Bind Migration best practice steps

John Miller johnmill at brandeis.edu
Wed Dec 17 01:34:55 UTC 2014 

Thanks for the response, John.  Helps a bunch to know that you just
have the single zone to worry about.  I also did a quick dig on
education.ucsb.edu (NS & SOA records).  Looks like you're not running
any of your own slaves, but are making use of two main university
servers as slaves: ns1.ucsb.edu & ns2.ucsb.edu.

So... copy the zone file directly or set up the 9.8.1 box as a slave?
You've only got one zone, so personal preference would be just to copy
 over your zone file and config; that'd keep you from having to set up
the 9.8.1 server in slave mode at all.  Obviously if you have a ton of
churn in your zones (frequent dynamic updates, for example), that'd
change things.  I suspect you're OK there, though :-).

At that point, just test the 9.8.1 server to make sure it's ready,
give your upstream DNS admins a shout (perhaps have them test zone
transfers against the new server), then schedule the IP swap.
Shouldn't have to take much more downtime than an ifdown on the old
guy and an ifup on the new one (and any ARP stuff on your routers).
You have two slaves that can cover for you during this brief window,
so downtime will be minimal.

John

On Tue, Dec 16, 2014 at 6:30 PM, John Goubeaux
<goubeaux at education.ucsb.edu> wrote:
> Thanks for the quick reply John,
>
> I answered some of the items in-line
>
>
>> Hi John,
>>
>> First things first, some more info on your overall DNS infrastructure
>> and how the 9.3.2 server fits in would be helpful.
>>
>> - Is this for education.ucsb.edu, other zones, or both?
>
>
> The NS is ONLY for  education.ucsb.edu
>
>> - Is the 9.3.2 server authoritative-only, or does it serve recursive
>> requests as well?
>
>
> It is autoritative for education.ucsb.edu only
>
>> - Is the 9.3.2 server listed in any of the NS records of the zones you
>> host, or just the SOA record (public vs. hidden master?)
>
>
>
> Yes, there is an A record for it as well as the SOA records and it is
> public.
>
>> - How many slaves are you running?  Do all of your zones slave from
>> the 9.3.2 master, or do some point to other masters?
>
>
>
> I am NOT running any slaves at this point, just this one Master.
>
>> - A copy of the SOA and NS records of your zones (assuming all are
>> identical) would also be helpful, as would copies of your named.conf
>> files if you're worried about your configuration at all.
>>
>> The main principle here is that you shouldn't take down the 9.3.2
>> server until you're _sure_ the 9.8.1 server is fully ready to roll.
>> Ideally you should be able to do this with zero downtime, but much
>> depends on your setup.  It's certainly not something you want to rush.
>>
>> John
>> --
>> John Miller
>> Systems Engineer
>> Brandeis University
>> johnmill at brandeis.edu
>> (781) 736-4619
>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>> unsubscribe from this list
>>
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>
>
>
> --
> John Goubeaux
> Systems Administrator
> Gevirtz Graduate School of Education
> UC Santa Barbara
> Education 4203C
> 805 893-8190



-- 
John Miller
Systems Engineer
Brandeis University
johnmill at brandeis.edu
(781) 736-4619

More information about the bind-users mailing list