docs.celeryproject.org and celeryproject.org are down

[colons]

Checklist

• [x] I have checked the issues list for similar or identical bug reports.
• [x] I have checked the pull requests list for existing proposed fixes.
• [x] I have checked the commit log to find out if the bug was already fixed in the master branch.
• [x] I have included all related issues and possible duplicate issues in this issue (If there are none, check this box anyway).

Related Issues and Possible Duplicates

Related Issues

• None

Possible Duplicates

• celery/celeryproject#50
• celery/celeryproject#47

Description

The Celery website (celeryproject.org) and the Celery documentation website (docs.celeryproject.org) no longer seem to have A DNS records. I've checked this by running dig celeryproject a and dig docs.celeryproject.org a on computers with internet connections in various places in the world, and nowhere seems able to load the website any more.

Suggestions

I'm not sure. Has the domain ownership lapsed, or is there just an issue with your DNS provider?

[open-collective-bot[bot]]

Hey @colons :wave:, Thank you for opening an issue. We will get back to you as soon as we can. Also, check out our Open Collective and consider backing us - every little helps!

We also offer priority support for our sponsors. If you require immediate assistance please consider sponsoring us.

[justin-f-perez]

I am experiencing the same problem using Google DNS

❯ nslookup celeryproject.org 8.8.8.8
❯ nslookup docs.celeryproject.org 8.8.8.8
❯ nslookup docs.celeryproject.org 8.8.4.4
❯ nslookup celeryproject.org 8.8.4.4

All give the same error:

** server can't find celeryproject.org: SERVFAIL

[clokep]

Maybe see celery/celeryproject#21 also?

[woodruffw]

I can't reproduce this:

dig +short docs.celeryproject.org
readthedocs.io.
104.17.33.82
104.17.32.82

Hmm, maybe it's a Google DNS issue:

dig @8.8.8.8 +short docs.celeryproject.org

...produces no output.

[clokep]

I'm able to reproduce on non-Google DNS. Getting a SERVFAIL also.

[CodePint]

+1 also down for me

failing with nslookup and dig:

nslookup celeryproject.org 9.9.9.9   # Quad9DNS
nslookup celeryproject.org 208.67.222.222 # OpenDNS
nslookup celeryproject.org 8.8.8.8  # GoogleDNS
# ** server can't find celeryproject.org: SERVFAIL

dig docs.celeryproject.org 
# QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

[CodePint]

If anyone needs access to the docs in a pinch... There is a version of the celery 5 docs archived on wayback machine.

[thedrow]

As far as I can see, I can't register the domain name myself so it's not expired.

[woodruffw]

I changed networks, and it's no longer resolving for me:

dig +short docs.celeryproject.org

Edit: To clarify, I moved to a network that's using a local DNS resolver + Cloudflare DNS as an authority (1.1.1.1).

[thedrow]

WHOIS doesn't reveal the owner of the domain. Should we register a different domain address?

[LordNoteworthy]

I am using the latest snapshot captured from web archive: https://web.archive.org/web/20220313093531/https://docs.celeryproject.org/en/stable/

[auvipy]

WHOIS doesn't reveal the owner of the domain. Should we register a different domain address?

I am seriously considering registering a new domain and start working on github page based website, later can deploy it to some VPS, I can do it. It's a long overdue

[levrik]

It seems quite crazy that the owner of the domain seems to be completely unknown to maintainers...

[thedrow]

Unfortunately, there wasn't a proper hand-off when @ask left the project.

[thedrow]

I purchased the following domains:

• celery-project.com
• celery-project.org
• getcelery.dev
• getcelery.org

I'll configure them to work with ReadTheDocs and ping you once that's done.

[ThiefMaster]

You should really consider getting the original domains back before they fully expire (and thus can be grabbed by someone else) - otherwise there's a good chance they'll be abused for spam or worse.

[robmello]

For anyone here who needs Celery doc while this gets worked out:

https://docs.celeryq.dev/en/stable/

[mrmonkington]

Does controlling the celeryproject.org domain give control of any email addresses that could be used to recover passwords on e.g. Github or PyPI?

[mastacheata]

Does controlling the celeryproject.org domain give control of any email addresses that could be used to recover passwords on e.g. Github or PyPI?

The public email on the github profile of @ask is ask@celeryproject.org, so at least someone could impersonate her. Whether or not her github account would be at risk is impossible to tell.

PyPi doesn't disclose any emails connected to the user accounts. She is still listed as a maintainer over there, but the main contact email is that of auvipy.

