How To : avoid DNS propagation time with iptables

How To : avoid DNS propagation time with iptables

When it come to switch your dns from one server to another we usually struggle with DNS issue and user lost in the middle. Using Iptable can forward user going to the old server to the new one.

Okay, so some piece of code :) 

First we'll need to allow IP forwarding.

echo 1 >/proc/sys/net/ipv4/ip_forward

Add a PREROUTING rule in Iptable to redirect everything coming from port 80 to the new server (replace by your own value of course)

iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 255.255.255.128

Then we add an extra POSTROUTING rule to make the request to the new server coming from your client and not the old server

iptables -t nat -A POSTROUTING -p tcp -d 255.255.255.128 --dport 80 -j MASQUERADE

And that's it !

if for any reasons you have to remove these rule, follow these steps

List all the PREROUTING and POSTROUTING rules

iptables -L -vt nat --line-numbers

You get your previous rules with a line number. By using this line number you can delete the wanted rules (replace line-number-x by the right line number)

iptables -t nat -D POSTROUTING line-number-x

iptables -t nat -D PREROUTING line-number-x

Finally block the IP forwarding

echo 0 >/proc/sys/net/ipv4/ip_forward