2degrees DNS caches

Forums › 2degrees (including Slingshot, Orcon, Flip, Stuff Fibre, MyRepublic, 2talk and Vocus) › 2degrees DNS caches

SumnerBoy

2074 posts

Uber Geek

ID Verified

Lifetime subscriber

#220223 1-Aug-2017 13:45

I recently moved from 2Degrees VDSL to BigPipe fiber. As a result my static IP changed. I have updated my DNS records on 1stDomains (my domain name provider) and for the most part everything is working as before.

...except any device on the 2Degrees 2G/3G/4G network. Both mine and my wifes mobiles are 2Degrees and they refuse to resolve my domain to the new static IP address. Likewise I have a GPS vehicle tracker, with a 2Degrees SIM, which also fails to resolve.

There are two iPhones connecting back to my tracking server which have had no issues resolving to the new IP and I have tested a few SSL/TLS scanning sites using my domain and they resolve with no issues either.

The DNS records on 1stDomains were updated at about 10am yesterday morning, so I would have thought the 2Degrees DNS caches would have updated by now.

Does anyone have any suggestions or ideas what might be going on here?

Cheers,

Ben

1 | 2

1162 posts

Uber Geek

Trusted

#1834944 1-Aug-2017 13:47

It could maybe take a little bit longer to propagate. I would reboot any devices, that may have cached the old address.

SumnerBoy

2074 posts

Uber Geek

ID Verified

Lifetime subscriber

#1834953 1-Aug-2017 13:51

Hmmm - just downloaded https://play.google.com/store/apps/details?id=com.kodholken.dnslookup&hl=en and did a lookup while on 4G and it resolves my domain name to the correct IP address. So there must be something else going on. SSL cert issues perhaps. I will keep digging.

timmmay

20589 posts

Uber Geek

Trusted

Lifetime subscriber

#1834968 1-Aug-2017 14:04

Try these two websites

https://dnschecker.org/

https://www.whatsmydns.net/

SumnerBoy

2074 posts

Uber Geek

ID Verified

Lifetime subscriber

#1834970 1-Aug-2017 14:07

Thanks @timmmay - they both seem to indicate that all DNS caches are up-to-date and correct.

Must be something else. I am guess something to do with my TLS certs, but just odd that other devices are having no problems. And the domain name hasn't changed, so the certs should be valid.

fe31nz

1233 posts

Uber Geek

#1835275 1-Aug-2017 21:29

The site the certs are checked against my not be getting the new DNS yet. For future reference, if you are going to change the address of a domain, it is best to plan ahead and reduce the timeouts in the DNS settings to quite small numbers a day or two ahead of the change, so that change can propogate before you do the address change. So if you set the timeouts to say 60 seconds, then when you finally change the address, you should get much faster propogation of that change. However, DNS servers are not the only things that cache DNS addresses - some software does it too, and not all software obeys the DNS timeouts. But with a small timeout, the problems should be over within a day.

SumnerBoy

2074 posts

Uber Geek

ID Verified

Lifetime subscriber

#1835283 1-Aug-2017 21:38

I think it must be something on 2degrees end. Even if I update my GPS trackers (using 2degree SIMs) to use the new IP address (instead of domain name) they fail to get thru, and they are publishing direct to an exposed port on my firewall, i.e. no TLS certs or encryption.

But if I test that port is open and accessible from a 3rd party site, everything is fine (both IP address or domain name).

Very strange that this is only a problem for my 2 x 2degrees Android phones and 2 x 2degrees GPS trackers...

SumnerBoy

2074 posts

Uber Geek

ID Verified

Lifetime subscriber

#1835306 1-Aug-2017 22:22

I don't think it is TLS cert issues anymore, since I can access my Nextcloud instance on the LAN using my Android phone, via hairpin NAT (meaning I still use my domain). This allows the TLS cert to correctly validate and I see a nice little green padlock in my phone browser.

But if I try and access the same URL via 4G on my phone I get a connection timeout. And nothing shows up in the Apache logs to indicate my connection attempt even made it to my server.

Is it even possible that 2degrees would not be routing my requests to my new BigPipe static IP? I am not much of a networking expert...

Sharesies

Trade NZ and US shares and funds with Sharesies (affiliate link).

tardtasticx

3075 posts

Uber Geek

#1835311 1-Aug-2017 22:43

Can you tether/hotspot a PC from one of the phones that's not connecting and see if issue persists? If still happens, try running a traceroute and see if anything funny shows up and go from there.

yitz

2082 posts

Uber Geek

#1835313 1-Aug-2017 22:44

What does a traceroute from 2degrees to Bigpipe show...?

It sounds like you've updated your firewall rules.

Do you think 2degrees could be blocking certain types of traffic/ports destined to off-net destination IPs going over their default data APN.

tardtasticx

3075 posts

Uber Geek

#1835314 1-Aug-2017 22:46

yitz: What does a traceroute from 2degrees to Bigpipe show...? It sounds like you've updated your firewall rules. Do you think 2degrees could be blocking certain types of traffic/ports destined to off-net destination IPs going over their default data APN.

It could show if there's just a routing issue between it. And it'll show where it's trying to connect to. If it shows it's trying to connect to the right IP then you know it has nothing to do with DNS and the issue you're experiencing could be completely coincidental to the IP change.

yitz

2082 posts

Uber Geek

#1835315 1-Aug-2017 22:50

Yes that would be the next logical step in investigating whether or not 2degrees is "not be routing my requests to my new BigPipe static IP".

SumnerBoy

2074 posts

Uber Geek

ID Verified

Lifetime subscriber

#1835316 1-Aug-2017 22:53

How do I run a traceroute?

(thanks for the suggestions btw!)

SumnerBoy

2074 posts

Uber Geek

ID Verified

Lifetime subscriber

#1835319 1-Aug-2017 22:55

tardtasticx:

Can you tether/hotspot a PC from one of the phones that's not connecting and see if issue persists? If still happens, try running a traceroute and see if anything funny shows up and go from there.

Yes just tried this - my laptop was unable to connect to my nextcloud server when using my Android tethered WIFI.

tardtasticx

3075 posts

Uber Geek

#1835320 1-Aug-2017 22:55

https://kb.intermedia.net/article/682

Use the domain instead of IP the first time round and see if it populates an IP itself, and check if that IP is correct.

If it doesnt then run it again after with the IP in place of the domain.

SumnerBoy

2074 posts

Uber Geek

ID Verified

Lifetime subscriber

#1835321 1-Aug-2017 22:56

yitz: Do you think 2degrees could be blocking certain types of traffic/ports destined to off-net destination IPs going over their default data APN.

This is what is seems like, but I don't really know too much about how this stuff should work!

1 | 2