moving a name server
asim khan
asim.khan at kcl.ac.uk
Tue Feb 10 16:32:55 UTC 2004
Dear ISC Bind,
The project:
Move the zone umds.ac.uk - currently authorative by the name server
macduff hosted on lime .
Name server iguana to be authorative for zone umds.ac.uk aswell as
kcl.ac.uk to hosted on whitebeam/hawthorn cluster.
The following I think relate to this :
Configuring a Name Server as Authorative for Multiple Zones
Preventing Remote Name Servers from Caching a Resource Record
Moving a Host
Moving a Name Server
Changing Your Zones Name Server
My plan for the move is this :
1. The TTL has to be reduced on macduff so the caching for the zone
umds.ac.uk is updated for the new name server on iguana
2. NS record to be iguana for zone umds.ac.uk
3 Wait for the new authorative name server to take over for the zone
with cache records recording the new name server aswell.
4. macduff on lime IP address can be removed from the kclnameservers acl
5. prospero slave nameserver should indicate the new IP in the master {
137.73.2.5; };.
This is the named.conf for the authorative names server iguana for zone
kcl.ac.uk amongst others:
// Use with the following in named.conf, adjusting the allow list as
needed:
key "rndc-key" {
algorithm hmac-md5;
secret "I have taken this out for security";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
acl kings {
137.73/16;
159.92/16;
193.60.112.0/20;
193.61.72.0/21;
193.61.200.0/21;
194.81.237.0/24;
194.83.136.0/21;
193.63.184.0/22;
};
acl ahdsyork {
144.32.128.230;
};
acl kclnameservers {
137.73.173.4;
137.73.173.12;
137.73.2.29;
137.73.2.36;
137.73.2.5;
137.73.2.8;
137.73.3.11;
137.73.36.155;
137.73.37.45;
137.73.37.48;
137.73.37.56;
137.73.6.160;
137.73.7.21;
159.92.16.13;
159.92.224.7;
193.61.206.5;
193.63.106.100;
193.63.106.103;
193.63.106.103;
};
acl secondary {
130.88.200/24; // dir.mcc.ac.uk
150.237.128.27; // warpserver.ucc.hull.ac.uk.
};
acl kclservers {
137.73.2/23;
137.72.66/23;
159.92.16.13;
159.92.16.14;
159.92.224.7;
};
logging {
category "xfer-in" {
"default_syslog";
};
category "xfer-out" {
"default_syslog";
};
category "queries" {
"default_syslog";
};
};
options {
directory "/var/dns/";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
pid-file "/var/dns/run/named.pid";
allow-transfer {
kclnameservers;
};
allow-notify {
kclnameservers;
};
allow-recursion {
kings;
};
recursive-clients 2000;
lame-ttl 600;
max-ncache-ttl 1800;
version "10";
listen-on { 137.73.2.5 ;
137.73.3.11;
137.73.2.8;
};
notify-source 137.73.2.5;
transfer-source 137.73.2.5;
};
//
// --- Named/Bind driving file /etc/named.boot
//
//
// --- File holding universal nameservers
//
view "catchall" {
match-clients { any ; } ;
zone "." {
type hint;
file "static/named.root";
};
//
// --- This is a primary server for...
//
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "static/db.127";
};
zone "0.IN-ADDR.ARPA" {
type master;
file "static/db.0";
};
zone "255.IN-ADDR.ARPA" {
type master;
file "static/db.255";
};
//
// --- This is a secondary server for...
