DNS resolution issue

domain-name-systemnameserver

I recently moved a website to a new server by changing its A record to the IP address of its new server.

Within four hours, all the machines on our network were resolving properly, within 24 hours, every nameserver dig / cachecheck.opendns.com / etc could find were serving up the right IP.

However, the client's machine seem to be the only machines in the world that still resolve to the old IP.

It's been 72hrs, he's flushed his DNS, and he cannot change his DNS resolver, since he said it causes other issues.

I currently created a configuration that rewrites the IP as the URL, and a php header directive that redirects the old site to the new one via the new IP (and I'm keeping my fingers crossed it doesn't cause a redirect loop)

How on earth does every nameserver I can find give the right IP address for this website, while the client's machines are still going to the old one?

I have also:

nslookup [the-domain] [all-three.nameservers.com] to no avail ; they all show the right IP.

Is there some directive I can put on the old server that says "Sorry, pal, wrong IP" -?
Or what else can I really do, since we cannot replicate this — ?

Best Answer

DNS responses may be cached for TTL time. Every DNS server and caching client should forget everything about you old IP after TTL seconds since you've changed you A record on last authoritative server.

If TTL of your old record has not passed yet, then clients still may see old IP. And this is much more likely to happen with your clients, as they often use your DNS record and cache it.

If your old TTL has already passed, then there's something buggy between you and your client (it's not necessary exactly on client side). Unfortunately there are no guaranteed ways to fix it on your side (except may be using raw ip address or new DNS name).

I would check this in following sequence:

  • Check the list of authoritative servers for your domain (type NS for you zone)
  • Check that every authoritative server actually returns new address
  • Make sure that TTL didn't changed or find out old TTL (i.e. from backup of old zone).

If all above shows that your records are fresh everywhere and TTL has passed since last change than it seems that your side is ok.

  • Ask you client to resolve your name with dig or other tool that reports record's TTL (not sure if this can be done with nslookup) and check if this TTL is adequate. TTL reported by cacher is (at least should be) reduced by the time passed since last cache record update so you will see that it decreases between several requests. If it does not - there's buggy or misconfigured DNS.
Related Topic