Could I get the domain names of where channels opens egress to use in my firewall appliance?
To be clear, the firewall logs a bunch IP address for 80 and 443 and ones I checked go to AWS but I can't put every possible AWS IP address in the firewall and instead prefer to enter a domain name.
Hope my request makes sense. For example, if I allowed "registry.npmjs.org" then it would allow all of the IP addresses from dig registry.npmjs.org
I understand that's some but dig community.getchannels.com only turns up 2 IP addresses. What about all of these IP addresses that channels DVR uses for egress on 80 and 443?
104.24.112.77:443
104.24.113.77:443
107.22.76.52:443
107.23.224.178:443
130.211.44.41:443
151.101.129.194:443
174.129.168.154:443
18.208.17.97:443
18.209.132.82:443
18.209.64.211:443
18.211.166.45:443
18.213.237.230:443
184.169.132.232:80
184.26.116.62:443
184.27.201.137:443
184.27.201.139:443
184.27.201.209:443
184.28.82.162:443
184.28.82.176:443
184.72.34.157:80
184.72.36.142:80
192.229.210.181:443
199.27.170.197:443
204.236.132.191:80
23.10.123.53:443
23.14.187.53:443
23.200.236.216:443
23.200.236.219:443
23.203.164.28:443
3.132.25.147:443
3.212.219.206:443
3.222.1.163:443
3.227.62.90:443
34.192.104.74:443
34.197.38.85:443
34.228.67.30:443
34.231.105.124:443
34.233.240.55:443
34.236.99.107:443
35.190.0.137:443
50.18.119.165:80
50.18.45.22:80
52.1.107.198:443
52.216.1.32:443
52.216.10.179:443
52.216.100.115:443
52.216.100.187:443
52.216.100.3:443
52.216.100.91:443
52.216.101.219:443
52.216.101.83:443
52.216.105.187:443
52.216.106.35:443
52.216.107.140:443
52.216.107.76:443
52.216.109.75:443
52.216.112.11:443
52.216.112.139:443
52.216.112.179:443
52.216.112.3:443
52.216.113.11:443
52.216.113.251:443
52.216.114.147:443
52.216.114.195:443
52.216.115.43:443
52.216.12.60:443
52.216.128.123:443
52.216.129.83:443
52.216.132.43:443
52.216.134.107:443
52.216.134.235:443
52.216.134.251:443
52.216.137.124:443
52.216.137.244:443
52.216.138.123:443
52.216.138.219:443
52.216.139.219:443
52.216.140.60:443
52.216.141.124:443
52.216.141.156:443
52.216.142.132:443
52.216.142.172:443
52.216.142.180:443
52.216.143.124:443
52.216.143.212:443
52.216.143.220:443
52.216.143.28:443
52.216.144.107:443
52.216.144.179:443
52.216.145.99:443
52.216.146.179:443
52.216.146.219:443
52.216.146.59:443
52.216.147.59:443
52.216.147.91:443
52.216.16.176:443
52.216.16.200:443
52.216.160.67:443
52.216.161.67:443
52.216.161.75:443
52.216.162.11:443
52.216.162.219:443
52.216.168.59:443
52.216.169.179:443
52.216.170.147:443
52.216.170.203:443
52.216.176.243:443
52.216.177.179:443
52.216.177.203:443
52.216.177.67:443
52.216.177.99:443
52.216.178.187:443
52.216.178.227:443
52.216.18.104:443
52.216.18.120:443
52.216.184.235:443
52.216.184.75:443
52.216.185.155:443
52.216.185.75:443
52.216.186.67:443
52.216.20.139:443
52.216.20.171:443
52.216.200.187:443
52.216.204.11:443
52.216.205.139:443
52.216.205.179:443
52.216.225.24:443
52.216.226.160:443
52.216.226.72:443
52.216.226.8:443
52.216.227.176:443
52.216.228.240:443
52.216.228.40:443
52.216.229.59:443
52.216.233.171:443
52.216.234.11:443
52.216.236.179:443
52.216.237.179:443
52.216.237.203:443
52.216.237.3:443
52.216.238.123:443
52.216.24.100:443
52.216.241.84:443
52.216.242.220:443
52.216.243.44:443
52.216.26.20:443
52.216.80.200:443
52.216.84.8:443
52.216.85.155:443
52.216.88.35:443
52.216.88.99:443
52.216.9.99:443
52.216.92.99:443
52.216.94.171:443
52.216.97.227:443
52.217.0.228:443
52.217.11.132:443
52.217.11.44:443
52.217.12.108:443
52.217.12.52:443
52.217.14.108:443
52.217.14.4:443
52.217.15.108:443
52.217.15.156:443
52.217.32.172:443
52.217.36.212:443
52.217.38.212:443
52.217.38.28:443
52.217.39.188:443
52.217.39.20:443
52.217.39.228:443
52.217.40.140:443
52.217.40.76:443
52.217.41.164:443
52.217.43.20:443
52.217.45.180:443
52.217.47.4:443
52.217.9.164:443
52.217.9.196:443
52.217.9.44:443
52.34.93.21:443
52.35.208.129:443
52.5.221.196:443
52.87.20.232:443
54.164.26.199:443
54.209.16.95:443
54.231.98.192:443
93.184.215.206:443
Looks like they spin up a lot of AWS nodes.
Those might be Gracenote's IPs. Those IP addresses may be the source of the guide data and associated images.
I said in the original post that many were AWS which is why I need the domain name. I gave the example of registry.npmjs.org which maps to these IP addresses:
104.16.19.35
104.16.20.35
104.16.21.35
104.16.22.35
104.16.23.35
104.16.24.35
104.16.25.35
104.16.26.35
104.16.27.35
104.16.16.35
104.16.17.35
104.16.18.35
So, I need a similar domain name for my firewall which will allow channels dvr out to any of the IP addresses associated with the domain name(s) of which community.getchannels.com is one of them but not all of them.
Ah, thanks. That may be part of what I'm looking for (never heard of gracenote but I'd have no reason to) but dig tvlistings.gracenote.com turns up a bunch of aws servers.
(Why can't I just get the domain names channels uses like I asked?)
Because they may not control all of the domain names. For guide data, they request it from a single API (that likely resolves to multiple IPs because of CDNs and load balancing), and then the guide responses include the URIs to use to get the images. Channels has no idea what IPs/domains that the guide data may respond with, as it's not under their control.
The hostname used for guide data is data.tmsapi.com
It looks like you're using TVE too, in which case there are dozens of other domains used by each of the networks and cable providers and we are not able to provide an exhaustive list of them all.
I understand about the TVE but I can easily get the domains from the few channels I watch from a log scan.
I want to tell everybody that I do not have any concerns about the channels egress and I trust their policies. But, I prefer to know where any of my apps are going on their own and allow it from the firewall.