[SITE] Server move to fix AOTY

BTW, not everyone may be able to access the site yet.  DNS updates need to propagate through the web.  While for some, this occurs relatively soon, for others it may take up to 48 hours to propagate.

-Allen

I updated the AOTY link in the main NWKA site menu to point to http://aoty.northwestkayakanglers.com/index

BTW, not everyone may be able to access the site yet.  DNS updates need to propagate through the web.  While for some, this occurs relatively soon, for others it may take up to 48 hours to propagate.

-Allen

The time-to-live on the DNS record is only 4 hours, so it would take some seriously misconfigured DNS servers to still be hanging onto the old cached IP address this long. 

BTW, not everyone may be able to access the site yet.  DNS updates need to propagate through the web.  While for some, this occurs relatively soon, for others it may take up to 48 hours to propagate.

-Allen

The time-to-live on the DNS record is only 4 hours, so it would take some seriously misconfigured DNS servers to still be hanging onto the old cached IP address this long. 

Actually, it is set to 1 hour.  But I've seen time and time again where this didn't happen.

But, I also have doubts about it taking this long, and I have sent the data center a note stating as much.  They double checked the settings and assured me that everything is ok.  That being said, every other site on the server is back up (at least resolves to the correct server) except NCKA, so I'm back to wondering ...

-Allen

Well, the NCKA DNS is propagating, albeit slowly.  Not sure why, as all the other sites seem to have propagated by now.

https://www.whatsmydns.net/#A/norcalkayakanglers.com

-Allen

Regardless of what you requested, TTL is currently 4 hours. I've run DNS lookups from a few different locations today and they all showed me 4 hours for TTL on the A record and MX records for northwestkayakanglers.com, with 24 hour TTLs on the NS and SOA records.

Here's one web-based tool that I used for a simple lookup.
https://mxtoolbox.com/SuperTool.aspx?action=a%3ano&run=toolpage#

Here's another that a DIG directed straight at the authoritative name servers for the domain.
http://www.kloth.net/services/dig.php

Here's the result:

; <<>> DiG 9 <<>> @ns2-lg.kayakfishingfrontiers.com northwestkayakanglers.com ANY
 ; (1 server found)
 ;; global options: +cmd
 ;; Got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26009
 ;; flags: qr aa rd; QUERY: 1, ANSWER: 9, AUTHORITY: 0, ADDITIONAL: 0
 ;; WARNING: recursion requested but not available
 
 ;; QUESTION SECTION:
 ;northwestkayakanglers.com.   IN   ANY
 
 ;; ANSWER SECTION:
 northwestkayakanglers.com. 14400 IN   MX   50 aspmx3.googlemail.com.
 northwestkayakanglers.com. 14400 IN   MX   10 aspmx.l.google.com.
 northwestkayakanglers.com. 14400 IN   MX   20 alt1.aspmx.l.google.com.
 northwestkayakanglers.com. 14400 IN   MX   30 alt2.aspmx.l.google.com.
 northwestkayakanglers.com. 14400 IN   MX   40 aspmx2.googlemail.com.
 northwestkayakanglers.com. 86400 IN   SOA   ns1.kayakfishingfrontiers.com. monitor.ace-host.net. 2017102302 3600 7200 1209600 86400
 northwestkayakanglers.com. 86400 IN   NS   ns2.kayakfishingfrontiers.com.
 northwestkayakanglers.com. 86400 IN   NS   ns1.kayakfishingfrontiers.com.
 northwestkayakanglers.com. 14400 IN   A   173.230.249.151
 
 ;; Query time: 109 msec
 ;; SERVER: 173.230.249.171#53(173.230.249.171)
 ;; WHEN: Tue Oct 24 00:22:23 2017
 ;; MSG SIZE  rcvd: 303

Maybe you want to remove that post.  It's a hacker's dream...

It doesn’t like my photos. Does anyone know what I need to do different? I tried submitting them the same way I did before.


Sent from my iPhone using Tapatalk

Regardless of what you requested, TTL is currently 4 hours. I've run DNS lookups from a few different locations today and they all showed me 4 hours for TTL on the A record and MX records for northwestkayakanglers.com, with 24 hour TTLs on the NS and SOA records.

