I don’t know MXToolbox, but most diagnostic services won’t use caching DNS servers, so will resolve every lookup to support faster diagnosis of current configurations.
The issue is the downstream caching DNS servers - IOW, your users.
I recently moved my box as well. This might be helpful:
The important thing to remember is you want to get the new box up and working completely (including restoring the backup) before you do anything with the SSL certificates or move your glue records.
If you try to address those too soon, you end up in less than fun place.
1 Like
After the backup is restored you are advised to run sudo mailinabox. Doing this will readjust all the settings as needed.
@openletter @blinkingline @alento
Cool. Thanks for everyone’s help. Apologies for not replying sooner. There is a limit on posts for new accounts and I reached mine pretty quickly.
@openletter Thanks for being there from the start and helping to talk me through my thoughts. Helped me to focus at how I needed to approach this process.
@blinkingline Thanks for the link. I did see that post and it helped a little to clarify what I experienced. You really do need to make sure the order is correct.
@alento That’s what I did the first time and got myself into trouble. I realised that I have to wait for the registrar records to update properly before I do that otherwise I’ll get SSL errors and everything goes pair shaped and Nginx looks at me strangely, shrugs it’s shoulders and shuts down. I know it’s probably not good protocol, but I added the server IP address A and AAAA records into the custom DNS and everything is happy right now. Update: - I have conducted sudo mailinabox and everything is still happy. The A and AAAA records that I created are still showing in custom DNS, but they don’t seem to causing any problems at this stage. A bit scared to delete them to be honest. Would it be fair to say I would delete them and then do sudo mailinabox again to restore the records correctly?
The only issue I’ve got right now is that for some reason my phone is not going to the new site. I’ve cleared the browser cache, tried a different browser and it still doesn’t connect. Every other dns server on the planet has changed and even my Mac running on the same network connects now. Even my iPad connects to the new box email address. The phone is being used as the hotspot so is serving the dns to all the other devices. Weird, strange and just weird. I guess it’s a way to check that all my other devices are connecting to the right place. Time I guess.
The process as I see it -
-
create a new server and install Mailinabox - follow the install procedure up to the point where the server is accessible from the web interface. Don’t go installing certs or worrying about anything else. (This is where I encountered the OwnCloud permissions error, but my guess is that the backup may have written over that issue - I’ll monitor it and see what happens.)
-
create your last back up on the old server and if you want you can firewall this off from the rest of the world if it’s just doing email.(as email delivery will continue to make attempts while the server is down)
-
transfer the backup to the new server along with your secret_key.txt file.
Note: Don’t completely harden the new server until you transfer the backup this way you can transfer it directly between servers using scp. (I hardened beforehand so transfer had to be done via my own computer). -
Restore the new server with the backup file that has just been transferred.
- At this stage don’t get concerned about anything like rDNS, or certs or if the ns servers are pointing in the right direction.
-
At your registrar point the glue records to the new server.
-
Wait for these updates to propagate enough that the new server sees that the registrar is pointing at it. - It will tell you in the Control Panel System checks.
-
Now it is safe to do the Mailinabox reinstall process which will update your server’s A records and make things nice.
-
Now that the server is happy with the glue records and all of that is humming it is a good time to sort the rDNS and anything else like DNSSEC etc.Harden the server eg SSH password settings, login hardening etc.
-
At this point you should have a happy server.
The SSL certificates were restored with the backup so I discovered that all of that looks after itself.
It is actually an easy process. Just knowing the order of things is where I found it a little confusing.
Does the process I spelled out here seem to be correct?
In my transfer to Linode I discovered that IPv6 is automatic on their network set up. On Vultr it is optional.
So now I have an IPv6 addressing system where I didn’t before…future proofing?
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.