Moving networks

Roger Ward roger.ward at national-net.com
Thu Sep 25 21:10:40 UTC 2003 

I've done these three times... Here's what I think:

  - Lower TTLs now. Don't wait, it isn't "Bad" for DNS to have low ttls
(there is no reason to gradually do this, just change it and wait up to the
old TTL length for all the records to propogate world-wide).  Our company
uses a 15 minute time to live on our two nameservers for 150k+ domains (it
does put a little extra load on the nameservers, but RAM is cheap and any
resonable system can handle it - one of our nameservers is a 80mhz Sparc)

  - I agree with how you are considering the IP migration (with various
specific details, this is what we did successfully)

  - Consider changing NS2's IP now in opensrs.  Change NS1 only after the
migration is complete (that way if you need to change data to the outside
world NS1 will for SURE be used until it is offline).  To facilitate NS3
getting updates from NS1 (and all the other interconnections) even though
you haven't changed NS1's glue IP (in opensrs), ensure that your DNS for
each of your domains has updated - including the domain your nameservers are
in (i.e. you can [don't do this for long] specify completely different Ips
in YOUR dns versus the glue records in the root/TLD nameservers).  Opensrs
only has glue records, what you have in your nameservers is authoritative
for themselves (it wont' care what the root servers say) and update between
themselves accordingly.

Try to configure your servers to start a login terminal BEFORE it starts
apache (if you forget to renumber a server / reconfigure a server apache
will hang attempting to lookup certain hostnames... IF you use hostnames in
your VirtualHost directives and not IP addresses).

In short, you have a good plan, except I would suggest you change NS2's IP
as early as possible, and make sure it updates to as many foreign registries
as possible (many foreign TLDs have glue records for .com nameservers, for
instance) before the move.  I had a few problems with this, and although it
only took a few foreign domains down, it cost us two customers.

Hope this helps.  Feel free to ask more questions (offlist if unrelated to
DNS or if you choose).

--
Roger Ward
Mail / DNS Administrator
National Net, Inc.
support at national-net.com
1-877-471-9075 x 1


-----Original Message-----
Subject: Moving networks
- Gradually lower TTLs on all zones until the morning of the move I have
them down to 10 or 15 minutes.

- Imediately before moving, update IP addresses within all zones to the new
network addresses.  Allow this information to propogate via BIND's notify
mechanism from the master to the offsite NS3 server.  This usually only
takes a minute or two.  Verify the transfers in my logs and test NS3 to make
sure it's serving up the new addresses.

- Pull the plug on NS1 and NS2 and move them to the new location.  Bring
them back up at their new addresses.

At what point in time should I update the IP addresses of NS1 and NS2 with
our registrar (OpenSRS)?  Does it make any difference if this is done before
the move, in anticipation of the 48 hour TTL on glue records, or should it
be done only after the servers have been moved?

What else am I forgetting?

One other complication.  We do a small amount of web hosting.  Several of
our hosting customers have DNS served by other name servers.  What would be
the best way to minimize downtime for their web sites?  Coordinating DNS
changes for them at the exact time of our move (which will be on a weekend)
is going to be a nightmare, especially since none of those customer's run
their own DNS and have to request the changes through their ISP.

Thanks,
Jim

More information about the bind-users mailing list