New static IP

Discussion in 'HOWTO-Related Questions' started by mrbronz, Feb 24, 2023.

  1. mrbronz

    mrbronz Member HowtoForge Supporter

    Hi There,

    My old provider, "Plusnet" has now stopped its business side, and I have had to go with a new provider.
    Unfortunately, the block of IP addresses has also changed.
    I am running my own nameservers and have changed the corresponding DNS records as required.
    I have had my domain registrar alter my glue records to correspond to my new ns1 and ns2 IP addresses.
    I have redirected all incoming traffic into my router to the appropriate local server IP address.
    But still, when I do a dig command, I get the old IP address, and the site name is not resolving.
    However, I can reach my server using the public IP address.

    Have I missed something that I should change to get it all working again?

    Many thanks
     
  2. remkoh

    remkoh Active Member

    How long ago did you change your dns records and glue records?
    It can take up to 24 to 48 hours for these changes to take effect.
     
  3. mrbronz

    mrbronz Member HowtoForge Supporter

  4. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Try dig command with specifying what name server it gets the data from.
    Then check what name server the host where you use dig uses by default.
    My signature has link to DNS tutorial, it explains troubleshooting name service issues.
     
  5. Alex Mamatuik

    Alex Mamatuik Member

    Unfortunately, you didn't reveal, how exactly the dns records were changed.

    As i know, the main issue: - to delete completely previous binding of the pair: ns1 - <your-ip>, ns2 - <your-ip>, - on the registrar side.
    Which Registrar are you mentioning?

    Moreover, be sure of a proper configuration on side of the server for:
    (centos 7 example)
    1. /etc/resolv.conf
    2. /etc/hosts
    3. /etc/hostname {new_server.domain.name}

    4. cd /var/named
      (for descriptive reasons) dns1, dns2 - previous records; ns1, ns2 - new records.

      sed -i 's|dns1.domain.name|ns1.domain.name|' ./pri.*
      sed -i 's|dns2.domain.name|ns2.domain.name|' ./pri.*
      sed -i 's|old_server.domain.name|new_server.domain.name|' ./pri.*

    5. /etc/httpd/conf/httpd.conf:
      (Apache)

      ServerAdmin
      ServerName


      Additionally
    6. /etc/postfix/main.cf

      verify, that it was updated

      should be changed automatically


      myhostname =
      mydestination =
    7. /etc/amavisd/amavisd.conf:

      $mydomain
      $myhostname
    8. /etc/mailman/mm_cfg.py:
      DEFAULT_EMAIL_HOST
      DEFAULT_URL_HOST
     
    ahrasis likes this.
  6. mrbronz

    mrbronz Member HowtoForge Supporter

    Hi Taleman.

    Thank you for the info. Sorry for the delay in response.

    My domain provider's DNS is 156.154.100.3, and when I do a dig using their servers dig @156.154.100.3 myhost.com, it gives the correct information. But when I do a dig command any using other DN servers, @8.8.8.8 myhost.com, I get the incorrect info b.
    I'm convinced that my internet supplier had incorrectly routed my new IP addresses via my old IP addresses.
    So, in an attempt to fix it, THEY have decided to issue me with a new set of IP addresses to see if that fixes the problem.

    I will keep this thread informed.
     
  7. Alex Mamatuik

    Alex Mamatuik Member

    UPDATE:
    SEEMS, you have just showed namely ip address of the hosting company...
    Anyway, i recommend you use traceroute to understand, which step goes falsy.
    And trying to make a query from your own server will execute just a domestic lookup.
    <end_of_update>

    Sorry, that interfere (because i am not the Taleman).
    You will always get correct reply whilst querying from your own server.
    Try to use any other unrelated server.

    Having used 'nslookup', i do receive:
    nslookup 156.154.100.3
    Code:
    3.100.154.156.in-addr.arpa      name = nsa.nic.uk.
    
