Easiest Way to change Address of Master and Slave DNS's
wllarso at swcp.com
Wed May 17 16:45:02 UTC 2006
On May 17, 2006, at 8:43 AM, <vze8j5fg at verizon.net> wrote:
>> From: Barry Finkel <b19141 at achilles.ctd.anl.gov>
>> Date: Wed May 17 08:32:05 CDT 2006
>> To: bind-users at isc.org
>> Subject: Re: Easiest Way to change Address of Master and Slave DNS's
>> Martin McCormick wrote, in part:
>>>> Due to some network reorganization, there are some who
>>>> would like to change the IP addresses of our master and slave
>>>> domain name servers. We haven't changed these
>>>> A records in twelve years. Since then, we have expanded from
>>>> supporting one
>>>> forward zone and a couple of reverse zones to 77 forward zones
>>>> registered by almost as many different people through many
>>>> If we must do this, is there any elegant way to
>>>> keep from having to handle these domains one at a time? I am 98%
>>>> certain the answer is no, but I will ask anyway.
>> and Mark Andrews <Mark_Andrews at isc.org> replied:
>>> Well if the nameservers only have single names each (which
>>> is why NS records take names not IP addresses) you only
>>> need to change the host records for the nameservers.
>> There also is the problem of clients that have the IP addresses of
>> the name servers buried inside TCP/IP configurations, and those
>> name servers are referenced by IP address. All of the local clients
>> of the DNS servers whose IP addresses are changing will have to
>> change the IP addresses in the TCP/IP configurations.
> also, if there are any caching servers that point to the master and/or
> slave, then those addrs in the named.conf need to change too
> BTW, if it is possible, I would suggest changing one of the servers
> (either master or slave) at one time, make sure the new is answering
> then change the second to minimize impact.
To prolong this thread just a little more, but getting fairly off topic
from the original question.
I would suggest that you keep the current server IP addresses
functioning for a while. These IP addresses can even be aliases on the
actual servers. The idea is to simply insure that any queries directed
to the old addresses are still answered and continue to do this until
the old addresses are out of circulation.
You will still have to contact the domain registrar for each domain
that is being served to update the DNS server identification for the
domain. This is a domain registration issue and would have to be taken
up with the registrar.
If all of these zones use the same DNS servers (by name), then simply
changing the IP addresses of these servers in the server domain SHOULD
take care of the problem. (I'm talking about a server named
"dns1.example.com" having been identified as the server for the
"example1.com" and "example2.com" zones. Then simply changing the IP
address of "dns1.example.com" with the registrar for the "example.com"
domain should work.)
One possibility to consider is using query logging on the old server
watching for any queries coming to the old address. With the delegation
by the parent servers corrected, information in the zone files updated,
and the TTL for the old information expired, then these queries to the
old addresses should be limited to systems that have the old server IP
addresses hardcoded in their configuration. This query logging would
allow you to identify these systems and contact the administrators of
these systems to get the configurations changed.
When the query logs no longer show any queries to the old addresses, at
least queries that you are going to concern yourself about, then you
can disable the old IP addresses from your servers. (When the list of
root servers was updated, the old addresses still would provide DNS
information and were not simply shut down.) Maintaining DNS service,
even or legacy systems, is one of the "costs" that I see as inherent in
the operation of a DNS service.
More information about the bind-users