Skip to main content
WolfShade
Legend
April 3, 2017
Answered

CF11 issue with reverse DNS lookup???

  • April 3, 2017
  • 2 replies
  • 3233 views

Hello, all,

Our DBA just approached me and said that it appears as though CF11 is not cooperating with reverse DNS lookups.  She says that it's not Apache, and there are no errors appearing in any logs or emails - it just isn't doing any reverse DNS lookups; as if the code just isn't executed when it gets to that point.

Has anyone, here, heard of or experienced this kind of issue with CF11?  I am at a total loss.

V/r,

^_^

    This topic has been closed for replies.
    Correct answer haxtbh

    We were always successful getting cgi.REMOTE_HOST under CF10.  And, like I stated, Apache has been successfully getting REMOTE_HOST with CF11 - the Apache logs show that Apache is getting REMOTE_HOST, so these aren't situations where the IP isn't resolvable.  Why CF11 suddenly is seeing occasional blanks is what has me confuzzed.

    As far as better Java level variables are concerned, if anyone knows of any I'm open to suggestions; but I work for USG DoD, and they tend to restrict accessing Java anything as a security measure.

    V/r,

    ^_^


    Do you have enableLookups enabled in the CF server.xml?

    I think the default behaviour is as follows:

    CGI.REMOTE_HOST - Hostname making the request. If the server does not have this information, it sets REMOTE_ADDR and does not set REMOTE_HOST.

    Without enableLookups enabled it wont do the lookup on the host and probably sets it as empty.

    I notice in IIS though that its always set to the same value as remote_addr when lookups are disabled.

    2 replies

    James Moberg
    Inspiring
    February 14, 2018

    I recently discovered a better way to perform reverse DNS look-ups.  Normally when attempting to look up a IP that doesn't have a reverse DNS name, it could take 4+ seconds for a ColdFusion response to exit/return.

    I was researching a method to identify ServerMania, ColoCrossing & IPVanish-owned IP addresses (due to abuse from their networks) and discovered IP-API.com.  In addition to reverse-DNS, it returns the following data:

    country, countryCode, region, regionName, city, zip, lat, lon, timezone, isp, org, as, (reverse, mobile, proxy = upon request)

    To retrieve all data in JSON format, use the following URL:

    http://ip-api.com/json/204.93.89.33?fields=262143

    You'll note that there isn't any associated reverse DNS name if the "reverse" key is empty.

    JSON API requests will return the following JSON response:

    {

      "as": "AS13364 Jive Software Inc.",

      "city": "Palo Alto",

      "country": "United States",

      "countryCode": "US",

      "isp": "Jive Software",

      "lat": 37.4429,

      "lon": -122.1514,

      "mobile": false,

      "org": "Jive Software",

      "proxy": false,

      "query": "204.93.89.33",

      "region": "CA",

      "regionName": "California",

      "reverse": "",

      "status": "success",

      "timezone": "America/Los_Angeles",

      "zip": "94301"

    }

    The free API includes:

    • 150 requests per minute (or your IP will get banned)
    • Accurate Geolocation database, updated daily
    • Your choice of format: JSON(P), CSV, XML, Text, PHP
    • Selectable output, get only the fields you need
    • IPv4 and IPv6 queries
    • Localized country/region/city, multiple languages
    • DNS API

    A "pro" subscription for commercial usage is only €13 per month and includes:

    • Unlimited queries
    • SSL access
    • Commercial use allowed
    • Fast, Anycast-enabled servers
    • Automatic server failover, >99.99% uptime
    • Technical support for implementing our API
    WolfShade
    WolfShadeAuthor
    Legend
    February 14, 2018

    I work for US DoD, and unfortunately they block that URL.  Don't know why, but unless it's mission critical they will not unblock it.

    Hopefully, others can benefit from it.

    V/r,

    ^ _ ^

    James Moberg
    Inspiring
    February 14, 2018

    ok... They probably do that because they don't want desktop IPs to be logged by third-party websites.  I use uMatrix & AdBlock extensions and this 3rd-party API is blocked too (and I prefer that it be blocked).  However on the server, I need to determine the "network of origin" so I can block non-consumer fraudulent web requests.  If you need a commercial API-only (non-blocked) service, you could consider using Apility.  (I believe they use IP-API as the source of their data.)

    As a workaround, you could try using the direct IP. (NOTE: This may change.  However if use the hostname and the IP changed and you use CFHTTP, you'd have to restart CF to clear the forever-cached DNS name. We use CFX_HTTP5 to honor DNS TTL so we don't have to force a server restart.)

    Here's an API request using their IP.  (Hopefully DOD hasn't specifically blocked access based on IPs.)


         http://66.212.29.250/json/wikipedia.org?fields=61439

    Or you could set up your own custom HOSTNAME record on the server's "HOSTS" files. (You should be able to make up any hostname you want to use.):

    66.212.29.250    myIPLookup.com

    66.212.29.250    myIPLookup

    ... and then perform the web request using the localized hostname:

         http://myIPLookup/json/wikipedia.org?fields=61439

    Or you could work with a third-party host (or a commercial provider like Apility) to proxy the API and return the same results.

    James Moberg
    Inspiring
    April 3, 2017

    Could you provide more info.  A reverse DNS lookup on a webserver doesn't involve ColdFusion at all... it should be a routing issue and handled by your network administrator.

    If you are attempting to use ColdFusion to perform a reverse DNS lookup, here's some sample code on how I perform reverse look-ups on GoogleBot/Bingbot useragents to determine if they are fake or not.

    https://gist.github.com/JamoCA/7d0b14894387b2fc2260

    This script uses InetUtil.cfc and is available for download at:
    http://www.phillnacelli.net/blog/index.cfm/2007/2/21/DNS-Lookup-in-ColdFusion

    WolfShade
    WolfShadeAuthor
    Legend
    April 4, 2017

    It's part of our webmetrics.  We are collecting cgi.REMOTE_HOST and cgi.REMOTE_ADDR as part of webmetrics, and the Apache logs are showing that both are being collected by Apache, but somewhere in the hand-off between Apache and Tomcat, or between Tomcat and ColdFusion, the cgi.REMOTE_HOST is coming up blank.

    This started happening when we upgraded both ColdFusion (to CF 11) and Apache (to 2.4.25).  This was working fine under CF10.

    Our SA and DBA have been looking at some of the mod files to see if anything there might be preventing REMOTE_HOST from being passed, but aren't seeing anything out of the ordinary.

    V/r,

    ^_^

    James Moberg
    Inspiring
    April 4, 2017

    I wonder if there's a better java-level variable you can access.  ColdFusion attempts to collect all CGI variables and doesn't get it right sometimes.  We use IIS, wanted to log CGI.LOCAL_ADDR and found it to be inconsistent and often completely random.

    Please note that there may be times when an IP is unresolveable.  In this case, the IP is returned.  Not all hosts have properly configured hostnames and it can cause time-outs when performing look-ups.


    I started performing separate reverse DNS calls afterwards (using InetUtil.cfc) to update unknown hosts that are logged.