Monday, February 22, 2021

CPAN Mirror List Changes

We sent the below email to all the CPAN Mirror contacts yesterday:

An Important Update about the CPAN Mirror List

You're receiving this email because you're listed as a contact point for a CPAN mirror. Thank you! The mirror network has been a huge part of CPAN’s success. Soon, the way clients use CPAN mirrors is changing. You don't need to do anything, but after reading this email, you might want to.

Some background: For a long time, when the CPAN client (aka started up for the first time, it prompted users to configure it by picking a nearby mirror. The assumption was that it would be best to find a geographically nearby mirror. This necessitated the keeping of a central list of mirrors which the client could retrieve and offer as a menu. That's the CPAN Mirror List, maintained by the Perl NOC.

In 2011, the client changed behavior to configure itself automatically, meaning that most new users never saw this list. Furthermore, was pointed at a global CDN, meaning that traffic could be routed efficiently without client configuration. The CDN also meant that users wouldn’t need to worry about out of date or down mirrors..

After ten years of CPAN defaulting to the CDN, we are going to stop maintaining the mirror list. It will still be present, but have only one entry: This means that anyone attempting to pick a mirror from the list will only find this one option. The mirror status site will be replaced with a static page. As has always been the case, the CPAN client can be configured manually to use any mirror, whether or not it's on the mirror list.

Users who have configured their CPAN clients to point at your mirror will continue to hit it. No new users are likely to find it -- but after all, they were already very unlikely to do so! That said, you do not need to shut down your mirror. If you use your mirror, you can keep mirroring. We’re not removing or changing the ability to mirror. If you know you have users of your mirror who would like to keep using it, please feel free to keep mirroring it.

On the other hand, if you would like to stop mirroring CPAN, feel free to do that, too. Clients have always had to deal with their mirror going away, and they will be fine if you choose to shut down your mirror.

We have not set a firm date for the emptying of the mirror list, but we expect it to happen no earlier than mid-February and no later than June 2021.

If you have any questions, please email us at <cpan at>.

Concerned this is fake? A copy of this email can be found at

Finally: Thanks! The mirror network helped make CPAN practical for many years, and CPAN helped make Perl a success. You were part of this endeavor, and we appreciate it! 

-- The CPAN Mirror List Admins


Wednesday, January 27, 2021 hijacked

 The domain was hijacked this morning, and is currently pointing to a parking site.  Work is ongoing to attempt to recover it.

 We encourage you NOT to visit the domain, as there are some signals that it may be related to sites that have distributed malware in the past.

  Some users may have it selected as their CPAN mirror.  To update your mirror in use o conf urllist

# perl -MCPAN -eshell
cpan shell -- CPAN exploration and modules installation (v2.20)
Enter 'h' for help.

cpan[1]> o conf urllist
Please use 'o conf commit' to make the config permanent!
cpan[2]> o conf commit
commit: wrote '/root/.cpan/CPAN/'

Update 2021-01-28:

Work is underway to attempt to recover the domain.  If you're looking for the content, you can visit

Update 2021-01-30:

Network Solutions is working with Tom Christiansen, the rightful registrant, on the recovery of the domain. There is no estimated timeline for its recovery but the process is underway. The site is temporarily at Anyone using a host for their CPAN mirror should use instead. Please direct all inquiries to brian d foy (

Update 2021-02-01:

We have contacted Network Solutions and verified that is in the right hands and secured.

Update 2021-02-02:

Verisign has restored the proper nameservers (* for You should see addresses in 151.101/16. If you still see something different, please leave a comment in GitHub issue #313. Some providers or services may have sinkholed or blocked; if you are still seeing that, please let us know.

Update 2021-02-05:
Network Solutions has recovered the domain and your whois output should reflect that. If you notice that your firewalls or other security layers still mark as compromised, please leave us a note at