Changing hosting company for one domain, how to deal with DNS?

UNIX for Advanced & Expert Users
1

Hello,

Our organization is planning to move one domain from Dreamhost to Hubspot. Lets say, it is gem.xyxyxyxyx.com. Please note, website is not being migrated from one server to another, it is just hosting company.

Here is from our internal DNS master server -

[root@ext-dns-ns1 ~]# cat /var/named/master/db.xyxyxyxyx.com | grep gem
gem                     IN      NS      ns1.dreamhost.com.
gem                     IN      NS      ns2.dreamhost.com.
gem                     IN      NS      ns3.dreamhost.com.
gem                     IN      A       69.163.167.103
www.gem                 IN      CNAME   gem
[root@ext-dns-ns1 ~]#

And this is root domain A record -

[root@ext-dns-ns1 ~]# cat /var/named/master/db.xyxyxyxyx.com | grep 69.163.164.199
                        IN      A       69.163.164.199
www                     IN      A       69.163.164.199
[root@ext-dns-ns1 ~]#

Ideally, (I assume) when we move hosting agency, we get new IP and replace 69.163.167.103 and 69.163.164.199 with the IPs they will give.

But here twist is, HubSpot is only able to host content for subdomains using CNAME records. They provide a CNAME address that can be used (the associated IP address is dynamic and will not be static for security purposes). But our DNS records, both hosted as A records, at present.
HubSpot is unable to offer IP addresses for use with A records. They replied "We usually rely on the redirection services that DNS providers sometimes offer, but in the event that the DNS provider does not have a means of redirecting the root domain to the subdomain, we typically recommend a third party redirection service. I'd suggest setting up an account with Redirect.pizza".

If I go by suggestion from HubSpot, I guess I need to make below change -

temp-test-site.xyxyxyxyx.com IN A ip-provided-by-redirect-pizza

And configure this name at RedirectPizza to look to, for example, xyxyxyxyx.com site. Then remove below records :

gem IN NS ns1.dreamhost.com.
gem IN NS ns2.dreamhost.com.
gem IN NS ns3.dreamhost.com.

From the main zone xyxyxyxyx.com and define these names like that:

gem IN CNAME new-hubspot-cname-for-gem.
www.gem IN CNAME gem

I have two concerns/questions is :

  • For an enterprise-level DNS, will it not be difficult to trust on a free service website (https://redirect.pizza)? What if the website shuts down, my all sub-domains can break, right? Any I explore any other option rather than redirect.pizza?

  • Can there be any interruption on website gem.xyxyxyxyx.com during these IPs/CNAMES are being populated?

Please suggest.

Thanks

2

This is all controlled by the TTL (time-to-live) settings of your DNS entries.

Long before any such transition is done, you should set the TTL of all your DNS entries to the shortest possible time.

As I recall, the shortest TTL most DNS providers permit is around 5 or 10 minutes, but please check me on that. YMMV based on DNS provider.

Because DNS is cached in the global Internet, you need to begin this "set our DNS TTLs short" long before the transition process.

The first step is to know what your current TTLs are.

Do you know the value of this critical metric?

3

Yes, I understand this metric. It is set to 3600. NS are pointed on Network Solutions, which says their minimum is also 3600. From their website - "Network Solutions® allows a minimum of 3600 (1 hour)"

[root@ext-dns-ns1 ~]# cat /var/named/master/db.xyxyxyxyx.com | head -14
$TTL    3600
@ IN  SOA dns1.xyxyxyxyx.com. id-chm.xyxyxyxyx.com.com.   (
                                        2020010172      ; Serial
                                        86400           ; Refresh
                                        7200            ; Retry
                                        3600000         ; Expire
                                        172800          ; TTL
                                                        )
;
                                IN  NS          dns1.tcs-sb.net.
                                IN  NS          dns2.tcs-sb.net.
                                IN  NS          dns3.tcs-sb.net.
                                IN  NS          dns4.tcs-sb.net.
;
[root@ext-dns-ns1 ~]#
4

Hmmmm. 3600 is a very long time (for cutovers and changes to the network) and not really acceptable for transitions.