Here's one web-based tool that I used for a simple lookup.
https://mxtoolbox.com/SuperTool.aspx?action=a%3ano&run=toolpage#

Here's another that a DIG directed straight at the authoritative name servers for the domain.
http://www.kloth.net/services/dig.php

Here's the result:

; <<>> DiG 9 <<>> @ns2-lg.kayakfishingfrontiers.com northwestkayakanglers.com ANY
 ; (1 server found)
 ;; global options: +cmd
 ;; Got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26009
 ;; flags: qr aa rd; QUERY: 1, ANSWER: 9, AUTHORITY: 0, ADDITIONAL: 0
 ;; WARNING: recursion requested but not available
 
 ;; QUESTION SECTION:
 ;northwestkayakanglers.com.   IN   ANY
 
 ;; ANSWER SECTION:
 northwestkayakanglers.com. 14400 IN   MX   50 aspmx3.googlemail.com.
 northwestkayakanglers.com. 14400 IN   MX   10 aspmx.l.google.com.
 northwestkayakanglers.com. 14400 IN   MX   20 alt1.aspmx.l.google.com.
 northwestkayakanglers.com. 14400 IN   MX   30 alt2.aspmx.l.google.com.
 northwestkayakanglers.com. 14400 IN   MX   40 aspmx2.googlemail.com.
 northwestkayakanglers.com. 86400 IN   SOA   ns1.kayakfishingfrontiers.com. monitor.ace-host.net. 2017102302 3600 7200 1209600 86400
 northwestkayakanglers.com. 86400 IN   NS   ns2.kayakfishingfrontiers.com.
 northwestkayakanglers.com. 86400 IN   NS   ns1.kayakfishingfrontiers.com.
 northwestkayakanglers.com. 14400 IN   A   173.230.249.151
 
 ;; Query time: 109 msec
 ;; SERVER: 173.230.249.171#53(173.230.249.171)
 ;; WHEN: Tue Oct 24 00:22:23 2017
 ;; MSG SIZE  rcvd: 303

I get that, but once I update things on my end, the rest is sort of out of my control, isn't it?  If not, please educate me, because NCKA is taking a super long time.

-Allen

Maybe you want to remove that post.  It's a hacker's dream...

That info is freely available to anyone at anytime. There's nothing private about it, and anyone with experience with online services and websites knows how to get the info easily. You can go to that site I linked or lots of others and see the same info yourself. It has to be public or it wouldn't be good for anything. 

The public data there is part of how the internet works, and is how a web browser turns a URL like northwestkayakanglers.com into an IP address so that the computer can know what destination to request a web page from. The "SOA" record is the start of authority that knows about the domain (northwestkayakanglers.com). The "NS" records are the name servers  that store the different types of DNS records for the domain. The "A" record is the host record that actually contains the IP address to go with the northwestkayakanglers.com hostname. The "MX" record is the mail exchange record that mail server around the world send mail to for email addresses that end with @northwestkayakanglers.com. The number (14400 or 86400) is the time to live (TTL) for the record in seconds, which is how long a DNS server other than the authoritative DNS server or a client is supposed to cache, or hold onto the results, from a DNS query for the domain. For that length of time, if someone tries to access that same URL again from the same client machine, the saved IP address from the previous DNS query is used as the IP address to contact. After that time expires, the next attempt to access the URL is supposed to cause a new query to the authoritative DNS servers to get a new IP address for the URL.

In this case, from the time that the IP address got changed it should have taken a maximum of whatever the TTL is for the "A" record before anyone trying to access the site got the new IP address instead of the old one. There are some types of clients and even some DNS servers around the world that are configured to cache results for a specific minimum amount of time, regardless of what the TTL specified by the authoritative DNS server said it should be. Those are the ones causing the delays in people being able to access the site on the new IP address after the migration.

I get that, but once I update things on my end, the rest is sort of out of my control, isn't it?  If not, please educate me, because NCKA is taking a super long time.

-Allen

Was the TTL For the DNS hostname (A) record before also 4 hours, or was it much longer? If it was much longer, the records could have been cached from just before you changed it with whatever TTL they had specified at the time. If so, there's not much else to do other than wait. It's possible to reach out to major ISPs that have cached DNS records and have them flush their DNS cache. I have had to do it a couple times over the years in unusual circumstances with services for work (online service at Microsoft), but it's a royal pain to do and not worth it in almost all cases. If the TTL was only 4 hours before, then there's not much else to do but wait yet again unless you can find one of your hosting service's DNS servers not serving up the new IP address. I guess you could also push your DNS hosting provider to make sure that the TTL for the DNS record gets changed from 4 hours to 1 hour, but we're far enough past even the 4-hour TTL that the only remaining issues are going to be with systems that are misbehaving and not following the TTL specified by the DNS servers.

