Switching Host

Josh Knepfle josh at sparkpeople.com
Thu Jul 8 12:40:16 UTC 2004 

"Barry Margolin" <barmar at alum.mit.edu> wrote in message
news:cci308$2hiu$1 at sf1.isc.org...
> In article <cchsoc$24th$1 at sf1.isc.org>,
>  joshknepfle at gmail.com (Josh Knepfle) wrote:
> > The issue that I'm currently having is that one of the DNS servers
> > from the ISP in our office is still using the old DNS server from our
> > domain name registration to get the IP for our domain.  The other is
> > fine.  I can fix that for myself, no problem.  The issue I'm facing
> > is, what if other ISPs are doing the same, even though it would seem
> > that they shouldn't?  I called our ISP and they said that as long as
> > the old hosting facility's DNS servers are claiming to be the
> > authority for our DNS, their DNS servers are going to continue to look
> > to them for our IP address.  That doesn't seem to make logical sense
> > to me.  I can think of a case where a company wished to switch
> > providers, but where the old provider never removed the entries in
> > their DNS servers, so that some segment of the population continued to
> > look to their DNS servers for the IP addresses.  In that case, a
> > malicious provider could force a client to never be allowed to leave.
> >
> > Ok...assuming that that IS the case, and the rules of "what should be"
> > have been broken...what can I do?  My thinking is that the ISP in my
> > office has their DNS servers set up improperly since one of the DNS
> > servers I'm using here in the office is correct and the other is not.
> > Any thoughts?
>
> What happens is that every time a server queries the old ISP's servers,
> the response includes the domain's NS records in the Authority section,
> and these update the TTLs of those records.  As long as it queries the
> old servers more often than the old TTL, the old NS records will never
> expire from the cache, and the server will never have to go to the TLD
> server to get new NS records.

So does this say that unless you have the cooperation of your "old" ISP,
people are not going to be able to get to your servers at the new host?  Is
this a known issue with the whole system?

>
> What you should do is tell the old ISP to configure their servers as
> slaves to the new ISP (if your new ISP blocks zone transfers by default,
> you need to have them add the old ISP's servers to the ACL).  That way,
> they'll give out the *new* NS records, and the old ones will soon expire
> from caches.

Would it also work to totally remove the zone files for our domains?  My
theory is that anyone asking our old ISP "where we are" would not get a
response, so would go to "higher authorities".

Thanks for your help!!!

More information about the bind-users mailing list