Please help : SetUp NS records

December 18, 2016 1.7k views
Networking

Please help, I am a newbie to networking. I am planning to move my domain from go-daddy shared hosting server to digital ocean without any downtime. So my plan is the following

  1. Change Name servers at domain registrar ( Godaddy ) to digital ocean name servers.
  2. Add NS record that points godaddy name servers in digital ocean. Since name server changes at domain registrar will take less than 24 hours to propagate, i need to point every connections to godaddy shared hosting during this period.
  3. Once this period is over, i will remove the NS record at digital ocean ( that points to godaddy name servers ) and add an A record to assign to the right droplet.

So my questions are below.

A.) Does my above plan work ?. That is the following scenarios
A1. ) when a request comes to my domain and it finds out go-daddy name servers and points to godaddy hosting and works fine.
A2. ) When a request comes to my domain and finds out digital ocean name servers and it goes and ask digital ocean, since we have added NS records in digital ocean, digital ocean re-route to godaddy NS servers and my old site will load.

B. ) How long does it take to update NS records that is added in digitalocean.

C. ) How long does it take to update A records that is added in digitalocean.

D) Also I already have an SSL certificate installed in Godaddy ( purchased From godaddy control panel ). I want to install letsencrypt SSL in digital ocean. I have found the following documentations ( LAMP 14.04 ).
D.1 ) https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-ubuntu-14-04-lts
D.2 ) https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-14-04

I am planning to host only one domain in one droplet, So do i need to create virutal hosts to install SSL as mentioned in D.1.

Please bear my poor language and thanks in advance.

Regards
Noble

2 Answers

Risky.

You will do the following: Update NS records in GoDaddy, set GoDaddy NS records in DigitalOcean. Once GoDaddy DNS propagation finishes, you will set NS records in DigitalOcean DNS management back to DO.

That will work until DNS propagation finishes on GoDaddy side, but once it does, GoDaddy will point to DigitalOcean, but DigitalOcean will point to GoDaddy and so on. So request will never reach your site (in other words - you will have downtime, site will not load).

Thing you need to look at is NS record TTL - Time To Live. That's time for how much DNS servers will keep old NS records. I think, default on DigitalOcean is 1800 seconds, and you was not able to change it. Now DO is setting up new DNS management system where default is 86400 seconds (24 hours) but you are able to change it.

If you add GoDaddy records with low TTL. I don't know is there any minimum, but you can check it with Support.

Anyways problem is still that once DNS propagation happens on GoDaddy, site will be down from period you notice it (get email from GoDaddy), to period you change it in DO Panel and DNS propagation happens again.

Much better solution would be to set up DigitalOcean records as it should be (with DO NS records, A record to Droplet) and change NS in GoDaddy panel. Until propagation happens, when you visit site by domain you'll get it from GoDaddy Hosting. Once it happens, you'll get site from DigitalOcean.

Tutorials (documentation) you linked is great! It will definitely help you set up SSL with Let'sEncrypt on your site. But you need to follow LAMP tutorial too, so you have web server.
Maybe I would recommend to go with Ubuntu 16.04, if you don't depend on 14.04. Ubuntu 16.04 is newer and it'll be much longer supported then Ubuntu 14.04.
To make web site work, you will have to follow following tutorial:
How To Install Linux, Apache, MySQL, PHP (LAMP) stack on Ubuntu 16.04.
How To Secure Apache with Let's Encrypt on Ubuntu 16.04.
How To Set Up Apache Virtual Hosts on Ubuntu 16.04. As you have only one domain, only one VirtualHost is enough.

If you have any further questions, don't hesitate to ask anything. =)

A "LAMP" stack is a group of open source software that is typically installed together to enable a server to host dynamic websites and web apps. This term is actually an acronym which represents the Linux operating system, with the Apache web server. The site data is...
  • Thanks for the details answer. I have one more question.

    If I can get a private Ip from go-daddy, i can create an A record in DO that points to the to the godaddy private IP. That way it will work right ?
    How long will it take to update a A record in DO.

    • Why you would do that? What is type of your site?
      If this is not very dynamic site, with lot of users changing site content, way too complicated.

      If you are using shared hosting that means that multiple site have same IP address. You can't get easy IP for yourself. Maybe you can get it from GoDaddy, but maybe you'll have to pay for it too.

      For all records on DO side, update is done every 1800 seconds. If you already got new DNS management, you'll see option to create record with specifying TTL. There you can enter even lower value of any record.

      So if you go with route I said earlier, you'll get same results, as time to update A and NS records are same. But without any hassle. Problem with that method is if users change database, site content (e.g. forums), you will not have up-to-date content on both servers

      • Hi xMudrii,

        Let me explain my current setup. Our site is a kind of shopping site. Where users can create accounts / purchase things etc. We also have a hybrid app ( basically iframe ) that uses "https" url.
        We have installed SSL on godaddy using godaddy cpan. And we want to install letsencrypt in DO. So the following are my concerns.

        1. We can only install letsencrypt certificate once the dns propagation complete ( need to verify domain verification using their challenges ). So we have to wait around 24 hrs to confirm that the propagation is complete. During this time app request https urls which will work if the request went to godaddy but it will fail if the request went to digital ocean.

        I want to minimize this down time period as much possible. One solution that comes up in mind is as follows

        1. Purchase a private IP from go-daddy
        2. Change NS record at Godaddy to DO
        3. Create an A record with minimal TTL that points to go-daddy private IP. This will take user to godaddy even after propagation is complete and during propagation. No downtime right ?
        4. Once the propagation is complete. We change the A record to the right droplet.( From the documents it will take around 30 - 45 mins to complete the dns change in DO ).
        5. Install letsencrypt on the droplet after 30- 40 mins

        By this way, I am aiming to archive the server change within 1 hrs downtime.

        Thanks for the help,

        Noble

        • Sorry for late response. :P

          For Let'sEncrypt, you are right, you need record to validate server.

          If you set up A record to GoDaddy in DO panel, once DNS propagation happens, it will point still to GoDaddy. Before propagation happens, it'll still use old records from GoDaddy.

          Depending on app setup, downtime can arise when you change A record to DO. If app works without SSL, it'll probably work without downtime.

          As A record TTL is pretty low, and once you set up Let'sEncrypt it'll work.
          Just to note, maybe some users will have to clear browser cache, if their browser cached old cert.

Have another answer? Share your knowledge.