    Authoritative answers can be found from:
    100.154.156.in-addr.arpa        nameserver = pdns5.ultradns.info.
    100.154.156.in-addr.arpa        nameserver = pdns6.ultradns.co.uk.
    100.154.156.in-addr.arpa        nameserver = pdns1.ultradns.net.
    100.154.156.in-addr.arpa        nameserver = pdns2.ultradns.net.
    100.154.156.in-addr.arpa        nameserver = pdns3.ultradns.org.
    100.154.156.in-addr.arpa        nameserver = pdns4.ultradns.org.
    Then,
    traceroute to nsa.nic.uk (156.154.100.3), 30 hops max, 60 byte packets
    1 static.my.back.order.ip.clients.your-server.de (in.direct.order.ip) 0.380 ms 0.362 ms 0.344 ms
    2 213-239-252-197.clients.your-server.de (213.239.252.197) 0.389 ms 0.347 ms 1.652 ms
    3 core3.sto.hetzner.com (213.239.252.226) 6.452 ms core3.sto.hetzner.com (213.239.224.17) 8.303 ms 8.291 ms
    4 netnod-ix-ge-b-sth-1500.llnw.com (194.68.128.167) 6.128 ms 6.373 ms netnod-ix-ge-a-sth-1500.llnw.com (194.68.123.167) 16.014 ms
    5 ve5.fr3.arn1.llnw.net (69.28.172.129) 6.743 ms ultradns.p1-13-10g.fr3.arn1.llnw.net (87.248.192.47) 6.630 ms ve5.fr3.arn1.llnw.net (69.28.172.129) 6.623 ms
    6 * * ultradns.p1-13-10g.fr3.arn1.llnw.net (87.248.192.47) 7.464 ms
    7 * * *
    8 * * *
    9 * * *
    10 * * *
    11 * * *
    12 * * *
    13 * * *
    14 * * *
    15 * * *
    16 * * *
    17 * * *
    18 * * *
    19 * * *
    20 * * *
    21 * * *
    22 * * *
    23 * * *
    24 * * *
    25 * * *
    26 * * *
    27 * * *
    28 * * *
    29 * * *
    30 * * *

    traceroute to 156.154.100.3 (156.154.100.3), 30 hops max, 60 byte packets
    1 static.my.back.order.ip.clients.your-server.de (in.direct.order.ip) 0.430 ms 0.429 ms 0.414 ms
    2 213-239-252-197.clients.your-server.de (213.239.252.197) 0.478 ms hos-tr4.ex3k51.rz6.hetzner.de (213.239.252.193) 5.351 ms 213-239-252-197.clients.your-server.de (213.239.252.197) 0.348 ms
    3 core3.sto.hetzner.com (213.239.245.70) 7.477 ms 7.503 ms core3.sto.hetzner.com (213.239.252.226) 6.634 ms
    4 netnod-ix-ge-b-sth-1500.llnw.com (194.68.128.167) 6.427 ms 6.418 ms netnod-ix-ge-a-sth-1500.llnw.com (194.68.123.167) 8.004 ms
    5 ve5.fr3.arn1.llnw.net (69.28.172.129) 7.002 ms ultradns.p1-13-10g.fr3.arn1.llnw.net (87.248.192.47) 7.731 ms ve5.fr3.arn1.llnw.net (69.28.172.129) 7.331 ms
    6 * * ultradns.p1-13-10g.fr3.arn1.llnw.net (87.248.192.47) 8.076 ms
    7 * * *
    8 * * *
    9 * * *
    10 * * *
    11 * * *
    12 * * *
    13 * * *
    14 * * *
    15 * * *
    16 * * *
    17 * * *
    18 * * *
    19 * * *
    20 * * *
    21 * * *
    22 * * *
    23 * * *
    24 * * *
    25 * * *
    26 * * *
    27 * * *
    28 * * *
    29 * * *
    30 * * *

    As i understand, after the step with your hoster
    ultradns.p1-13-10g.fr3.arn1.llnw.net (87.248.192.47) 8.076 ms
    it's unable to find out a proper route, where your records reside.
     
