Migrating Users between domains

Danny Mayer mayer at gis.net
Thu Feb 28 19:28:22 UTC 2002

At 07:40 AM 2/27/2002, graham.lake at trelleborg.com wrote:

>We are migrating users from one internal local DNS schema to an internal
>hierarchical company wide DNS schema. Where we are setting up DNS for the
>first time on a site we have no problem, but where we are migrating users
>from the local schema to the new schema we are having problems with
>resolving queries. This is the situation:
>We have two DNS servers set up on Linux using BIND 8.3.x; 'DNS1' is master
>for domain 'hghdns.xxx' (actual name!) on, 'DNS2' is master for
>domain 'hgh.tau.trelleborg.com' on The clients are WinNT or
>Win2k PCs, with the two IP addresses set in the DNS servers field; they do
>not have an entry in the domain name field, but they do have 'hghdns.xxx'
>in the Domain Suffix Search Order field.
>When DNS2 is started the clients cannot get queries resolved - I thought
>that the client would query one of the servers & if it didn't get an answer
>then it would query the other one, but that doesn't appear to be the case.
>Shouldn't this work?

There's something wrong with DNS2. What errors do you see in the logs?
You can't assume that the Windows boxes will fail over to the other server
particularly if DNS2 has responded to the client with a negative response.

>To try & overcome the problem we have set the 'forwarders' entry in DNS2
>named.conf to '' so that if DNS2 couldn't resolve a query it
>passed it to DNS1 for resolving: that worked OK with NT PCs, but not with
>Win2k PCs!

I have absolutely no idea why you think that using forwarders will do
anything for the clients. Furthermore, a forwarders clause means that
it will forward first to DNS1 and it will not itslef attempt to resolve 
that it is not authorative for. W2k has a DNS cache service so it's
getting data out of its local cache.  Disable the service to have it
behave more like the WNT boxes.

>DHCP is currently available on the site, but they are not using it at the
>moment to propagate the DNS server info.
>What is the best way to migrate the users from the 'hghdns.xxx' domain to
>the 'hgh.tau.trelleborg.com' domain without losing resolution of queries?

You keep your DNS Servers authorative for both the old and new zones
while you migrate your PC's one at a time to the new domain. When
you have completed the migration you need to look for URL's and
other links that may have the old domain name embedded in it.
Then stop serving the old zone and see what else breaks.

>I look forward to receiving your advice.
>- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>This e-mail is intended only for the addressee named above and may contain
>confidential information. If you are not the intended recipient, please let
>us know immediately by return e-mail and then delete this e-mail, without
>disclosing or copying the contents.

This is most unlikely.  This is a public forum.


More information about the bind-users mailing list