virap1 Posted October 24, 2022 Posted October 24, 2022 Hello, our website is cloud hosted with Invision. It appears the website ip changes and this creates multiple A records with Ezoic. At the moment I have 5 A records. 1. How can I fix this so I don't end up with multiple or wrong A records? 2. How can I set up X-Forwarded-For? I don't know where to add the necessary php code Thank you.
Marc Posted October 24, 2022 Posted October 24, 2022 You look to have your cloud nameservers pointing elsewhere. We are unable to assist with issues arising from this, and if you are using your main domain with us, your nameservers need to be pointed to ourselves
virap1 Posted October 24, 2022 Author Posted October 24, 2022 Unfortunately, with Ezoic the name servers needs to be pointing to them. The setup worked perfectly fine. There was single incident only once today when the website was returning origin error error message. This according to Ezoic is because website ip changes and they end up with multiple A records on their end.
virap1 Posted October 24, 2022 Author Posted October 24, 2022 Furthermore, I find you your replies to my email support very unprofessional and also unhelpful. Refusing to provide me with the DNS records for my website and insisting that I change the nameservers does not make sense at all.
Marc Posted October 24, 2022 Posted October 24, 2022 Very sorry to hear you feel my response was rude. This was certainly by no means my intention. In the same manner as Ezoic are stating there that the name servers need to be pointing to them in order to use your domain on their service, we in turn need your name servers to be pointed to us in order to use the domain correctly on our service here. Please allow me to explain. There does seem to be some confusion here in terms of DNS. You are asking here for us here why you have multiple A records. We cant answer that question, as your name servers are pointed to Ezoic (therefore they are controlling your records). This is why the only answer I can give you here to ensure this is set up correctly on our service is to set up the name servers pointing to ourselves. The reason its not working is because our IPs may well have changed, and our servers are not set up to work in the manner you are attempting. The only alternative to this would be if you choose to use a subdomain for your service. In that scenario, we would provide 2 CNAME entries for you to add to your domain. Note, if your domain nameservers are pointed to us, we can set up records you want us to set up, if that is helpful in any way. But you are asking for a setup here that we don't provide, and asking for records we havent set (as we dont have any control over your domains records at present)
Marc Posted October 24, 2022 Posted October 24, 2022 The forwarded for item you mention, is actually already set on the cloud platform, so would not need setting by the way. The changing IPs are what will be causing your issues
virap1 Posted October 24, 2022 Author Posted October 24, 2022 (edited) 1 hour ago, Marc Stridgen said: Very sorry to hear you feel my response was rude. Actually what I said was "very unprofessional and also unhelpful" not rude. 15 emails were exchanged today between me and you. With each email I asked over and over the same 3 simple questions. 1. trying to explain to you that Cloudflare is only used as a proxy. 2 asking guidance on setting up x-forwarded in a cloud hosted environment, 3. requesting a copy of my own dns records. You ignored each and every request and instead insisted that I should change my nameservers to yours. That kind of behavior is unacceptable and as you already learned also unprofessional and unhelpful. Edited October 24, 2022 by virap1
virap1 Posted October 24, 2022 Author Posted October 24, 2022 1 hour ago, Marc Stridgen said: You are asking here for us here why you have multiple A records. This is another example of manipulative behavior. I asked if there is perhaps a way to PREVENT this from happening and not WHY?
Randy Calvert Posted October 24, 2022 Posted October 24, 2022 (edited) 7 minutes ago, virap1 said: This is another example of manipulative behavior. I asked if there is perhaps a way to PREVENT this from happening and not WHY? No. This can't be prevented. It's done for intentionally for availability. IPS does not host it's CiC sites on a single server like most hosting setups. It uses a redundant system where the site is hosted on many different servers that any one might come and go at any time. This pool of servers enables them to handle large spikes in traffic and allows them to grow/shrink capacity as needed. It also allows them to do rolling maintenance without taking your site offline to install OS patches, PHP updates, etc. Edited October 24, 2022 by Randy Calvert
virap1 Posted October 24, 2022 Author Posted October 24, 2022 3 minutes ago, Randy Calvert said: He's trying to help you. Yes, here in this topic he for sure does try to explain. But denying to provide dns records for instance in 15 emails long conversation is not helping at all.