    Last edited: Mar 1, 2023
  8. Alex Mamatuik

    Alex Mamatuik Member

    correctly executed request would be looking like:
    traceroute some.my.working.server_ip
    Code:
    traceroute to <my_ip> (<my_ip>), 30 hops max, 60 byte packets
     1  static.my.back.order.ip.clients.your-server.de (in.direct.order.ip)  0.332 ms  0.314 ms  0.298 ms
     2  hos-tr4.ex3k51.rz6.hetzner.de (213.239.252.193)  0.396 ms  0.331 ms 213-239-252-197.clients.your-server.de (213.239.252.197)  0.303 ms
     3  core40.sto.hetzner.com (213.239.224.58)  6.163 ms core3.sto.hetzner.com (213.239.224.22)  6.153 ms core40.sto.hetzner.com (213.239.224.62)  6.134 ms
     4  core10.ams.hetzner.com (213.239.252.217)  28.217 ms core2.ams.hetzner.com (213.239.245.173)  27.864 ms core10.ams.hetzner.com (213.239.252.217)  28.193 ms
     5  core7.lon.hetzner.com (213.239.245.222)  43.353 ms  43.416 ms  43.409 ms
     6  * * *
     7  i-1001.ulhc-core02.telstraglobal.net (202.84.178.70)  35.379 ms  37.369 ms i-1008.ulcn-core01.telstraglobal.net (202.84.178.13)  35.221 ms
     8  * * i-1000.sgcn-core01.telstraglobal.net (202.84.140.141)  270.413 ms
     9  i-1000.sgcn-core01.telstraglobal.net (202.84.140.141)  270.387 ms 202.84.244.41 (202.84.244.41)  262.873 ms  264.848 ms
    10  * * i-92.sggs01.telstraglobal.net (202.84.219.173)  267.808 ms
    11  * * *
    12  * * *
    13  * * *
    14  sin-sgcs2-g2-nc5.sgp.asia (103.5.15.17)  180.697 ms * *
    15  * * *
    16  * * *
    17  * * *
    18  * * *
    19  * * *
    20  * * *
    21  * * <reversed_tracerouted_ip> (<tracerouted_ip>)  181.354 ms
     
  9. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Verify the name servers of your domain are correctly registered (see dns tutorial, link in my signature). Use for example command whois, and read the name server lines. For example:
    Code:
    whois howtoforge.com
     
  10. mrbronz

    mrbronz Member HowtoForge Supporter

    I have a new set of IP addresses I have asked my domain provider to implement the new changes

    domain = gregson.me.uk IP =72.27.140.48
    ns1=gregson.me.uk IP 72.27154.49
    ns1=gregson.me.uk IP 72.27154.50

    However, it's still not propagating.

    I thought it might have something to do with 13 (ECDSAP256SHA256) setting, but the DNSSEC DS-Data for registry entry is showing blank. I've tried following Th0m's tutorial to change my current Algorithms but these settings are beyond my understanding, I am informed this is where all DNSSEC Algorithms are heading.

    I can get a result from dig @156.154.103.3 gregson.me.uk but nothing from any other server i.e. 8.8.8.8 ---

    As before, all A records have been altered in the DNS zones.

    PS Many thanks to Taleman AND Alex
     
  11. remkoh

    remkoh Active Member

    Looks like your dns servers are unresponsive.
    Which more or less results in your domain being non-existent on the internet.
    Trying to connect using nslookup times out.

    Did you open the proper ports in your firewall (network and if applicable server)?
    Is the dns service running without errors?
     
    Last edited: Feb 28, 2023
  12. mrbronz

    mrbronz Member HowtoForge Supporter

    yes everything is the same only thing that has changed is the IP addresses
     
  13. remkoh

    remkoh Active Member

    Looked a bit further into it.

    Because your nameservers have hostnames within your own domain you need glue records.
    Are those created in me.uk?
    If not then it will never work.

    Btw. I tried nslookup using the ip, not hostname.
    Nslookup can't connect so there's something wrong there.
    Traceroute has no problems so it's not a routing issue.
     
