If you want to avoid Google from indexing content with unwanted hostnames generally, have the content served only on the canonical hostname for your site and either redirect from the other hostnames or return 404 or 403. Google really doesn't care about reverse DNS at all, and changing the PTR record doesn't remove the additional A records pointing to the same IP. This has nothing do with DNS records, but depends entirely on the HTTP Host: header and how your web server treats it.

Esa Jokinen
  • 46,944
  • 3
  • 83
  • 129
  • For not revealing ip of domain its DNS is hosted on Cloudflare. Reverse DNS setting on OVH points server ip to http://XXX-XXX-XXX-XXX.ovh.net. now Google indexed this version too. So when searching for www.actualdomain.com the ip address domain is also shown on results whose title and content are same as original. Thus ip address is revealed because or this behaviour of OVH and Google. – Sun Oct 28 '17 at 15:45
  • That's just like putting your phone number to another phone book for not revealing it. Doesn't work as you believe. DNS resolves names to IPs regardless where it is. – Esa Jokinen Oct 28 '17 at 15:49
  • it won't show actually server ip if behind Cloudflare. So ip of server is not revealed to anyone once RDNS is fixed. The DNS resolves to ip which is of Cloudflare and not actual ip. But this bad practice of OVH gave away the ip. – Sun Oct 28 '17 at 15:51
  • My update already explains why this doesn't depend on reverse DNS and how the problem you probably actually face can be solved. The problem isn't that someone can know your IP, as that will always be the case, but that your actual domain may lose rank on Google and get less known as a brand if the content is also found with another name. – Esa Jokinen Oct 28 '17 at 15:56
  • For me the problem is not to reveal ip. And reverse DNS of OVH is creating a domain indexed by Google whose ip is same as original domain. That reverse DNS is basically ip.ovh.net. your first assumption is wrong that anyone already has the ip of domain to know the reverse domain. – Sun Oct 28 '17 at 16:06
  • Cloudflare / OVH / Google are not causing this. It is your poorly configured web server software. – Esa Jokinen Oct 28 '17 at 16:12
  • The DNS doesn't gives away the ip of server due to Cloudflare. Email is hosted via Amazon SES so email header doesn't have ip. You don't upload anything like pics to server so ip is not known. – Sun Oct 28 '17 at 16:13
  • DNS is not hosted on server and RDNS setting configuration is out server configuration. It's ip configuration which is wrong which is already stated in the question. The ip configuration of cloud OVH is done automatically by OVH as explained – Sun Oct 28 '17 at 16:15
  • With that conception you may get surprised how great hacking tools `dig` and `nslookup` are. :) – Esa Jokinen Oct 28 '17 at 16:21
  • Those tools are not scope of current discussion and Thank you for engaging with me Esa. I take security very seriously . – Sun Oct 28 '17 at 16:32
  • Well, those tools would allow you to study how DNS actually works. This has nothing to do with security: the IP address of a public server is always public information. The client computer uses the IP address alone for connecting the server. DNS is designed to give this information, not to hide it. – Esa Jokinen Oct 29 '17 at 09:08
  • Well you see, IP of server is still hidden and cannot be known with dig tool or via DNS as you see Cloudflare hides your ip once you move your DNS to Cloudflare and then change ip of server. Cloudflare hides your ip nicely. – Sun Oct 29 '17 at 14:24
  • Now I get it! It's not a DNS service alone, but some kind of proxy & load balancer making it also a "DDoS protection". That's how our view to the problem is different. But the solution remains: if you reject requests with a wrong hostname with error `403`, eventually it gets removed from Google. Hoping this is helpful, and sorry for not being that polite during our path. – Esa Jokinen Oct 29 '17 at 14:43
  • Yes it's DDOS protection at DNS level and at layer 7 and at 4 by Cloudflare and by OVH together. I am shrewdly tackling this issue at many ends currently. Some steps remain. – Sun Oct 29 '17 at 15:25