Randy Calvert Posted October 24, 2022 Posted October 24, 2022 (edited) 17 minutes ago, virap1 said: Yes, here in this topic he for sure does try to explain. But denying to provide dns records for instance in 15 emails long conversation is not helping at all. If you're using Cloudflare, your domain should be using their name servers. Meaning yourdomain.com is pointing to something like: Name Server: elaine.ns.cloudflare.com Name Server: ray.ns.cloudflare.com This means they hold the master records for your domain. You most likely have a record within your Cloudflare setup that is pointing requests to IPS CIC... this is typically a CNAME record that IPS gave you when you first became a customer. Something like forum.domain.com CNAME something.invisioncic.com. They would most likely give you multiple CNAME records for additional redundancy. Those CNAME records change dynamically and can update literally every few minutes to different IP addresses depending on server load and where the request originates from. X-Forwarded-For records are not controlled within the DNS layer. It's also not something IPS "provides you". As per Ezoic: Quote Why would the original IP of the user not get passed along when using Ezoic? When using Ezoic's platform, requests from your website visitors will be routed through Ezoic's Amazon Cloud Servers (AWS). Therefore, your access logs will show Ezoic IP addresses rather than the original IP address of the user. Occasionally, your hosting company misinterprets requests going via Ezoic as a bot attack, because all the requests are coming from a single or a few IPs rather than a wide assortment. Errors you might see in relation to this issue include origin errors, 520 errors, or your host's Robot Captcha. This issue can be fixed by using the XFF header. By implementing the XFF header, Ezoic will send the IP address of the original web visitor through to your server in the X-Forwarded-For header. This means Ezoic is passing the original user's IP address in the XFF field. It's not something for IPS to give to you. IPS already respects the XFF as they need it for their own load balancers. (The web server itself handling your request gets the request from IPS' load balancer, so it would have to use the XFF to know what the true source IP address is instead of the local address of the load balancer.) Also... IPS does not use A records. A records are for IP addresses. They point to a single source. Instead they use CNAME records. It's a resource pointer that allows IPS to direct a request to any number of IP addresses that might change very frequently without making you have to update your DNS each time they make an update. Using A records works when you have just a single web server hosting a site, but it absolutely does not in a multi-server, highly available environment. If you manually pinged the CNAME record to get an IP address, it means you won't get updates anytime the CNAME record changes. I would HIIIIIGHLY recommend against this as it means your site could randomly break anytime IPS makes a change to their backend systems. Use the CNAME records instead that they provide to point to a CiC instance. Edited October 24, 2022 by Randy Calvert virap1 1
virap1 Posted October 24, 2022 Author Posted October 24, 2022 Thank you very much @Randy Calvert. I don't have a cloudflare setup, but it is my understanding that some of the DNS entries at lease i have with ezoic are run through cloudflare proxy. Would replacing the a record with cname be better?
Randy Calvert Posted October 24, 2022 Posted October 24, 2022 Yes! 100% YES. Your DNS is basically being pointed to Ezoic for them to control. They host all the records (either themselves or through Cloudflare depending if you chose to integrate through CF or through DNS). When you configure your origin record (such as forum.domain.com), it should not point to an A record. That would be pointing to a static IP address that could change anytime with no notice. Instead you want to use the CNAME record values provided by IPS when you signed up for CiC. This will basically tell Ezoic to point requests to IPS' load balancer and let it decide what IP address to give out from what it knows are available.
virap1 Posted October 24, 2022 Author Posted October 24, 2022 Wonderful. Many thanks @Randy Calvert Randy Calvert 1
Marc Posted October 24, 2022 Posted October 24, 2022 We can certainly sort out subdomain cnames for you if required. Please respond to the ticket and let us know what subdomain you wish to use and we can get you sorted out there 2 hours ago, virap1 said: 15 emails were exchanged today between me and you. Again I'm sorry to see some of the context was indeed missed there. However I was trying to help you understand the situation for those. I believe you may have missed that I had responded only once to your ticket myself. I was genuinely trying to help you understand the issue so you may get to where you need to be here. Please feel free to reach out if you need to get the subdomain set up instead.
virap1 Posted October 24, 2022 Author Posted October 24, 2022 Thank you Marc. It looks like @Randy Calvert's suggestion of using cname might actually work. I wrote to support requested proper cname entries as the dns records I got today from invision after asking for it through the 15 emails are no good according to them.
virap1 Posted October 24, 2022 Author Posted October 24, 2022 So is there a way to use cname with the room domain or cname records are only for subdomains?
Randy Calvert Posted October 25, 2022 Posted October 25, 2022 2 hours ago, virap1 said: So is there a way to use cname with the room domain or cname records are only for subdomains? You can cname a sub domain (such as WWW) but not the apex (domain.com). That is not an IPS issue. That’s an internet standard… specifically RFC1912. Now… if you were using Cloudflare, you could use their DNS flattening and have them do it for you dynamically at request run time. You could also just point it to a static IP (such as an AWS EC2 Micro instance) that just has Apache setup with a forward to send EVERYTHING to your cname. This is actually exactly why IPS pushes to have them host your DNS … as they do this for you. Most people don’t want to take the effort of figuring out how to cname the domain apex. But if you do that, you can’t use Ezoic because they’re essentially a DNS host themselves…. Leaving you with out a clear “easy” way of handling apex mapping. By the way… to read about DNS flattening at Cloudflare… https://blog.cloudflare.com/introducing-cname-flattening-rfc-compliant-cnames-at-a-domains-root/ virap1 and Marc 2
Recommended Posts