2

I am having trouble with a DNS Configuration. I've had a CentOS 6 server serving five sites up for a few years. I need to upgrade to CentOS 7 for PCI compliance. I bought a new box and left the old one online as I built the new one. In order to not have to switch the name server settings at cut-over time I thought I could just build the new box with the same name as the old one using a different IP on the old one during the build. Then, once built, I would turn off the old box, switch the IP on the new box to the original IP, and all would be well. I used ISPConfig (a control panel) on both boxes.

But when I switched I got "server not found" from Firefox and "ping request could not find host" from ping. (Firefox and ping are run from another computer.) If I put the IP address in the Firefox URL, then the first of the five sites (alphabetically) comes up OK in Firefox, but the site does not come up by its name. I searched carefully to assure that every letter and dot is the same in the ISPConfig's DNS setup on both boxes. Oddly last night two of the five sites connected both through Firefox and ping after I copied the pri* and named.local files to a new location. (ISPConfig put them in /var/named/chroot/var/named/ on the new box, I copied them to /var/named, as is the case on the old box.) Since the other three sites did not come up, I switched back to the old box. ("Switch" here means taking the ethernet cable out of one box and plugging the ethernet cable in on the other.) This morning none of the five come up on Firefox when I switched to the new box and ping can't find them. I was thinking that since the IP was the same, and the box name was the same, the DNS connection would just switch over. But apparently there is something else going on. Does this have something to do with the MAC address? Do I just need to wait for a ttl to expire? (My ttl is 3600 and I waited over an hour this morning and it still didn't work.) Is there some other issue? And how would I debug this?

Delbert Larson
  • 31
  • 2
  • You **must** to give more details: at least real domain-name(s) of you host in order to help to debug it remotely. No, MAC doesn't play here, zone misconfiguration **OR** lame resolver (not your server) may play game, TTL - only for resolvers, which a) cached old RR some time ago b) ignore TTL expiration – Lazy Badger Oct 07 '15 at 14:24
  • Thanks, Lazy Badger for looking at this. The main box site is www.larsonism.com. I've presently got it connected to the original box, so it is presently working well. Let me know any more details needed and I will try to supply them. – Delbert Larson Oct 07 '15 at 14:28
  • Well, I can get full domain `larsonism.com` from any of your NS (it's legal, but not good). I wanted to see all `IN A` RR in it. Now I can't see anything bad, except *strange* serial (2014012304 for 2015) and loner than 1H TTL – Lazy Badger Oct 07 '15 at 15:00
  • Thanks again, Lazy Badger. That serial looks like the date I first got the older box hooked up with DNS. I just used ISPConfig and once everything was working I didn't ever update anything. It has run well, serving websites and email, for close to two years. Do I need to be running a process that updates the serial? (I've been studying, but remain new to networking.) Perhaps an updated serial on the new box would help, where would I edit that? Perhaps I need to lower the ttl on the old box before the switch? – Delbert Larson Oct 07 '15 at 15:13
  • One last thanks to Lazy Badger. I was confused as to whether the MAC address might play a role, and correcting that confusion helped refocus me on a path that led to a solution. – Delbert Larson Oct 08 '15 at 17:48

1 Answers1

1

The problem described above was caused by /etc/named.conf.local being an empty file on the new box. /etc/named.conf was identical on both the new and old boxes and each contained an instruction to include named.conf.local. On the old, working box, named.conf.local contained several stanzas similar to:

zone "larsonism.com" {
    type master;
    allow-transfer {none;};
    file "/var/named/pri.larsonism.com";
}

Once I copied the named.conf.local file from the old box to the new one, and then rebooted named (through "systemctl restart named") DNS worked perfectly for me: sites are up; email is working.

When using a control panel to set things up, there are different possibilities for error. Configuring of named might not be done according to some specific direction (for example, a directory path might be wrong), or there may be a setting in the control panel that is not correct, or it is also possible that the control panel itself has an error. A good path to do debug is to check your named.conf file, as well as any files it includes. Either within named.conf or within an included file there should be a line that indicates which pri files to load. Then check the syntax of those pri files. If there is still trouble, a fresh install of bind can also be tried.

In the end, the idea of using an identical box name and identical IP address on the upgraded box does work well. With DNS working, one can put the ethernet cable in on one box or the other and either can work as the server without contacting the domain registrar. The ethernet cable can then be taken out of the old box, a backup of the database and mail data can be done next, then an import of the database and mail data applied to the new box, and finally the ethernet cable can be put into the new box to switch the sites over to the upgraded server. This technique eliminates concern about having two boxes online at the same time, which could lead to some data going in to one, and some data going in to the other, while DNS propagates the fact that the server has switched. It also eliminates the need to get the domain registrar involved.

Delbert Larson
  • 31
  • 2