Corin Anderson (magellanic) wrote,
Corin Anderson
magellanic

Remote sysadmining: don't forget VeriSign

Switching the ISP on a live web site is sort of like moving a train from one set of tracks to another. Without the aid of a switch or crossover rail.

At 3:30 local time yesterday afternoon Covad switched the bit flow on my DSL line. A dialed in (ssh work -> apt, dial apt -> home) and set to working. I needed the DSL modem rebooted, which I had my Dad do (one quick phone call). To my great surprise, the bits from the new ISP really were flowing. Wow, I'm home free. Well, not quite.

A bit of mucking around later (20 minutes total, then had a meeting at work) and I could ping out and ping in and things seemed to work. sshd needed a restart to bind to the new IP addresses. I forgot to update the forwarder on my intranet-only DNS server, so off-site browsing was down for an hour. But, I got those snags cleared.

Unfortunately, there's still one last hold-up: no one can browse into the site or send me mail at home. Because, InterNIC and all the root name servers are still misinformed as to what the IP address of my domain's primary name server is. Ie, if you do a whois on my domain, it'll list the NS having the IP address of my old ISP. Arg! Worse, the only way to change the NS host record on VeriSign is -- get this -- to reply to a piece of e-mail you ask them to send you. So, if you don't have working e-mail presently, then updating the host record could take some great time. *sigh* As an intermediate fix, I had VeriSign simply change which name server is primary and secondary for my site; my new ISP does DNS hosting for free and their machines (a) are up and (b) have accurate information. So, it's now just a waiting game -- how long before *.root-servers.net have the new mappings. VeriSign yesterday said 24 - 48 hours. I was hoping it would actually happen overnight, but apparently now. The whois record at whois.networksolutions.com is correct, but that record hasn't propogated yet. Until it does, no browsing my web or sending me e-mail. *sigh*

So, how does one avoid this hassle the next time? Switch the primary name server for all your domains to a new location in advance of the move. Even to a temporary server. Crank down the TTL on the NS records the server provides. Then, when you change the IP addresses, update the DNS zone file. Within a matter of even minutes, your new IP addresses are being shared with the world around you. Then, update the host record for your name server and switch back to it as primary at your leisure.

Yes, that's what to do next time.

Heh, and everything else worked so remarkably well, too. Just one little detail forgotten is all it took.
Subscribe
  • Post a new comment

    Error

    default userpic
    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 1 comment