Plus, I'm not sure I trust this $TTL 3600 in your output.

172800          ; TTL

For your cached DNS entries, you can check the TTL as follows, as you provably know:

macos# nslookup
> set debug
> server ns1.linode.com
Default server: ns1.linode.com
Address: 162.159.27.72#53
> www.unix.com
Server:		ns1.linode.com
Address:	162.159.27.72#53

------------
    QUESTIONS:
	www.unix.com, type = A, class = IN
    ANSWERS:
    ->  www.unix.com
	internet address = 209.126.104.117
	ttl = 3600
    AUTHORITY RECORDS:
    ->  unix.com
	nameserver = ns2.linode.com.
	ttl = 3600
    ->  unix.com
	nameserver = ns1.linode.com.
	ttl = 3600
    ->  unix.com
	nameserver = ns3.linode.com.
	ttl = 3600
    ->  unix.com
	nameserver = ns5.linode.com.
	ttl = 3600
    ->  unix.com
	nameserver = ns4.linode.com.
	ttl = 3600
    ADDITIONAL RECORDS:
    ->  ns1.linode.com
	internet address = 162.159.27.72
	ttl = 300
    ->  ns1.linode.com
	has AAAA address 2400:cb00:2049:1::a29f:1a63
	ttl = 300
    ->  ns2.linode.com
	internet address = 162.159.24.39
	ttl = 300
    ->  ns2.linode.com
	has AAAA address 2400:cb00:2049:1::a29f:1827
	ttl = 300
    ->  ns3.linode.com
	internet address = 162.159.25.129
	ttl = 300
    ->  ns3.linode.com
	has AAAA address 2400:cb00:2049:1::a29f:1981
	ttl = 300
    ->  ns4.linode.com
	internet address = 162.159.26.99
	ttl = 300
    ->  ns4.linode.com
	has AAAA address 2400:cb00:2049:1::a29f:1b48
	ttl = 300
    ->  ns5.linode.com
	internet address = 162.159.24.25
	ttl = 300
    ->  ns5.linode.com
	has AAAA address 2400:cb00:2049:1::a29f:1819
	ttl = 300
------------
Name:	www.unix.com
Address: 209.126.104.117

And the query above confirms what is in our DNS setup:

1024×389 35.5 KB

As you can see from the next screen capture, I would set this to 5 minutes (300 seconds) if I was going to do a cut-over. I would never do a cutover with 1 hour (3600 second) TTL. This would be a receipt for a small disaster.

I suggest you check with a DNS tool (like I did above) to make sure your TTL is what you think it is.

Personally, I would not use any DNS provider which provides a minimum TTL of 1 hour. Actually, for me, that is "unheard of" for 3600 to be "the minimum", as the minimum TTL is normally 300 seconds, like I have demonstrated to you above.

2 Likes
5

Thanks for the detailed reply. I checked the same way on my side and it confirms that TTL is 3600. I will check with Network Solutions, if this can be reduced for/during migration.
Do you have any suggestions regarding Redirect.pizza solution and having a CNAME for root domain and gem? This is not a personal domain/website, but an enterprise so I am more concerned about its stability.

6

Sorry, I don't have any experience with Redirect.pizza or other services because when I do these kind of migrations, I always set the TTL to 5 minutes and and everything works great, especially when the transition is performed when the traffic is at it's lowest point (weekends, holidays, middle of the night, etc) and, of course, the app is running at both the "old" and "new" IP address during that time as well (in the proper mode, normally read only on the "old" IP address, etc).

I'm quite "old school" so there may be a better way than DNS TTL management; but I have never used any these "new school" methods, sorry I cannot be more helpful.

Like I said, I would never use a DNS provider which did not permit us to change the TTL to 300 seconds. 3600 is not acceptable at all for "non trivial" transitions.

1 Like
7

Thanks. It was detailed and helpful.
Instead of using external redirect services, I will be setting up my own webserver for this setup and hopefully, that would serve the purpose.