I'll check again when I get home from work (90 minutes from now or so) to see if it's still getting delayed. If it is, I'll check a little deeper into the DNS server configurations to make sure there's nothing wonky.

I get that, but once I update things on my end, the rest is sort of out of my control, isn't it?  If not, please educate me, because NCKA is taking a super long time.

-Allen

Was the TTL For the DNS hostname (A) record before also 4 hours, or was it much longer? If it was much longer, the records could have been cached from just before you changed it with whatever TTL they had specified at the time. If so, there's not much else to do other than wait. It's possible to reach out to major ISPs that have cached DNS records and have them flush their DNS cache. I have had to do it a couple times over the years in unusual circumstances with services for work (online service at Microsoft), but it's a royal pain to do and not worth it in almost all cases. If the TTL was only 4 hours before, then there's not much else to do but wait yet again unless you can find one of your hosting service's DNS servers not serving up the new IP address. I guess you could also push your DNS hosting provider to make sure that the TTL for the DNS record gets changed from 4 hours to 1 hour, but we're far enough past even the 4-hour TTL that the only remaining issues are going to be with systems that are misbehaving and not following the TTL specified by the DNS servers.

I'll check again when I get home from work (90 minutes from now or so) to see if it's still getting delayed. If it is, I'll check a little deeper into the DNS server configurations to make sure there's nothing wonky.

All the sites use the same DNS servers and reference the same records file at kayakfishingfrontiers.com.  Therefore, it was all switched over at the same time.  All the other sites I run have come back up (for the most part, still a lingering issue with AOTY(s), but not DNS related), but for whatever reason, NCKA is taking it's own sweet time.  The data center folks tell me to wait up to 48 hours.

-Allen

BTW JasonM, thanks so much for your insights and help.  I really appreciate it.  This is not something I do every day, if you can't tell.   

-Allen

FYI, NCKA just started working for me.

-Allen

It looks like the new IP address is propagating across the world, but there's still a misconfig with the DNS domain for northwestkayakanglers.com in the DNS zones on the primary and secondary servers themselves. The NS servers are configured incorrectly.

You can use this site to do the queries: http://www.kloth.net/services/dig.php

If you query domain "northwestkayakanglers.com" with server "localhost" or any of the global DNS .com root servers and query "any" you get these results, in addition to getting the "A" host record with the 173.230.249.151 address:

• SOA ns1-lg.kayakfishingfrontiers.com
• NS ns2-lg.kayakfishingfrontiers.com
• NS ns1-lg.kayakfishingfrontiers.com

Notice that the above data says that ns1-lg.kayakfishingfrontiers.com is the start of authority and ns1-lg and ns21-lg are the name servers. That means that if you query either of those server, you should see the same SOA and NS records. Unfortunately, you don't.

If you repeat the query above and ask the ns1-lg server directly by having domain"northwestkayakanglers.com" with server "ns1-lg.kayakfishingfrontiers.com" and query "any" to see what the ns1-lg server has for that DNS zone, you get this:

• SOA ns1.kayakfishingfrontiers.com
• NS ns2.kayakfishingfrontiers.com
• NS ns1.kayakfishingfrontiers.com

Notice that they are changed. That means that the DNS servers that are supposed to be the DNS servers for that domain think that other servers are the DNS servers for that domain. If the ns1 and ns2 servers gave the same replies to DNS queries, it wouldn't have any negative results. The problem is that the servers at ns1.kayakfishingfrontiers.com (173.230.249.230) and ns2.kayakfishingfrontiers.com (173.230.249.231) are refusing DNS queries and therefore the queries fail. The SOA and NS entries in the zone files for the northwestkayakanglers.com domain on the ns1-lg.kayakfishingfrontiers.com (68.171.217.196) and ns2-lg.kayakfishingfrontiers.com (68.171.217.197) servers need to be corrected. Until then, some queries may work but results will be inconsistent.