Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 3 years ago.
Improve this question
before I begin kindly note that I am a newbie and still learning.
Yesterday 10 hours from now, I had to move all my hosted websites to a new server(to be more specific - from one droplet to a new droplet). So, since the websites were moved to a new server, meant that their ip addresses would change too. So, I updated the dns configuration for all the websites to point to the new ip address now. But I was unaware that the previous dns configuration had set the ttl to 86400(1 day). I learned about this concept after searching on google why my websites would still resolve to the old server.
So, that basically meant that the old dns config is cached for 1 day and I have to wait that long to see the change in the domain name resolution to reflect the websites from the new server.
So, i tried to perform nslookup and dig commands on the domains to just check the remaining ttl. But, this is where I am upset right now.
The nslookup command with -debug parameter gave the following result:
Please Note:- I have replaced my website's domain name with (mywebsite.com) and my new server's ip address with (new.server.ip.address) from the actual nslookup result
nslookup -debug mywebsite.com new.server.ip.address
------------
Got answer:
HEADER:
opcode = QUERY, id = 1, rcode = REFUSED
header flags: response, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
address.ip.server.new.in-addr.arpa, type = PTR, class = IN
------------
Server: UnKnown
Address: new.server.ip.address
------------
Got answer:
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: response, auth. answer, want recursion
questions = 1, answers = 1, authority records = 2, additional = 2
QUESTIONS:
mywebsite.com, type = A, class = IN
ANSWERS:
-> mywebsite.com
internet address = new.server.ip.address
ttl = 14400 (4 hours)
AUTHORITY RECORDS:
-> mywebsite.com
nameserver = ns2.centos-webpanel.com
ttl = 86400 (1 day)
-> mywebsite.com
nameserver = ns1.centos-webpanel.com
ttl = 86400 (1 day)
ADDITIONAL RECORDS:
-> ns1.centos-webpanel.com
internet address = 127.0.0.1
ttl = 14400 (4 hours)
-> ns2.centos-webpanel.com
internet address = 127.0.0.1
ttl = 14400 (4 hours)
------------
------------
Got answer:
HEADER:
opcode = QUERY, id = 3, rcode = NOERROR
header flags: response, auth. answer, want recursion
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
mywebsite.com, type = AAAA, class = IN
AUTHORITY RECORDS:
-> mywebsite.com
ttl = 86400 (1 day)
primary name server = ns1.centos-webpanel.com
responsible mail addr = myemail#gmail.com
serial = 2013071601
refresh = 86400 (1 day)
retry = 7200 (2 hours)
expire = 3600000 (41 days 16 hours)
default TTL = 86400 (1 day)
------------
Name: mywebsite.com
Address: new.server.ip.address
Now, here's what upset me. As in the above result, the ttl (even after 10 hours since changing the dns configuration) shows 86400. I was expecting it to show the remaining ttl but the ttl is constant at 86400. Does that mean that the dns will never update for my websites?? The ttl just does not decrease.
So, to verify even further I tried using linux's dig command and here's the result I got.
Please Note:- I have replaced my website's domain name with (mywebsite.com) and my old server's ip address with (old.server.ip.address) from the actual dig result
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.5 <<>> mywebsite.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15423
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;mywebsite.com. IN A
;; ANSWER SECTION:
mywebsite.com. 83221 IN A old.server.ip.address
;; Query time: 0 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Mon Feb 5 01:55:05 2018
;; MSG SIZE rcvd: 44
Now here, the dig command resolves the domain to my old server's ip address and it shows the ttl as 83221 !!! Like I said, its more than 10 hours that I updated the dns configuration to point to my new server's ip address. But, even after 10 hours passing, the ttl says 83221 !!!!
Running the dig command again does reflect a reduction in the ttl here though, unlike the nslookup command.
So, what do you guys think is the problem that has been going on here?? Or I am misunderstanding something?? If so, please correct me. Any kind of help will seriously assist a lot. It would really help me if someone can explain what is going on here and also what's wrong or if something is wrong with my new server.
And just if it helps, I have kept the websites' files on both - the old server as well as the new server.
Thanks.
Edit:- (Solved)
So here's what fixed all the issues I was facing. I use centos web panel on my server which comes bundled with freedns manager. So, a bug in freedns kept my nameservers and domains' dns from updating. So, I went for cloudflare dns and that fixed all the issues.
Your domain is not correctly configured, please use online diagnostics tools such as dnsviz.net, see the report: http://dnsviz.net/d/mkinfra.in/dnssec/
You are in a lame delegation situation.