//
zone "umds.ac.uk" {
type slave;
file "newslave/zone.umds.ac.uk";
masters {
159.92.16.13;
};
};
zone "92.159.IN-ADDR.ARPA" {
type slave;
file "newslave/rzone.umds.ac.uk";
masters {
159.92.16.13;
};
};
zone "uk" {
type slave;
file "newslave/zone.uk";
masters {
128.16.5.32;
};
};
zone "kcl.ac.uk" {
type master;
file "newmaster/zone.kcl.ac.uk";
allow-transfer { kclnameservers ; secondary; } ;
also-notify {
137.73.173.4;
159.92.16.13;
159.92.224.7;
193.61.206.5;
};
};
zone "73.137.in-addr.arpa" {
type master;
file "newmaster/rzone.kcl.ac.uk";
allow-transfer { kclnameservers ; secondary; } ;
also-notify {
137.73.173.4;
159.92.16.13;
159.92.224.7;
193.61.206.5;
};
};
zone "ahds.ac.uk" {
type master;
file "newmaster/zone.ahds.ac.uk";
allow-transfer {ahdsyork;kclnameservers;};
};
zone "icsa.ac.uk" {
type master;
file "newmaster/zone.icsa.ac.uk";
};
zone "iaac.ac.uk" {
type master;
file "newmaster/zone.iaac.ac.uk";
};
zone "ccwp.ac.uk" {
type master;
file "newmaster/zone.ccwp.ac.uk";
};
zone "cvma.ac.uk" {
type master;
file "newmaster/zone.cvma.ac.uk";
};
zone "crsbi.ac.uk" {
type master;
file "newmaster/zone.crsbi.ac.uk";
};
zone "kcl.tv" {
type master;
file "newmaster/zone.kcl.tv";
};
zone "ispan.ac.uk" {
type master;
file "newmaster/zone.ispan.ac.uk";
};
zone "courtauld.ac.uk" {
type master;
file "newmaster/zone.courtauld.ac.uk";
};
zone "stmary-le-strandcharity.org.uk" {
type master;
file "newmaster/zone.stmary-le-strandcharity.org.uk";
};
zone "smlsc.org.uk" {
type master;
file "newmaster/zone.smlsc.org.uk";
};
zone "icar.org.uk" {
type master;
file "newmaster/zone.icar.org.uk";
};
zone "mykcl.com" {
type master;
file "newmaster/zone.mykcl.com";
};
zone "184.63.193.IN-ADDR.ARPA" {
type master;
file "newmaster/rzone.184.63.193";
};
zone "185.63.193.IN-ADDR.ARPA" {
type master;
file "newmaster/rzone.185.63.193";
};
zone "186.63.193.IN-ADDR.ARPA" {
type master;
file "newmaster/rzone.186.63.193";
};
zone "187.63.193.IN-ADDR.ARPA" {
type master;
file "newmaster/rzone.187.63.193";
};
zone "dcs.kcl.ac.uk" {
type slave;
file "newslave/zone.dcs.kcl.ac.uk";
masters {
137.73.8.3;
};
};
zone "8.73.137.IN-ADDR.ARPA" {
type slave;
file "newslave/rzone.8.73.137";
masters {
137.73.8.3;
};
};
zone "9.73.137.IN-ADDR.ARPA" {
type slave;
file "newslave/rzone.9.73.137";
masters {
137.73.8.3;
};
};
zone "smd.kcl.ac.uk" {
type slave;
file "newslave/zone.smd.kcl.ac.uk";
masters {
193.61.206.5;
};
};
zone "112.60.193.IN-ADDR.ARPA" {
type slave;
file "newslave/rzone.112.60.193";
masters {
193.61.206.5;
};
};
zone "113.60.193.IN-ADDR.ARPA" {
type slave;
file "newslave/rzone.113.60.193";
masters {
193.61.206.5;
};
};
zone "114.60.193.IN-ADDR.ARPA" {
type slave;
file "newslave/rzone.114.60.193";
masters {
193.61.206.5;
};
};
zone "115.60.193.IN-ADDR.ARPA" {
type slave;
file "newslave/rzone.115.60.193";
masters {
193.61.206.5;
};
};
zone "116.60.193.IN-ADDR.ARPA" {
