Help with DNS issue - webhost and management co blaming eachother

We have provided 45 websites through a developer for our parishes. Over the Thanksgiving holiday, the developer stood up a new server and moved all of the parish websites. This required changing A-records for all 45 websites. I am having problems with 1 of the 45.

I don’t manage the DNS for the one problem website, a local service provider does. I do manage DNS for the 44 other parish sites and they made it through the move successfully.

Here is the problem which did not exist before the move:

If you visit the site by typing only the domain name, stmarkmtcalvary.church, the sub-menu items work but all of the new browsers are calling the website unsafe.

If you visit the site by using the full URL, https://www.stmarkmtcalvary.church, the website loads but sub-menu items do not work.

The developer said to ask the managed service provider to ensure there are 2 A-Records both pointing to the IP. One should have a host of @ and the other should have a host of www.

The service provider says the have looked at the problem and they are not the cause. They said they only need to create 1 A-record but won’t tell me which one. He said something about only the webhost would need an A-record using @ not them so I assume that’s the one they won’t create.

  • The service provider sent me a screen shot from Free DNS checker which he says proves they are not the problem.

  • The web host/developer says they aren’t the problem either.

I don’t know enough to figure out where the problem lies. Is there a security reason why they wouldn’t want to create two A-records?

From the look of it they have an A record on the base domain and a cname on www pointed to the base domain. This is perfectly fine and should work exactly the same as two A records. Clicking through the site I get 404 errors on any pages in the menu meaning your server is erroring out. I hate to break the “it is always DNS” rule, but that doesn’t seem like DNS to me.

Chris

Yeah; looking at things this looks like pretty lazy web “development” to me. LinkChecker reports 28/46 links on the home page to be 404’s. That’s nothing to do with DNS.

Looks like there may be a problem with the https configuration. The site works if you use http but not if you use https. Might be redirects or proxy settings in the config that need fixing.

The broken links are a symptom of the problem not the result of lazy development. Those links weren’t broken until the problem started.

Having managed too many web servers in the past, this looks strongly like an issue with the new server’s Apache configuration.

If it were my website, I would first start looking at the Apache logs, and very likely it will point you to the ssl and/or redirect configuration of the site.

Both stmarkmtcalvary.church and www.stmarkmtcalvary.church work fine on http but not https, and DNS A records and CNAME records are protocol agnostic, so I don’t see how this could be a DNS issue.

There’s a chance that the https portion of the site’s redirect rules might be in a config block somewhere that only applies to the old IP address, or possibly the new server’s redirect rules were only added to the http path.

With all that said: If you let your service provider know that while you agree their method should work fine, it is important to you that they use both A-Records in order to satisfy the developer so they will continue troubleshooting, they will likely make the change.

All of our domains have www as a CNAME record aliasing to the base domain, which is either an A-record or ANAME depending on the web host.

I’d love to hear how this ends out. Server migrations are always nerve-racking and I hate you’re having to manage this without direct access to either system.