(Please read to the bottom of the page. All of the steps and information will be important for you to understand what is going on)
There are two infrastructure problems we have detected with Yahoo hosting. One with resolving the dns name for the Yahoo Mysql server, and one with misconfigured shared SSL certificates on 3 Yahoo servers.
Test page (https://rlpn.net/ssl/dbtest456.php)
database test link
If you click on the database test link above and the Yahoo shared SSL domain name p9.secure.hostingprod.com gives you the IP address 22.214.171.124, then our PHP scripts will not be able to connect to the shared MySQL instance named 'mysql' and you will get the following error result from the script above:
Warning: mysql_pconnect(): Can't connect to MySQL server on 'mysql' (61) in /ssl/dbtest456.php on line 11
CONNECT failed with : Can't connect to MySQL server on 'mysql' (61)
Otherwise it will indicate that the simple query succeeded. We assert that on that specific server (126.96.36.199) something is preventing scripts from connecting with MySQL but which works on all of the other Yahoo servers in the range 188.8.131.52 to 184.108.40.206. Note that these are all of the servers that we see resolved from the shared SSL domain that Yahoo uses (p9.secure.hostingprod.com).
The name 'mysql' is the given database name that Yahoo documentation about MySQL says must be used to connect to the Yahoo MySQL servers.
For information on how to reproduce our tests, read on...
Shared SSL sites on Yahoo automatically transfer you from the root domain, for example rlpn.net, to a special Yahoo domain like p9.secure.hostingprod.com. We observed that p9.secure.hostingprod.com resolves to a number of different IP addresses making us assume there are multiple computers behind that domain chosen through a method such as Round Robin DNS.
We observed that sometimes pages that we hosted using the Yahoo shared SSL system would return an error rather than the proper page. The error was that the user would be taken to a Yahoo! GeoCities error page indicating a file wasn't found. Other times it would work fine. The web page below will demonstrate this if Yahoo chooses the wrong server to use:
navigate to this URL: http://rlpn.net/ssl/test.html
Note that our test page has no database functionality. It is purely a static html page containing a header, body, and "TEST page" on it.
Looking further, we observed that when the domain p9.secure.hostingprod.com returns either of the following IP addresses, we would see the error page:
In order to demonstrate this failure on Windows, you need to set your "hosts" file to specifically use that IP address whenever the domain p9.secure.hostingprod.com is accessed. On Windows, the hosts file is located here:
If you open the file in a text editor, it is a series of lines containing an IP address and a domain name. If you add the following line to the bottom of your hosts file and save it:
Then, whenever your web browser tires to get to p9.secure.hostingprod.com, it will force it to use the IP 220.127.116.11. Otherwise it would choose one of the ones provided by Yahoo at random that may work, such as 18.104.22.168 or 22.214.171.124.
After you make that change to the hosts file and save the hosts file, click on the link at the top of this page again. You should get an SSL certificate error and be taken to a page that says the page doesn't exist. If you remove the hosts file line, then the page will work.
Here is how we found these IP addresses. The web site DNSWatch.info is very helpful (http://www.dnswatch.info). Go to that site and put in the p9.secure.hostingprod.com domain name in the upper left box named "DNS Lookup / IP Lookup" and push the Resolve button. It answers that p9.secure.hostingprod.com is a CNAME (a type of DNS record) for the domain star.p9.geo.premiumservices.yahoo.com.
Next put that domain in, star.p9.geo.premiumservices.yahoo.com, and you get told this domain is a CNAME for the following domain star.premium9.geo.fy2.b.yahoo.com.
Do the same thing again for this domain, star.premium9.geo.fy2.b.yahoo.com, and finally we get a list of DNS "A" records. Refresh the page and see how the IP addresses change with each refresh. Each time you see that list of 8 IP addresses, those are the ones that your web browser sees from which is chooses one. If the one it chooses is 126.96.36.199 or 188.8.131.52, its broken.
Please help us.