type slave;
file "newslave/rzone.116.60.193";
masters {
193.61.206.5;
};
};
zone "117.60.193.IN-ADDR.ARPA" {
type slave;
file "newslave/rzone.117.60.193";
masters {
193.61.206.5;
};
};
zone "118.60.193.IN-ADDR.ARPA" {
type slave;
file "newslave/rzone.118.60.193";
masters {
193.61.206.5;
};
};
zone "119.60.193.IN-ADDR.ARPA" {
type slave;
file "newslave/rzone.119.60.193";
masters {
193.61.206.5;
};
};
zone "120.60.193.IN-ADDR.ARPA" {
type slave;
file "newslave/rzone.120.60.193";
masters {
193.61.206.5;
};
};
zone "121.60.193.IN-ADDR.ARPA" {
type slave;
file "newslave/rzone.121.60.193";
masters {
193.61.206.5;
};
};
zone "122.60.193.IN-ADDR.ARPA" {
type slave;
file "newslave/rzone.122.60.193";
masters {
193.61.206.5;
};
};
zone "123.60.193.IN-ADDR.ARPA" {
type slave;
file "newslave/rzone.123.60.193";
masters {
193.61.206.5;
};
};
zone "72.61.193.IN-ADDR.ARPA" {
type slave;
file "newslave/rzone.72.61.193";
masters {
193.61.206.5;
};
};
zone "73.61.193.IN-ADDR.ARPA" {
type slave;
file "newslave/rzone.73.61.193";
masters {
193.61.206.5;
};
};
zone "74.61.193.IN-ADDR.ARPA" {
type slave;
file "newslave/rzone.74.61.193";
masters {
193.61.206.5;
};
};
zone "75.61.193.IN-ADDR.ARPA" {
type slave;
file "newslave/rzone.75.61.193";
masters {
193.61.206.5;
};
};
zone "76.61.193.IN-ADDR.ARPA" {
type slave;
file "newslave/rzone.76.61.193";
masters {
193.61.206.5;
};
};
zone "77.61.193.IN-ADDR.ARPA" {
type slave;
file "newslave/rzone.77.61.193";
masters {
193.61.206.5;
};
};
zone "78.61.193.IN-ADDR.ARPA" {
type slave;
file "newslave/rzone.78.61.193";
masters {
193.61.206.5;
};
};
zone "79.61.193.IN-ADDR.ARPA" {
type slave;
file "newslave/rzone.79.61.193";
masters {
193.61.206.5;
};
};
zone "200.61.193.IN-ADDR.ARPA" {
type slave;
file "newslave/rzone.200.61.193";
masters {
193.61.206.5;
};
};
zone "201.61.193.IN-ADDR.ARPA" {
type slave;
file "newslave/rzone.201.61.193";
masters {
193.61.206.5;
};
};
zone "202.61.193.IN-ADDR.ARPA" {
type slave;
file "newslave/rzone.202.61.193";
masters {
193.61.206.5;
};
};
zone "203.61.193.IN-ADDR.ARPA" {
type slave;
file "newslave/rzone.203.61.193";
masters {
193.61.206.5;
};
};
zone "204.61.193.IN-ADDR.ARPA" {
type slave;
file "newslave/rzone.204.61.193";
masters {
193.61.206.5;
};
};
zone "205.61.193.IN-ADDR.ARPA" {
type slave;
file "newslave/rzone.205.61.193";
masters {
193.61.206.5;
};
};
zone "206.61.193.IN-ADDR.ARPA" {
type slave;
file "newslave/rzone.206.61.193";
masters {
193.61.206.5;
};
};
zone "207.61.193.IN-ADDR.ARPA" {
type slave;
file "newslave/rzone.207.61.193";
masters {
193.61.206.5;
};
};
zone "237.81.194.IN-ADDR.ARPA" {
type slave;
file "newslave/rzone.237.81.194";
masters {
193.61.206.5;
};
};
};
view "internal" {
match-clients { 192.168.10.0/24;137.73.145.0/26; };
recursion yes;
zone "internal.kcl.ac.uk" {
type master;
file "newmaster/zone.internal.kcl.ac.uk";
allow-transfer {
kclnameservers;
};
};
