I host a few websites for myself and family on DigitalOcean. Up until recently, I’ve always just spun up a new droplet for each site, so they were all fully independent from each other; this was the easiest and most convenient way to get a new site up and running without jeopardizing uptime on other sites if I made a mistake in configuration, and it was drop-dead easy to map a domain to a static IP. It had some security benefits, too– if one site was compromised, it wouldn’t affect the rest.
But it was also maintenance-intensive. I needed to login to multiple servers to run updates; adding plugins had to be redone over and over on each server; and obviously this was starting to get expensive. So I decided to consolidate my multiple sites on one server, using a fancy feature of WordPress called… “Multisite“. Imaginative name, I know.
The initial configuration went well, with no real hiccups (other than my accidentally rm’ing most of Apache’s configuration files– but a quick droplet rebuild took care of that[1. Yes, I could have restored the configuration without too much difficulty, but I was early enough in the build that it was faster to just start over.]). The trouble started when I had moved over the sites I was consolidating, and switched the domains to point at my new Multisite server. I spent two hours trying to figure out why one of the domains refused to point at the new server, only to discover (drumroll, please)… it was DNS. I use Pi-Hole on my home network to block malicious sites, but it also provides a DNS caching service which usually works great. In this case, however, it was pointing me back at the old server over and over, until the TTL finally expired[2. I did set the TTL to a very low number when I started this process, but the old value wasn’t updated until the original one expired.]. A quick flush of the DNS cache, and I was able to see that the domain was correctly configured. Fifteen minutes later, I had SSL up and my plugins configured.
So what’s the lesson in all this? Even when you think it’s not DNS… it’s DNS.