Primary Server Name Change

Mark Andrews marka at isc.org
Fri May 13 01:15:22 UTC 2011


In message <4DCC225F.8000701 at obsd.us>, CT writes:
> Primary Name server
> bind    - 9.7.3
> OS    - CentOS 5.6
> Authoritative for 2 zones using DNSSEC
> 
> This may be an obvious question but I will ask anyway.. :)
> 
> I want to change the name of the server
> from
> old.zone1.com
> to
> new.zone2.com
> 
> IP Address - no change
> 
> - change soa in master zone files
> - work with slaves to make sure named.conf are correct
> 
> Other than that are there any gotchas.. ??
> 
> I am wondering if I will have to "unsign" my zones
> and the upload new keysets to the registrar.

To do a graceful transition to a new nameserver you should.

* Commision the new nameserver.
* Add the new address records and wait for them to propogate to
  all authoritative servers and any cached negative responses for
  them to expire.
* Add the NS record for the new nameserver.
* Update the parent zone to ADD the new nameserver and glue.
* Wait for the old NS RRet and referrals to expire from caches.
* Remove the NS record for the old nameserver.
* Update the parent zone to REMOVE the old nameserver and glue.
* Wait for the intermediate NS RRet and referrals to expire from caches.
* Remove the old address records if they are no longer required.
* Decommision the old nameserver.

As the addresses of the new and old nameservers are the same you 
can shorten this process a little.

* Add the new address records and wait for them to propogate to
  all authoritative servers and any cached negative responses for
  them to expire.
* Update the NS RRset
 + Add the NS record for the new nameserver.
 + Remove the NS record for the old nameserver.
* Update the parent zone
 + Update the parent zone to ADD the new nameserver and glue.
 + Update the parent zone to REMOVE the old nameserver and glue.
* Wait for the old NS RRet and referrals to expire from caches.
* Remove the old address records if they are no longer required.

In all cases you re-sign the zone whenever you make changes to it.

> Thx
> CT
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the bind-users mailing list