zone "10.168.192.in-addr.arpa" {
type master;
file "newmaster/rzone.internal.kcl.ac.uk";
allow-transfer {
kclnameservers;
};
};
};
This is the named.conf for the currently macduff nameserver as
authorative umds.ac.uk zones:
bash-2.05# cat /usr/local/etc/named.conf
key "rndc-key" {
algorithm hmac-md5;
secret "I have taken this out for security";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
acl kings {
137.73.0.0/16;
159.92.0.0/16;
193.60.112.0/20;
193.61.72.0/21;
193.61.200.0/21;
194.81.237.0/24;
194.83.136.0/21;
193.63.184.0/22;
};
acl kclnameservers {
137.73.173.4;
137.73.173.12;
137.73.2.0/24;
137.73.36.155;
137.73.37.45;
137.73.6.160;
137.73.7.21;
159.92.16.13;
159.92.16.12;
159.92.224.7;
193.61.206.5;
193.63.106.100;
193.63.106.103;
};
acl secondary {
130.88.200/24; // dir.mcc.ac.uk
};
acl rayne {
159.92.136.10;
};
options {
directory "/var/dns";
version "524";
query-source address * port 53;
notify yes;
allow-transfer { kclnameservers ;
secondary ;
} ;
allow-notify {
137.73.2.5;
137.73.2.8;
};
allow-recursion {
kings;
};
allow-query {
any ;
};
pid-file "run/named.pid";
lame-ttl 600;
max-ncache-ttl 1800;
statistics-file "run/stats.db";
};
//
// --- Named/Bind driving file /etc/named.boot
//
//
// --- File holding universal nameservers
//
zone "." {
type hint;
file "static/named.root";
};
//
// --- This is a primary server for...
//
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "static/db.127";
};
zone "0.IN-ADDR.ARPA" {
type master;
file "static/db.0";
};
zone "255.IN-ADDR.ARPA" {
type master;
file "static/db.255";
};
zone "umds.ac.uk" {
type master;
file "master/zone.umds.ac.uk";
allow-transfer {
kclnameservers ;
secondary ;
};
notify yes;
also-notify {
137.73.2.5;
137.73.2.8;
137.73.173.4;
159.92.224.7;
159.92.16.12;
};
};
zone "ecrhs.org" {
type master;
file "master/zone.ecrhs.org";
allow-transfer {
kclnameservers ;
secondary ;
};
notify yes;
also-notify {
137.73.2.5;
137.73.2.8;
137.73.173.4;
159.92.224.7;
};
};
zone "92.159.IN-ADDR.ARPA" {
type master;
file "master/rzone.umds.ac.uk";
notify yes;
allow-transfer {
kclnameservers ;
secondary ;
};
also-notify {
137.73.2.5;
137.73.2.8;
137.73.173.4;
159.92.224.7;
159.92.16.12;
};
};
//
// --- This is a secondary server for...
//
zone "uk" {
type slave;
file "slave/zone.uk";
masters {
217.79.164.131;
195.66.240.130;
213.219.13.131;
};
allow-transfer { kclnameservers ; } ;
};
zone "kcl.ac.uk" {
type slave;
file "slave/zone.kcl.ac.uk";
allow-transfer { kclnameservers ; } ;
masters {
137.73.2.5;
137.73.2.8;
};
};
zone "73.137.in-addr.arpa" {
type slave;
file "slave/rzone.kcl.ac.uk";
allow-transfer { kclnameservers ; } ;
masters {
137.73.2.5;
137.73.2.8;
};
};
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Asim Khan
Information Services & Systems
King's College London
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
More information about the bind-users
mailing list