Easiest Way to change Address of Master and Slave DNS's
Mark Andrews
Mark_Andrews at isc.org
Tue May 16 00:44:55 UTC 2006
> Due to some network reorganization, there are some who
> would like to change the IP addresses of our master and slave
> domain name servers. We haven't changed these
> A records in twelve years. Since then, we have expanded from supporting one
> forward zone and a couple of reverse zones to 77 forward zones
> registered by almost as many different people through many companies.
>
> If we must do this, is there any elegant way to
> keep from having to handle these domains one at a time? I am 98%
> certain the answer is no, but I will ask anyway.
>
> I have been counseling strongly against making this much
> work for ourselves due to the twin problems of having to change
> all those domains one at a time and the public-education campaign
> explaining the resolver changes effecting those literally hundreds, possibly
> thousands of systems that have had hard-coded DNS addresses which
> were "set up by Dr. Jeckle X years ago and he has since
> gotten fired and won't get out of Federal Prison until
> 2020-something/died/left in an 8-cylinder huff/graduated, etc, and now you're
> doing what!?"
>
> That reference to being fired and Federal prison actually
> covers one domain. A whois run just 6 minutes ago as I write
> this message still lists the individual in question as the registrant
> and there is an active web page at that address.:-) Darn, no
> Federal Bureau of Prisons inmate number in the admin contact
> field. What a day!
>
> Seriously, any constructive ideas are greatly appreciated.
>
> Martin McCormick WB5AGZ Stillwater, OK
> Systems Engineer
> OSU Information Technology Department Network Operations Group
Well if the nameservers only have single names each (which
is why NS records take names not IP addresses) you only
need to change the host records for the nameservers.
I would add new boxes. Make the old master a slave of the
new box. Make the old slaves use the new master. Change the
address records so that the old boxes are stealth slaves.
Update whois. Wait for the glue records to be update and
the TTL's of both the old glue and old address records to
expire.
At this point all external clients should be using the new
authoritative servers.
Then you need to look at the query logs on the old boxes
and chase down who is still using them. You will have
non-recursive queries (SOA and AXFR/IXFR) for slaves you
weren't aware of. You will have recursive queries for
machine which have them configured into stub resolvers or
as forwarders.
If you are using DHCP don't forget to update the DHCP
configuration.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list