DNS issue at client end, possibly web server

I have a very strange problem regarding DNS on a few customers machines who are trying to access a website, the customers were redirected to another site on the server. Initially the site was set up on the servers shared IP address but then was changed to another IP because it was to have SSL certificate. This was all two weeks ago.

Anyway, I managed to remote desktop into one of the machines which this problem was occurring. I attempted to view the site but sure enough I was seeing another website that is sitting on the same server. I tried a ping, and I am seeing the servers shared IP not the IP assigned to the Virtual Host.

  • Centos
  • Using virtualmin
  • TTL is 3 hours
  • Expires mod is active

Problem has been on going for a couple of weeks
My first assumption was that the TTL was so big that the DNS wasn’t querying the domain.

Does anybody know where first to look with a problem of this nature. I believe if the browser cache was flushed then problem would be resolved. But obviously not the ideal solution for customers.

Check the hosts file on the failing machines
Check your vhost settings in the web server
Check for any .htaccess redirects
Use dig or nslookup to check your dns settings
Make sure there isn’t a virus isn’t on the failing machines

Rees,

With only a few visitors having problems, it would seem to be a DNS propagation delay which should have resolved itself already. In addition, I suspect that the problem visitors are using IE which is known to have a problem with replacing cached pages with current pages (Shift-Refresh is known to help).

Something which you should have considered already is to ensure that the DNS pointers with the domain’s registrar is pointing to the correct DNS for the new IP address for your secure domain. Then, if using the same host, the host’s control panel should have updated its DNS records to the new IP address but a quick check would be in order. Your ping experience would indicate that it was not updated properly.

Regards,

DK

It was IE on this one particular machine, I was reading up on this article:

I access google.com and it resolves to (1.2.3.4). If google.com’s TTL was below 30 minutes, IE will automatically set it to 30 minutes, but Windows will let it expire sooner thus respecting the original time to live. For 30 minutes, as long at 1.2.3.4 is accessible, IE will continue to use it. AFTER the 30 minutes, IE will STILL continue to use (1.2.3.4) as long as A) it’s still available and B) you don’t have a time limit of 2.5 minutes with no TCP activity to 1.2.3.4.

From the above I cant kill that shared IP because a lot of websites are using it. But this could be the reason why the machine is still looking at the old IP. However does incorrect info with a ping rule out this out?

Iv’e used http://www.mxtoolbox.com to look at its current A record and that seems all correct. Is there anything I could ask my DNS host?
Looked at the conf file and the server has its own IP. The only thing I could think of is that the NameVirtualHost was missing for the secure 443.

Would it be a sensible to ask the DNS hosts to refresh there DNS cache?

Rees,

That sounds pretty much like IE’s preference for using its local cache. As noted before, though, Shift-Refresh should do the trick until the DNS propagates for those users.

Do NOT kill the shared IP! It has NOTHING to do with this problem!

The incorrect info with the ping says that someone’s host is delinquent in updating it’s DNS cache.

Nope. If some are getting the correct IP address, it’s merely a question of time (up to 72 hours is frequently quoted) for the DNS to propagate. There is nothing else your DNS can do, only your ISP host (which, even with your prodding, isn’t likely to update their DNS cache any quicker than they want to).

Are you manipulating your DNS records by hand? Without peeking at my records, I’d say that you needed to copy your {domain} port 80 record to {domain} port 443 - good pick-up on your part. I’m just too used to using cPanel’s WHM for that to have considered it earlier.

Propagation of a DNS change through the Internet takes time. That time is simply determined by the update frequency of all the DNS caches in line from your registrar to the visitor which is still getting your old IP address.

If you’re concerned about the time, you might be able to institute a mod_rewrite redirect FOR THE SECURE DOMAIN to the new IP Address. However, the SSL will not match the IP address so that will be to no avail.

Patience, my friend, patience. After 72 hours, then you can go out looking for someone to … er, harm.

Regards,

DK

Its been over two weeks that the DNS has been changed for this particular domain. Now I have access to a machine that this is happening on. I can give some more information on this.
Basically the clients office DNS server was their ISP, and there ISP was their old developers. They still had a DNS record for this domain so it was never going to be updated until the record was deleted.

Thank you all for your replies
:cool:

Rees,

:lol::lol::lol: If they don’t update their DNS, you’re quite correct that they’ll never find your updated location. Good sleuthing! :tup:

Regards,

DK

Yes excellent diagnostics @Rees;