strange problem with shared and dedicated IP's

[itwebteam]

guys, I have a strange issue:
for a while now, several users complained that they cannot access one of the sites hosted on my WHM/cpanel-based dedicated server.
since I couldn't replicate the issue, iI simply thought that it was some sort of network glitch.
but today I needed to validate a site's HTML using an external validator (like w3c one).
the validator couldn't access the site either, but another site, on the same server, having the same NS, etc, was accessed just fine.
so I went ahead and looked for differences between the two sites, and I found that the one that works is hosted on the main, shared IP, and the one that doesn't has a dedicated IP.
Moving the site that doesn't work from it's dedicated IP to the shared one solved the issue!!
but when I assigned the site a new dedicated IP it became inaccessible again for the external service.

does anyone have any idea what the problem could be?
thanks in advance for your help.

 

[tank]

Sounds like a NS problem. Check your A records in the DNS zone

 

[itwebteam]

I see : .domain.com. 14400 IN A dedicated_IP/Shared_IP (depending on the settings) - nothing unusual here (but I'm no expert)

 

[itwebteam]

does anyone have a clue?

 

[cPanelTristan]

Does the dedicated IP ping? It sounds like a network routing issue more than an NS issue to me. If the IP is either not pinging or not routing to your machine, then that's why it isn't accessible when on the dedicated IP.

If the dedicated IP isn't pinging, try to restart ipaliases to see if it works then:

/etc/init.d/ipaliases restart

If it does work upon an ipaliases restart, check if avahi-daemon is withdrawing the IP during a network restart in /var/log/messages:

grep dedIP# /var/log/messages

Where dedIP# is the dedicated IP number that isn't working for the site.

Now, if the IP is pinging, it might not be routing to your machine. A simple test to see if that's the case would be to telnet to port 25 for that IP, since port 25 will display the server's hostname as a mailhelo banner:

telnet dedIP# 25

If you see a hostname other than your machine, then the IP is routing to a different machine.

If the IP is pinging and it is routing to the right machine, then the only other issues I can think of would be:

1) The nameservers for the domain are not controlled by your machine but on another machine and those nameservers have the A record IP hard-coded to the shared one instead.
2) The machine is using a NAT-based setup and the account has the wrong record in httpd.conf over the zone file for the account. In a NAT setup, the backend IP would be used in httpd.conf file and the zone file would have the frontend IP, and the backend IP needs to route properly on the network to translate to the frontend IP.

#2 seems unlikely for this scenario, since it would be pertinent information to provide initially, so I doubt you are using NAT on the machine anyway.

 

[itwebteam]

hi Tristan,
thank you very much for the detailed response. I really appreciate your efforts.
the dedicated IP's are ping-able, without a problem.
I also can telnet to them.
on the nameservers issue: I have two nameservers, pinging one, I get the shared IP, pinging the other, I get one of the dedicated IP's ,
I don't know what I should try next.

again, for me, and 80% of visitors there are no visible issues, but the number of complaints from people that aren't able to access the site(s) grows

 

[cPanelTristan]

Could you open up a ticket about the issue to see if we can discern anything wrong with the setup? It would probably be easier to troubleshoot via our help desk instead. You can open up a ticket using WHM > Support Center > Contact cPanel or using the link in my signature.

 

[itwebteam]

thank you, Tristam, will do