We currently have a dynamically provided IP address and are switching over to a static ip address. As such, I need to change the IP address on our 3 LAMP servers. These servers also run bind9 for DNS and postfix/dovecot for email. (MySQL is actually running as a Percona DB cluster which may be irrelevant.)
I think I have a good strategy, but want to check my logic with others who may have done this successfully before.
The concept is to stop all web, database, and mail services on each machine one at a time, pushing traffic to one of the two remaining servers, and run the following script to replace the old IP address with the new IP address, then reboot the server and attempt to push traffic back to it then proceed with the next server in the cluster if all goes well.
I used grep -r to find instances of the old ip address in the system and need to make sure that I'm not missing anything important that needs to be considered.
find /etc/bind -type f -print0 | xargs -0 sed -i 's/old.ip.address/new.ip.address/g'
find /etc/postfix -type f -print0 | xargs -0 sed -i 's/old.ip.address/new.ip.address/g'
find /etc/apache2 -type f -print0 | xargs -0 sed -i 's/old.ip.address/new.ip.address/g'
find /etc/postfix -type f -print0 | xargs -0 sed -i 's/old-ip-address/new-ip-address/g'
find /etc/bind -type f -print0 | xargs -0 sed -i 's/rev.address.ip.old/rev.address.ip.new/g'
As a point of clarification, grep -r found the IP address references in the /etc/bind/zones tables, the /etc/postfix configuration files, and the /etc/apache2 config file. The IP address separated by hyphens was also found in the postfix config files. The reverse IP address was also found in a /etc/bind/named.conf.local file and will also need to be replaced.
Can anyone see if I may be missing something here? I'm doing this in a production environment...not the most ideal of circumstances, of course.
Sorry all. Looks like I let this get stale after finding the solution. For posterity's sake, here's what seems to be working at this point:
$ORIGIN example.com.
$TTL 12H
; # symbol represents example.com.
# 12H IN SOA ns1.example.com. hostmaster#example.com. (
2015062954 ;serial
30M ;refresh
2M ;retry
2W ;expire
1D ;minimum TTL
)
NS ns1.example.com.
NS ns2.example.com.
MX 10 mail.example.com.
IN A 99.101.XXX.XXX
IN TXT "v=spf1 a mx ip4:99.101.XXX.XXX ~all"
IN SPF "v=spf1 a mx ip4:99.101.XXX.XXX -all"
ns1 IN A 99.101.XXX.XXX
ns2 IN A 99.101.XXX.XXX
mail IN A 99.101.XXX.XXX
IN TXT "v=spf1 a mx ip4:99.101.XXX.XXX ~all"
IN SPF "v=spf1 a mx ip4:99.101.XXX.XXX -all"
www IN A 99.101.XXX.XXX
dev IN A 99.101.XXX.XXX
demo IN A 99.101.XXX.XXX
webconf IN A 99.101.XXX.XXX
stats IN A 99.101.XXX.XXX
While the idea of using a find piped to an xargs sounds reasonable, I would take my 15 years of experience and tell you that is a bad idea. I would propose:
identify those services running on the boxes that are important (your find command works great here)
identify those files important to each of those services where address is defined
back up those files (cp to .orig works nicely)
create new files that contain your new addresses
This way you have a fast transition with:
cp somefile.new somefile
and a fast backout with:
cp somefile.orig somefile
Additionally, I would expect that the zones files contain actual DNS entries, so changing them is fine, but you'll probably need to reload named for those changes to take effect. Same goes for postfix, you'll want to postfix reload those as well.
EDIT (I haven't taken the time to actually load this zone, but it looks reasonably correct):
$ORIGIN example.com.
$TTL 12H # IN SOA ns1.example.com. hostmaster#example.com. (
2015062660 ;
30M ;refresh
2M ;retry
2W ;expire
1D ;minimum TTL
)
IN NS ns1.example.com.
IN NS ns2.example.com.
IN A 99.101.XXX.X
example.com. IN MX 10 mail.example.com.
mail IN A 99.101.XXX.X
IN TXT "v=spf1 a mx ip4:99.101.XXX.X ~all
ns1 IN A 99.101.XXX.X
ns2 IN A 99.101.XXX.X
www IN CNAME example.com.
dev IN CNAME example.com.
demo IN CNAME example.com.
webconf IN CNAME example.com.
stats IN CNAME example.com.
EDIT:
glue records
Related
To test mail server I need an MX record in DNS server, it always with a delay because DNS cache, I need to make it faster. Is there a way make an MX record locally like A record by etc/hosts file?
Thanks, this works.
echo "10.10.10.1 mail.example.com" | sudo tee --append /etc/hosts > /dev/null
echo "disable_dns_lookups = yes" | sudo tee --append /etc/postfix/main.cf > /dev/null
systemctl restart postfix
i'm managing to use postfix on a proxmox server to delivery the mail to a local mail server on a vm , with a different ip address from the dns mx record, i've found very useful this article,
http://www.readonlymaio.org/rom/2018/01/16/force-postfix-to-search-mx-records-in-etc-hosts-file/
he leds me to disable the dns lookup in postfix to force it to use the hosts A record !!
it works
in the hosts
X.X.X.X example.com
Edit the /etc/postfix/main.cf file and add this line:
disable_dns_lookups = yes
after, restart postfix
I have created an account through WHM, but never had this issue. The error I get when I try to edit the zone is:
There were errors in the zone which have been highlighted below. Please manually correct these errors before trying to edit the zone.
