Use of .cloud TLD

[mhdawson]

Do we have any machines/services that are using a .cloud TLD. IBM cloud scanning seems to believe we do.

[mhdawson]

@nodejs/build are any of you aware of where this might be being used?

[richardlau]

It's in IBM Cloud. We give machines names and a domain.

[richardlau]

FWIW I don't know the history of why the machines have the domain they have in IBM Cloud.

[richardlau]

I'm not on my work computer with my IBM Cloud credentials to log in and check, but it's something like https://github.com/nodejs/build/issues/3279#issuecomment-1496219319 (those particular machines are gone/moved), e.g. release-ibm-rhel8-x64-2.nodejs.cloud -- the nodejs.cloud is the domain.

[richardlau]

For reference https://cloud.ibm.com/docs/virtual-servers?topic=virtual-servers-ordering-vs-public sort of implies that the domain cannot be left blank:

Domain | Must have two or more labels that can be made of alphanumeric characters and dashes, which are separated by periods. Labels can't begin or end with a dash, or have consecutive dashes or periods. The last label must be letters only. -- | --

[targos]

Is it a problem?

[richardlau]

Is it a problem?

I don't think it is for our use cases.

This was a notification from IBM Cloud: https://cloud.ibm.com/notifications?query=161146147

Immediate Action Required - Security Notification - Potentially Unregistered Domain in Use on Cloud Resources Source Id: 161146147 Update time: 28 May 2024, 12:38 AM local time Severity: Major impact

View all affected instances Description: CUSTOMER NOTIFICATION Notification Title: Immediate Action Required - Security Notification - Potentially Unregistered Domain in Use on Cloud Resources Notification Contents: One or more of your IBM Cloud Classic resources are potentially utilizing a domain name that is not currently registered, specifically a domain name with a .cloud top level domain (TLD). It is not recommended to utilize a domain that you do not have registered. An unregistered domain could allow a malicious actor to register the domain and potentially intercept DNS requests or perform other malicious activity, such as a Man-in-the-Middle (MITM) attack, against your system. In response to this notification, we strongly advise that you take immediate action to update the domain names in use on your systems, as well as the configuration of your devices within the IBM Cloud portal to prevent the vulnerable domain from being reused should you perform an operating system reload. We recommend you select a domain name which you have registered and control, or one which uses a TLD which cannot be publicly registered such as those recommended per RFC 6762: o .private o .corp o .intranet o .internal o .home o .lan A list of your IBM Cloud Classic Bare Metal Servers or Virtual Servers can be found in the classic device listing here: https://cloud.ibm.com/gen1/infrastructure/devices Should you have any questions or need assistance regarding this notice, please open a new case with IBM Cloud Support via the Cloud Support Center: https://cloud.ibm.com/unifiedsupport/supportcenter

Our current machines have these domains set:

• .nodejs.cloud (10)
• .SoftLayer-Internal-Node-js-Community-Account.cloud (2)
• .softlayer.com (1)
• .iojs.org (1)

We normally access the machines via IP address or ssh aliases and never with the domain suffixes (e.g. .nodejs.cloud) that the instances currently have configured in IBM Cloud.

While I don't think this is a real problem for us, we could change to consistently using .nodejs.org as the domain (without corresponding DNS entries). Or replace .cloud with .private, e.g. .nodejs.private.

[mhdawson]

Thanks for the additional detail, we may just want to change to .private so that we don't get nagged by the scans.

[richardlau]

I've changed the domain set for all the machines to .nodejs.private.

[richardlau]

hmm. Just got another email from IBM Cloud (same as before). AFAICT we no longer have any domains set to .cloud, so I'm at a loss as to what it is complaining about still.

[richardlau]

AFAIK we've had no further emails so closing as done.