If we query .IN authoritative nameservers for your domain, they reply:
mkinfra.in. 86400 IN NS ns1.centos-webpanel.com.
mkinfra.in. 86400 IN NS ns2.centos-webpanel.com.
mkinfra.in. 86400 IN NS ns3.centos-webpanel.com.
mkinfra.in. 86400 IN NS ns4.centos-webpanel.com.
mkinfra.in. 86400 IN NS ns5.centos-webpanel.com.
If we query any of these 5 nameservers for your domain, they reply:
mkinfra.in. 86400 IN NS ns1.centos-webpanel.com.
mkinfra.in. 86400 IN NS ns2.centos-webpanel.com.
Which is not the same set of records. You will first need to resolve this discrepancy.
For your website they all reply the same:
www.mkinfra.in. 86400 IN CNAME mkinfra.in.
mkinfra.in. 86400 IN A 139.59.63.210
So they all reply will your old IP and not the new one. Your problem has nothing to do with TTLs: the authoritative nameservers for your domain are still not delivering the new IP address you wish, so you have to configure them properly. If you do it yourself, please remember to update the serial of the zone for any change.
The serial is in fact 2018012401 which follows the pattern YYYYMMDDXX so we can infer that the zone was changed on January 24th but not since then (or was changed but serial not updated so the new content is not taken into account at all).
And to reply to your other question: if you query an authoritative nameserver you will always get the same TTL, which is per design. It is only if you query a resolving and caching nameserver that you will see the TTL decreasing from one query to another, because the case is slowly forgetting about the data it resolved in the past.
Never use nslookup but always dig but always specify the command you use when you ask for people to check what you are doing (it is very important to specify the nameserver you query with the # parameter of dig since the results will be vastly different from an authoritative or a recursive nameserver).
Puzzling problem sending emails from one server to another.
Sending from Server-01 pr#example.camp TO Server-02 eman#example.edu.au
Server 02 bounces with sender verify fail for <pr#example.camp>: Unrouteable address
On Server-02 running dig MX example.camp resolves fine with:
;; ANSWER SECTION:
mus.camp. 2869 IN MX 10 server01-aus.emanwebdesign.com.
mus.camp. 2869 IN MX 0 server01-aus.emanwebdesign.com.
;; AUTHORITY SECTION:
mus.camp. 2869 IN NS ns10.domaincontrol.com.
mus.camp. 2869 IN NS ns09.domaincontrol.com.
Also from Server-02 I can telnet into port 25 of mus.camp and verify the existence of the email address (pr#...).
Any clues as to why Exim's sender verify is failing?
Edit
exim -bvs pr#example.camp returns
pr#example.camp failed to verify: Unrouteable address
Worked out the problem was that the mus.camp domain was originally hosted on Server-02 but then moved to Server-01. Server-02 however was still trying to lookup the email address within itself instead of going to Server-01.
To solve the problem I deleted the mail and dns records from Server-02. (using VestaCP).
I'm trying to set up DNS for an email service that is hosted by a third party, and my DNS is hosted by digitalocean.
The propagation as checked by https://www.whatsmydns.net is returning Error: Token mismatch for all record types for the_domain.com
This is the domain file, what should I explore to fix it?
$ORIGIN the_domain.com.
$TTL 1800
the_domain.com. IN SOA ns1.digitalocean.com. hostmaster.the_domain.com. 1477796005 10800 3600 604800 1800
the_domain.com. 1800 IN NS ns1.digitalocean.com.
the_domain.com. 1800 IN NS ns2.digitalocean.com.
the_domain.com. 1800 IN NS ns3.digitalocean.com.
the_domain.com. 1800 IN A 104.131.137.128
the_domain.com. 1800 IN MX 100 us2.mx3.mailhostbox.com.
the_domain.com. 1800 IN MX 100 us2.mx1.mailhostbox.com.
the_domain.com. 1800 IN MX 100 us2.mx2.mailhostbox.com.
pop.the_domain.com. 1800 IN CNAME us2.pop.mailhostbox.com.
smtp.the_domain.com. 1800 IN CNAME us2.smtp.mailhostbox.com.
dav.the_domain.com. 1800 IN CNAME us2.dav.mailhostbox.com.
webmail.the_domain.com. 1800 IN CNAME us3.webmail.mailhostbox.com.
imap.the_domain.com. 1800 IN CNAME us2.imap.mailhostbox.com.
