White-listing IPs of forums for customers.
It happens from time to time that customers need to whitelist the IP of their forum (usually the staging or dev cluster) so that they can accept API requests. In the past we have told them to do a dig on their forum name. This, however doesn't work any more.
Take, for example, paddykelly.vanillastaging.com
~$ dig paddykelly.vanillastaging.com ; <<>> DiG 9.10.6 <<>> paddykelly.vanillastaging.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31630 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;paddykelly.vanillastaging.com. IN A ;; ANSWER SECTION: paddykelly.vanillastaging.com. 299 IN CNAME site-6025942.onvanilla.net. site-6025942.onvanilla.net. 299 IN A 162.159.138.78 site-6025942.onvanilla.net. 299 IN A 162.159.128.79 ;; Query time: 144 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Tue Jul 23 15:05:49 EDT 2019 ;; MSG SIZE rcvd: 130
The outside world sees the IP as 162.159.138.78 or 162.159.128.79.
But if we open a shell on the server itself and do a call out to another server and then ask it "What is my IP" we get a completely different result. I am assuming all of this has to do with some OPsy Cloudflare voodoo (feel free to chime in if you have more details).
The bottom line is if you have a customer who is having troubles whitelisting the IP of their forum, ask someone with shell access to the server to get its actual IP by doing this command:
dig TXT +short o-o.myaddr.l.google.com @ns1.google.com