New IP for Auth Servers
tcampbell at mediacomcc.com
Wed Sep 16 14:23:57 UTC 2015
I recently moved my two authoritative servers to new servers on new IP's. I did it slowly leaving the old servers up so that everyone would have time to receive the new IP for my domain. When I query everything from google's free DNS servers to my own recursive servers I show the new IP's, which is what I expected. It has been a month since I moved to the new IP's, however I am still see a ton of query's going to the old Auth servers. My authoritative servers do not have recursive turned on so all the traffic I am seeing is coming from other DNS servers and they are querying my domains for records. Did I miss something? Is that normal? Is it safe to just turn the old servers off?
Here are the queries I am seeing in the logs
16-Sep-2015 09:00:16.807 client 18.104.22.168#22202 (ns2.mcomdc.com): query: ns2.mcomdc.com IN A -EDC (22.214.171.124)
16-Sep-2015 09:00:16.882 client 126.96.36.199#20765 (ns1.mcomdc.com): query: ns1.mcomdc.com IN A -EDC (188.8.131.52)
Here is the process I followed to move to the new IP's.
I brought up my new servers with the new IP's. I changed the A record for ns1.mcomdc.com on all 4 of the servers (old and new) to the new IP address. I waited a few hours to confirm it all looks good, then made the change to ns2.mcomdc.com. I then left all 4 servers up for 72 hours and came back and confirmed every major free recursive DNS server had the new ns server IP's and any changes I made to the new server and not the old where propagating across the internet. I am not sure it matters here but I am running BIND 9.10.2-P4
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bind-users