From 3774c7a448ba156d3b07e1cbf4a4504f35034e49 Mon Sep 17 00:00:00 2001 From: Kaarina Tungseth Date: Thu, 24 Apr 2025 12:46:45 -0500 Subject: [PATCH 1/2] Adds Wildcard DNS record disclaimers Adds `ip.es.io` disclaimer to warning and security@elastic.co for reporting security issues. --- deploy-manage/deploy/cloud-enterprise/ece-wildcard-dns.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/deploy-manage/deploy/cloud-enterprise/ece-wildcard-dns.md b/deploy-manage/deploy/cloud-enterprise/ece-wildcard-dns.md index f21de8ae8d..810a5fae5e 100644 --- a/deploy-manage/deploy/cloud-enterprise/ece-wildcard-dns.md +++ b/deploy-manage/deploy/cloud-enterprise/ece-wildcard-dns.md @@ -10,6 +10,8 @@ mapped_pages: ::::{warning} Don't use `ip.es.io` for production systems. Set up your own domain name and DNS resolver for production. We do not guarantee uptime with `ip.es.io`. + +`ip.es.io` is intended for use only by Elastic Cloud Enterprise customers. We may, acting in our sole discretion, immediately terminate, suspend, or block any unauthorized users or uses without notice. :::: By default, {{ece}} uses the external `ip.es.io` service provided by Elastic to resolve virtual {{es}} cluster host names in compliance with RFC1918. The service works by resolving host names of the form `.ip.es.io` to ``. In the case of {{ece}}, each cluster is assigned a virtual host name of the form `..ip.es.io:`, such as `6dfc65aae62341e18a8b7692dcc97186.10.8.156.132.ip.es.io:9243`. The `ip.es.io` service simply resolves the virtual host name of the cluster to the proxy address which is specified during installation, `10.8.156.132` in our example, so that client requests are sent to the proxy. The proxy then extracts the cluster ID from the virtual host name of the cluster and uses its internal routing table to route the request to the right allocator. @@ -18,3 +20,5 @@ The `ip.es.io` service is provided to help you evaluate {{ece}} without having t A wildcard certificate is enabled based on the deployment domain name. For more information on modifying the deployment domain name, check [Configure endpoints](change-endpoint-urls.md). The deployment domain name also determines the endpoint URLs that are displayed in the Cloud UI. +Report security issues to security@elastic.co. + From e0941bd24d53d567d103663b832c416b85036f44 Mon Sep 17 00:00:00 2001 From: Kaarina Tungseth Date: Thu, 24 Apr 2025 14:14:20 -0500 Subject: [PATCH 2/2] Update deploy-manage/deploy/cloud-enterprise/ece-wildcard-dns.md Co-authored-by: shainaraskas <58563081+shainaraskas@users.noreply.github.com> --- deploy-manage/deploy/cloud-enterprise/ece-wildcard-dns.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy-manage/deploy/cloud-enterprise/ece-wildcard-dns.md b/deploy-manage/deploy/cloud-enterprise/ece-wildcard-dns.md index 810a5fae5e..e9bdf506c4 100644 --- a/deploy-manage/deploy/cloud-enterprise/ece-wildcard-dns.md +++ b/deploy-manage/deploy/cloud-enterprise/ece-wildcard-dns.md @@ -11,7 +11,7 @@ mapped_pages: ::::{warning} Don't use `ip.es.io` for production systems. Set up your own domain name and DNS resolver for production. We do not guarantee uptime with `ip.es.io`. -`ip.es.io` is intended for use only by Elastic Cloud Enterprise customers. We may, acting in our sole discretion, immediately terminate, suspend, or block any unauthorized users or uses without notice. +`ip.es.io` is intended for use only by {{ece}} customers. We may, acting in our sole discretion, immediately terminate, suspend, or block any unauthorized users or uses without notice. :::: By default, {{ece}} uses the external `ip.es.io` service provided by Elastic to resolve virtual {{es}} cluster host names in compliance with RFC1918. The service works by resolving host names of the form `.ip.es.io` to ``. In the case of {{ece}}, each cluster is assigned a virtual host name of the form `..ip.es.io:`, such as `6dfc65aae62341e18a8b7692dcc97186.10.8.156.132.ip.es.io:9243`. The `ip.es.io` service simply resolves the virtual host name of the cluster to the proxy address which is specified during installation, `10.8.156.132` in our example, so that client requests are sent to the proxy. The proxy then extracts the cluster ID from the virtual host name of the cluster and uses its internal routing table to route the request to the right allocator.