Easiest Way to change Address of Master and Slave DNS's

Mark Andrews Mark_Andrews at isc.org
Tue May 16 00:44:55 UTC 2006

> 	Due to some network reorganization, there are some who 
> would like to change the IP addresses of our master and slave 
> domain name servers.  We haven't changed these
> A records in twelve years.  Since then, we have expanded from supporting one
> forward zone and a couple of reverse zones to 77 forward zones
> registered by almost as many different people through many companies.  
> 	If we must do this, is there any elegant way to
> keep from having to handle these domains one at a time?  I am 98%
> certain the answer is no, but I will ask anyway.
> 	I have been counseling strongly against making this much
> work for ourselves due to the twin problems of having to change
> all those domains one at a time and the public-education campaign
> explaining the resolver changes effecting those literally hundreds, possibly
> thousands of systems that have had hard-coded DNS addresses which
> were "set up by Dr. Jeckle X years ago and he has since
> gotten fired and won't get out of Federal Prison until
> 2020-something/died/left in an 8-cylinder huff/graduated, etc, and now you're
> doing what!?"
> 	That reference to being fired and Federal prison actually
> covers one domain.  A whois run just 6 minutes ago as I write
> this message still lists the individual in question as the registrant
> and there is an active web page at that address.:-)  Darn, no
> Federal Bureau of Prisons inmate number in the admin contact
> field.  What a day!
> 	Seriously, any constructive ideas are greatly appreciated.
> Martin McCormick WB5AGZ  Stillwater, OK 
> Systems Engineer
> OSU Information Technology Department Network Operations Group

	Well if the nameservers only have single names each (which
	is why NS records take names not IP addresses) you only
	need to change the host records for the nameservers.

	I would add new boxes.  Make the old master a slave of the
	new box.  Make the old slaves use the new master. Change the
	address records so that the old boxes are stealth slaves.
	Update whois.  Wait for the glue records to be update and
	the TTL's of both the old glue and old address records to

	At this point all external clients should be using the new
	authoritative servers.

	Then you need to look at the query logs on the old boxes
	and chase down who is still using them.  You will have
	non-recursive queries (SOA and AXFR/IXFR) for slaves you
	weren't aware of.  You will have recursive queries for
	machine which have them configured into stub resolvers or
	as forwarders.

	If you are using DHCP don't forget to update the DHCP

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list