; cPanel first:11.60.0.28 (update_time):1483209424 11.60.0.28: Cpanel::ZoneFile::VERSION:1.3 hostname:s132-148-23-168.secureserver.net latest:11.60.0.28
; Zone file for wonderlandsigns.com
$TTL 14400
# 86400 IN SOA ns1.secureserver.net. info.. ( near 'info..': empty label
2016123101 ; serial, todays date+todays
3600 ; refresh, seconds
7200 ; retry, seconds
1209600 ; expire, seconds
86400 ) ; minimum, seconds
wonderlandsigns.com. 86400 IN NS ns1.secureserver.net.
wonderlandsigns.com. 86400 IN NS ns2.secureserver.net.
wonderlandsigns.com. IN A 132.148.23.168
wonderlandsigns.com. IN MX 0 wonderlandsigns.com.
mail IN CNAME wonderlandsigns.com.
www IN CNAME wonderlandsigns.com.
ftp IN CNAME wonderlandsigns.com.
How do I manually edit it to fix the issue?
You can do this with multiple ways such as using WinSCP OR Putty. Here is the simplest way doing it via WinSCP
WinSCP
Download & Run WinCP
Use your server IP, Username & Password to login to server
Go to the following path /var/named
Find your domain file within directory, double click to open and edit
Save the file
Restart DNS Server
Hope this helps!
I was wondering if it's possible to log into name.com and update a specific domains DNS from SSH? The VPS hostname is the domain I want modified.
I basically want to update each DNS field with the following
Log into https://www.name.com/account/domain/details/$(hostname -i)#dns
A Record "" $(hostname -i)
A Record "*" $(hostname -i)
TXT default._domainkey cat /etc/opendkim/keys/"$(hostname)"/default.txt
TXT "" "v=spf1 mx a ip4:$(hostname -i) -all"
I know they have an API (have to request signup as a reseller) but that is not an option for me.
I just noticed today that domain foo.bar resolves to 127.0.53.53 (http://foo.bar, http://whois.domaintools.com/foo.bar)
In my case this ends up on the localhost Apache, but I wonder why the registrant did not simply chose to point to 127.0.0.1? Is there any specific reason?
127.0.53.53 is a special IP addresses that is used by ICANN to prevent DNS name collisions with the new gTLDs.
In your case the .bar gTLD was delegated in February. So the 127.0.53.53 is a big hint for people using .bar in their internal setups that the .bar domain name will be used in the global DNS very soon.
If you look closer at the foo.bar record you see more information:
$ dig foo.bar A +short
127.0.53.53
$ dig foo.bar TXT +short
"Your DNS configuration needs immediate attention see https://icann.org/namecollision"
$ dig foo.bar MX +short
10 your-dns-needs-immediate-attention.bar.
$ dig foo.bar SRV +short
10 10 0 your-dns-needs-immediate-attention.bar.
I would like to know if it's possible to get IPv4 and IPv6 addresses with just one invocation of dig?
For example, this gives the IPv4 address:
dig hostname A
And this command will give me the IPv6 address:
dig hostname AAAA
How can I get both addresses, IPv4 and IPv6, with just one command?
It may be that this has been added to dig since the question was asked, but for completeness this can be accomplished through the following query:
dig hostname A hostname AAAA +short
Source: http://linux.die.net/man/1/dig -- under the 'Multiple Queries' section
If you're querying an authoritative server for the domain, you can get all the records for a name with an ANY query:
dig hostname ANY #servername
However, this won't work reliably if you're querying a caching server. When a caching server responds to an ANY query, it returns whatever records happen to be in cache at the time. If the name has both A and AAAA records, but the server has only looked up the A records recently, the AAAA records won't be in the cache, so it won't return them.
Furthermore, there is a proposal to allow DNS servers to refuse to answer ANY queries: Providing Minimal-Sized Responses to DNS Queries that have QTYPE=ANY. If you query a server that implements this, you may not be able to get both responses with a single query (although one of the suggestions in that draft is that an ANY query might just return all MX, A, and AAAA, since this is often what clients want). So for best reliability, you should just make two queries.
Now that IPv6 is a lot more common, I've found myself frequently needing to query both A and AAAA. I can never seem to remember the syntax, so I finally wrote a function for my ~/.bashrc called digall. I shared it with some friends and they loved it, so I threw it up on github in gist that anyone is welcome to use: https://gist.github.com/FreedomBen/23020c464779bb30cab754d92bdce6c6
Here's the current version which you can put in a file in your path and mark executable:
#!/usr/bin/env bash
#
# To use, simply run `digall <domain>` such as:
#
# digall example.com
# digall sub.example.com
#
# Place this file in your PATH. Suggest either /usr/local/bin/ or ~/bin
#
# Alternatively you can wrap it in a function called `digall` and put in ~/.bashrc
#
# License: MIT
declare -rx digall_color_restore='\033[0m'
declare -rx digall_color_red='\033[0;31m'
declare -rx digall_color_light_green='\033[1;32m'
declare -rx digall_color_light_blue='\033[1;34m'
declare -rx digall_color_light_cyan='\033[1;36m'
if [ -z "$1" ]; then
echo -e "${digall_color_red}Error: Please pass domain as first arg${digall_color_restore}"
else
echo -e "${digall_color_light_blue}Queries: (dig +noall +answer '$1' '<type>')...${digall_color_light_cyan}\n"
for t in SOA NS SPF TXT MX AAAA A; do
echo -e "${digall_color_light_green}Querying for $t records...${digall_color_restore}${digall_color_light_cyan}"
dig +noall +answer "$1" "${t}"
echo -e "${digall_color_restore}"
done
fi