  14. remkoh

    remkoh Active Member

    Glue records do exist
    Code:
    # dig +short me.uk. NS
    nsa.nic.uk.
    nsb.nic.uk.
    nsc.nic.uk.
    nsd.nic.uk.
    dns1.nic.uk.
    dns2.nic.uk.
    dns3.nic.uk.
    dns4.nic.uk.
    
    # dig +noall +authority +additional +norecurse @dns1.nic.uk. NS gregson.me.uk.
    gregson.me.uk.          172800  IN      NS      ns1.gregson.me.uk.
    gregson.me.uk.          172800  IN      NS      ns2.gregson.me.uk.
    ns1.gregson.me.uk.      172800  IN      A       72.27.140.49
    ns2.gregson.me.uk.      172800  IN      A       72.27.140.50
    
    But your nameservers fail
    Code:
    # dig +noall +authority +additional +norecurse @ns1.gregson.me.uk. NS gregson.me.uk.
    dig: couldn't get address for 'ns1.gregson.me.uk.': failure
    
    # dig +noall +authority +additional +norecurse @72.27.140.49 NS gregson.me.uk.
    ;; connection timed out; no servers could be reached
    
    # dig +noall +authority +additional +norecurse @ns2.gregson.me.uk. NS gregson.me.uk.
    dig: couldn't get address for 'ns2.gregson.me.uk.': failure
    
    # dig +noall +authority +additional +norecurse @72.27.140.50 NS gregson.me.uk.
    ;; connection timed out; no servers could be reached
    
    So your problem is that your dns ports are closed or not responding properly.
     
    Last edited: Mar 1, 2023
  15. remkoh

    remkoh Active Member

    I saw you looking into several dnssec posts.
    That's not where your problem is. Your nameservers cannot be reached / aren't responding at all.

    Regarding dnssec:
    No DS records exist in me.uk for your domain.
    So if you have dnssec enabled you might as well disable it or make sure the correct DS records are created in me.uk.
    But again, that won't solve any of your current problems.
     
    Last edited: Mar 1, 2023
  16. mrbronz

    mrbronz Member HowtoForge Supporter

    Hi remkoh

    Thank you for the effort you have put into this.

    This is only a hobby for me, so I don't mind telling you I'm in over my head.
    Before I changed my internet provider, this was all working fine. All I have done is change my IP address. Although I have changed my A records etc and glue records etc.. I'm still no further forward.

    Would deleting the DNS zone and recreating it help?
    I would hope that deleting any wrongly created DNS records will be removed, and recreating them will resolve the issue.

    What do you think?
     
  17. remkoh

    remkoh Active Member

    Even if your DNS zone would be incorrect your server should stil be reachable. Which it is not currently.

    Isn't it as simple as the service not listening on the correct ip?
    Just listening on 127.0.0.1 only instead of 0.0.0.0 (all ip's) for example.
     
    Last edited: Mar 1, 2023
  18. mrbronz

    mrbronz Member HowtoForge Supporter

    Sorry I don't understand "the service not listening on the correct IP"
     
  19. remkoh

    remkoh Active Member

    What is the output of this?
    Code:
    netstat -nap|grep 'named'
    (assuming you're using bind/named as DNS service)
     
  20. mrbronz

    mrbronz Member HowtoForge Supporter

    ~# netstat -nap|grep 'named'
    tcp 0 0 192.168.61.70:53 0.0.0.0:* LISTEN 526/named
    tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 526/named
    tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 526/named
    tcp6 0 0 :::53 :::* LISTEN 526/named
    tcp6 0 0 ::1:953 :::* LISTEN 526/named
    udp 0 0 192.168.61.70:53 0.0.0.0:* 526/named
    udp 0 0 127.0.0.1:53 0.0.0.0:* 526/named
    udp6 0 0 :::53 :::* 526/named
    unix 2 [ ] DGRAM 16626 526/named
     

Share This Page