Web Outage Fallback
In the event that our campus is disconnected from the internet, it is nice to have some sort of web page, instead of a useless 404 error message. To accomplish this, we have a simple web page hosted on a virtual host at on http://aurora.ctc.edu and by doing some DNS trickery, we can point users to that page instead of ours. In the event of a planned outage, we can do that DNS trickery ourselves, but if the outage is unplanned, the folks at CIS will have to do it.
I'm a unix guy, and I don't know how to do these things in Windows, so if you're using windows, hopefully these steps are generic enough to be translatable. If you have questions, let me know. We can probably decipher it together.
At many points in this howto, I recommend contacting CIS. If you need to know who to contact, send me an email. I'm not putting any contact info on this page.
How it Works
A virtual host, in web terminology, is a way to make a single web server pretend to be multiple different sites. For example one server could serve seattlecentral.edu and northseattle.edu. The web server still has only one IP address. For people who browse to 'seattlecentral.edu', DNS needs to tell them which IP address to go to. The folks at CIS have set up virtual hosts for us on their web server, aurora.
In order for people to see those virtual hosts instead of the normal web server for our hosts, DNS needs to be changed to say that our host names can be found at the IP address of aurora. Because our DNS servers will be down along with the rest of our systems, we need CIS to be an authoritative secondary name server for our domain. Then all requests for our domain's DNS info will go to CIS.
What to Do
If this is an unplanned outage, call the folks at CIS and ask them to change DNS for your domain. Read on to learn what you're trying to get them to do.
If this is a planned outage, read on.
1 - Are you set up?
Make sure you have a web page at CIS and they are an authoritative secondary DNS server for your domain. You can contact CIS or you can check for yourself.
Checking DNS
A tool like dig can give you lots of good DNS info. I just found a website that will do dig queries for you: http://www.geektools.com/digtool.php. Type in your domain, leave the other values at default and you'll get a screenful. You want this bit:
;; AUTHORITY SECTION: seattlecentral.edu. 1d23h57m34s IN NS babar.seattlecentral.edu. seattlecentral.edu. 1d23h57m34s IN NS quasar.ctc.edu. seattlecentral.edu. 1d23h57m34s IN NS celeste.seattlecentral.edu.
Quasar is listed as authoritative, so I'm a happy guy. If it's not for your domain, contact CIS and get it set up.
Checking Your Web Page
The outage web page for SCCC is located at http://www.ctc.edu/~sccc/. Substitute 'sccc' for your appropriate initials and you should be good to go. If you don't find a page there, contact CIS and make sure you have an account. You'll have to upload your own content.
Checking Virtual Host
To make a request for 'seattlecentral.edu' go to 134.39.2.119 instead of 168.156.85.15 without changing DNS for everyone, you need to change your local host's DNS resolver. In unix land, we do that by editing /etc/hosts. In windows you can edit c:\Window\System32\drivers\etc\hosts. The unix and windows hosts files use the same format.
134.39.2.119 www.seattlecentral.edu seattlecentral.edu bleem.seattlecentral.edu
As you see, it's the desired IP address followed by a space-separated list of host names. I've included a garbage name in my list because I want to make sure that the virtual host works for all names under seattlecentral.edu.
Then you just point your web-browser to the names you specified in your host file. If you get your main non-outage web site, your browser is probably giving you a cached copy or you're behind a proxy. If you get an error, it could be because the virtual host isn't set up. If you get the outage page, you're happy.
Here's an article about hosts and lmhosts files in windows. For our purposes, you really want to use 'hosts' not 'lmhosts'. http://support.microsoft.com/kb/105997.
2 - Shorten DNS TTL
The tricky thing about DNS is caching. Sites all over the internet cache DNS results to save time and bandwidth, so a change you make now might not be noticed for a long time. Luckily, you can specify how long a result should be cached for. This is called the Time To Live or TTL. In unix and BIND, you can set this value for a domain inside a zone file by setting the $TTL variable and any records with specific TTLs specified. Here's a link to a site describing that for BIND: http://zytrax.com/books/dns/apa/ttl.html.
So, for our situation, you want to shorten the TTL for the DNS records of your DNS servers to a very short value, like 5 minutes. Have a look at your current TTL so see how soon you need to do this. If your TTL is a week, you need to shorten your TTL more than a week before the outage.
3 - Switch
Just before the outage, change your DNS records so your web server points to aurora. In BIND, that might look like
$TTL 300 # 5 minutes seattlecentral.edu A 134.39.2.119 www.seattlecentral.edu CNAME aurora.ctc.edu.
We have to use an A record for seattlecentral.edu because you can't use a CNAME if you also have any other records with the same name and because seattlecentral.edu is the name of the domain as well as the name of the web server, it has an SOA record, and so can't have a CNAME.
For any other web servers we use a CNAME. A CNAME is better because it works even if the IP address of aurora changes. Remember to put a '.' at the end of the address pointed to the CNAME.
4 - Switch Back
After the outage is over, just put your old DNS config back into place and everything should return to normal. Quasar will get the new DNS config automatically, so it really should just work. Don't forget to return your DNS TTL to a higher value after you've tested and everything is fine.