Exposing origin IP Address


#1

An A, AAAA, CNAME, or MX record is pointed to your origin server exposing your origin IP address.

What is this mean?

Can anyone instruct me how i solve the problem?


#2

Exactly what it says. What exactly is unclear about it? It is not a problem per se, but if you dont want it exposed it is a simple click on the record from :grey: to :orange:, though that can have other implications as well (non-HTTP protocols, callbacks, etc.).


#3

As @sandro said, its exactly what it says, a record in your DNS is exposing the IP of your zone’s primary record (a record like direct.ftp.example.com, exposing example.com)

As seen below, if the service/server you need to access falls under these, you can have the features enabled/disabled by using the cloud

Usages of :grey:

  • SSH Servers
  • FTP Servers
  • other internal OS services ports

Usages of :orange:

  • HTTP(S) Web Servers
  • CDN Servers
  • Always up static sites (Always Online Cloudflare Service)
  • Privacy Concerns
  • DDOS Mitigation
  • … more

Some questions about cloudflare
#4

Can i send a screenshot from my DNS or better not? :smiley:


#5

That will expose your address even more :wink:

General question, do you want to keep your IP address hidden and behind Cloudflare or not? What is the primary reason you are on Cloudflare?


#6

Wait i tell it… :smiley:


#7

Should i have to delete the * Records?


#8

The * records are wildcard and not proxiable in the first place. They will always reveal your address. If you want to proxy you need to create dedicated records.

But again

General question, do you want to keep your IP address hidden and behind Cloudflare or not? What is the primary reason you are on Cloudflare?


#9

I want to hide my IP Address. DDoS Protection i have from my Webhoster.


#10

Small correction, not relevant here I presume. Wildcards can be proxied on the Enterprise plan. Not doable on any other plan.


#11

oooooooh i have iiiiiiiiit


#12

Then delete the wildcards and you should be all set seeing the DNS screen you posted. Make sure that those IPs are not the same as the MX ones (or the MX doesn’t point to your root even if :orange:).

DDOS protection from your web host will be worse than Cloudflare’s.


#13

on the mx is an “i” icon in there tell me its exposing


#14

True, though do you think we are talking about an enterprise plan here, @matteo? :slight_smile:

If you want to hide your IP address you should definitely remove everything that reveals your IP address and possibly ask your host to change your IP address, as that is already out there and someone who will dig will find it nonetheless.


#15

The enterprise plan? I really doubt that, you wouldn’t be here asking for help as you would have a direct support line.

Then it’s probably an issue there, but may be a different IP that the root domain.


I raise this quote from my earlier post:


#16


#17

:laughing: “Presume” hints at a certain probability :wink:


#18

Cloudflare will stand steadfast against any DDOS regardless of size, as says one of their phrases,
most other hosts, OVH and RamNode that I know of have DDOS protection, but only to a point and will null route (read: disable) your server, if it goes above their limits, and you would have to deal with their bandwidth requirements along with that


#19

Im on OVH


#20

This doesn’t help us out that much (we can’t see anything), but I see the little I.

Tell me this: if your domain is example.com, does your MX record at root (example.com) point to example.com or to an IP? If it’s an IP is it the same as in the A/AAAA records for example.com?