Moving dynamic zones to new master+slave pair without interruptions

[Tony Finch]

Peter Rathlev <peter at rathlev.dk> wrote:

> We currently have two internal DNS servers that are both authoritative
> for a range of internal zones and caching resolvers for our clients. We
> would like to split this so authorizative and caching roles exist on
> different servers. And we would like to do this with as little down
> time as possible, also for dynamic zones.
>
> Moving static zones is of course trivial. Moving dynamic zones is what
> I cannot quite wrap my head around.

I suggest the following process:

* Set up a new hidden master, with copies of your zones. (See below)

* Change your existing servers to slave from the new hidden master instead
  of the old master. Reconfigure the old master to be a slave of the new
  one.

* Add new slaves which will be your new authoritative-only servers.

* Change your delegations to point to your new authoritative-only servers.


You don't need to worry about the data on disk on your existing slaves.
They will continue to serve the same data, they will just xfer changes
from a different master.


My program nsdiff (http://dotat.at/prog/nsdiff) is useful for copying
dynamic zones from from an existing master to a new master without
faffing around with `rndc freeze`. On the new master, run

	nsdiff -m oldmaster -s localhost myzone | nsupdate -l

and it will axfr the zone from the oldmaster and copy it into the new
master using dynamic updates.

(If you are changing your DNS infrastructure then nsdiff can be useful for
verifying that the zone data is consistent between old and new.)


Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Southwest Forties, Cromarty, Forth: Southeasterly 6 to gale 8, occasionally
severe gale 9 later. Rough or very rough, occasionally high later. Rain at
times. Moderate, occasionally poor.