[shaggyloris]

It seems that the DNS for docs.celeryproject.org may have been compromised or at least the site shouldn't be trusted at this point? The DNS is now resolving to a Russian hosting company and the certificate is for a different domain:

DNS response:

dig @8.8.8.8 +short docs.celeryproject.org
45.130.41.26

Whois info:

inetnum:        45.130.41.0 - 45.130.41.255
netname:        BEGET-NET-89
country:        RU
admin-c:        DUMY-RIPE
tech-c:         DUMY-RIPE
status:         ASSIGNED PA
mnt-by:         BEGET-MNT
created:        2019-10-10T10:18:07Z
last-modified:  2019-10-10T10:18:07Z

Cert info:

Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
    Not Before: Feb 22 10:30:38 2022 GMT
    Not After : May 23 10:30:37 2022 GMT
Subject: CN=4rdcom.com

[auvipy]

he is not active anymore from late 2016, so we bought some new domains, and using https://docs.celeryq.dev/en/stable/.

[coderanger]

@auvipy I don't think that's a great long term plan, leaving broken links is bad but worse is if they potentially go somewhere hostile now. I can get in contact with Ask if that's the limiting factor.

[auvipy]

US is Hostile to many, so embrace it. you can try, as I am trying for last 6 years. good luck with that.

[coderanger]

Not sure how that's related? I'm not talking about politically hostile, I mean like infosec hostile.

[auvipy]

OK, but good luck mate.

[coderanger]

Will report back if I can get in touch with her. I've reached out to the PSF Infra team to see if they would be willing to hold the domain as a trusted party even if you would rather just roll forward to a new one so you aren't blocked for now :)

[auvipy]

yeah please, that would be really helpful. I have my email in github

[mrmonkington]

@auvipy I am sorry to revisit this point (and also sorry if this is not the best channel), but would you be able to confirm for me that there are no '@celeryproject.org' addresses with maintainer rights for Celery on PyPI? I can still see 'ask' listed on there and the changelog implies that she was using ask@celeryproject.org.

My concerns are that if the Celery maintainers no longer have control of this MX for celeryproject.org then it is not possible to rule out a bad actor impersonating ask@celeryproject.org, using the PyPI password reset, and having write access to the package.

[ewdurbin]

The only existing user on PyPI (@ask) with a celeryproject.org address has been deactivated.

No account activity has been noted since the domain was compromised.

[loganbibby]

Just to add to @mrmonkington's concerns... Our office is now blocking celeryproject.org because its within Russia. So the possibility of it being compromised was just ratcheted up a few notches.

[bryanculver]

Looks like there may have been a compromise with the account at the hosting company, A Small Orange.

Might be worth contacting them or Enom because I'm sure they wouldn't appreciate takeovers.

NS Records still point to there and nothing in WHOIS has changed since April of last year:

# whois.enom.com

Domain Name: celeryproject.org
Registry Domain ID: D156435169-LROR
Registrar WHOIS Server: WHOIS.ENOM.COM
Registrar URL: WWW.ENOM.COM
Updated Date: 2021-05-01T05:08:39.00Z
Creation Date: 2009-06-15T12:30:15.00Z
Registrar Registration Expiration Date: 2022-06-15T19:30:15.00Z
Registrar: ENOM, INC.
Registrar IANA ID: 48
Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
Registrant Name: REDACTED FOR PRIVACY
...additional registrant information...
Name Server: NS1.ASMALLORANGE.COM
Name Server: NS2.ASMALLORANGE.COM
DNSSEC: unsigned
Registrar Abuse Contact Email: ABUSE@ENOM.COM
Registrar Abuse Contact Phone: +1.4259744689
URL of the ICANN WHOIS Data Problem Reporting System: HTTP://WDPRS.INTERNIC.NET/
>>> Last update of WHOIS database: 2022-03-30T18:30:00.00Z <<<

[ewdurbin]

Good news, as of a few minutes ago the transfer of this domain has started and will be registered in perpetuity by the Python Software Foundation.

Celery project maintainers can contact infrastructure-staff@python.org to discuss next steps and management of the domain moving forward.

[ericholscher]

@ewdurbin Great to hear. We'd love to get the Google results working again, so let me know if you want to re-point docs. to readthedocs.io, which should automatically redirect all existing docs links.

[thedrow]

Thank you everyone for helping to handle this issue. I'm sorry I could not make more time to get involved in fixing it. The fact that we didn't own the domain really stressed me out but I didn't know what I should do to resolve this.

I've instructed one of my employees to contact the PSF and engage the contributors on the matter. I'll try to find a time to write a retrospective on this incident.

[ewdurbin]

Just an update: still waiting for transfer to complete. Will confirm here and respond to the celery project rep at that time.

[ewdurbin]

We're all set!

[ewdurbin]

I've moved the DNS NS records to Gandi for now, but that may take some time to propagate.

[ewdurbin]

For the time being I have configured apex, www, and docs .celeryproject.org to temporary redirect to docs.celeryq.deva

[auvipy]

For the time being I have configured apex, www, and docs .celeryproject.org to temporary redirect to docs.celeryq.deva

i reached the infra team please check.

[ewdurbin]

Apologies! I responded yesterday but mishandled the To: field and didn't include you. You should have an email in your inbox now.