the_domain.com.the_domain.com. 1800 IN TXT "v=spf1 redirect=_spf.mailhostbox.com"
20150311._domainkey.the_domain.com.the_domain.com. 1800 IN TXT "v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCDl+v04ZOpA1ZvAhP1lqugRETH4pSEvoQVyt9dPZ8IlhUNKGROC/tJqcbC+rSv/dbC4tCUA1tcoLL8AzuS41Gmp4ZwzHSmAa5i/iHCFzubPFWxPXUmWGYZayyRdzIdUTD3IEQaClNEAhDWcTm1kSUA1vr7VJTyKzfbnDWs+10WwwIDAQAB"
This is not an error with your DNS records, it is due to your browser visit being so long that the token the site sent to you initially times out, if you refresh the page that should fix the issue and you can continue to use it as before.
So just be wary that if you leave this website in an open tab for a while, you will need to refresh the page, this fixed the problem for me when I had this appear as I due to leaving it open for a few hours.
This problem also mentioned in https://serverfault.com/a/769330/396271
I am currently trying to configure HAProxy to route between two servers using a virtual IP.
For testing I created two instances, 172.16.4.130 and 172.16.4.131. I am then creating a virtual IP address of 172.16.4.99, using keepalived which will be bridging the two servers. Both of these servers are running apache2, which is hosting a simple index.html landing page for testing. All of the above is running.
When I go to 172.16.4.99, the page does not load, nor am I redirected to either one of the index.html pages. I can however, ping this IP address. I feel like this is a simple configuration issue, and since I am not very experienced with HAproxy, I would like some assistance. Below are my haproxy.cfg files, as well as keepalived.
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
#log loghost local0 info
maxconn 4096
#debug
#quiet
user haproxy
group haproxy
defaults
log global
mode http
option httplog
option dontlognull
retries 3
option redispatch
maxconn 2000
contimeout 5000
clitimeout 50000
srvtimeout 50000
listen webfarm 172.16.4.99:80
mode http
stats enable
stats auth user:password
balance roundrobin
cookie JSESSIONID prefix
option httpclose
option forwardfor
option httpchk HEAD /check.txt HTTP/1.0
server webA 172.16.4.130:8080 cookie A check
server webB 172.16.4.131:8080 cookie B check
keepalived.conf on 172.16.4.130
vrrp_script chk_haproxy { # Requires keepalived-1.1.13
script "killall -0 haproxy" # cheaper than pidof
interval 2 # check every 2 seconds
weight 2 # add 2 points of prio if OK
}
vrrp_instance VI_1 {
interface eth0
state MASTER
virtual_router_id 51
priority 101 # 101 on master, 100 on backup
virtual_ipaddress {
172.16.4.99
}
track_script {
chk_haproxy
}
}
keepalived.conf on 172.16.4.131:
vrrp_script chk_haproxy { # Requires keepalived-1.1.13
script "killall -0 haproxy" # cheaper than pidof
interval 2 # check every 2 seconds
weight 2 # add 2 points of prio if OK
}
vrrp_instance VI_1 {
interface eth0
state MASTER
virtual_router_id 51
priority 100 # 101 on master, 100 on backup
virtual_ipaddress {
172.16.4.99
}
track_script {
chk_haproxy
}
}
I have made similar structure to balancing transactions for the MYSQL. I can reach the MYSQL server behind virtual IP. Maybe my config helps you.
https://serverfault.com/questions/857241/haproxy-dont-balancing-requests-between-nodes-of-galera-cluster
It would be greate if it helps you.
As i am trying to open my site(posting.ly) but its not working rather it shows blank page for a while than error of "could not load posting.ly"
I have updated the namespace and tested it,updated A recoord,but cannot figure out the problem.I have already worked with DNS and i know this should work plus its more than 24 hrs so this should work or show me a proper error.
Hosting is rackspace and i have added A record of the ip address.
This appears to be fine now. No www or wildcard, but main domain resolves.
$ checksoa posting.ly
Serial # RTT(ms) Nameservers (name, IP, SOA mname field) for posting.ly
1403808455 50 dns1.stabletransit.com 69.20.95.4 SOA: ns.rackspace.com
1403808455 80 dns2.stabletransit.com 65.61.188.4 SOA: ns.rackspace.com
$ dig +noall +answer +authority posting.ly
posting.ly. 300 IN A 162.13.143.172
$ dig +noall +answer +authority www.posting.ly
posting.ly. 300 IN SOA ns.rackspace.com. azm.dar.gmail.com. 1403808455 21600 3600 1814400 300