switching entire DNS system to new servers and IP addresses

Mitchell Kuch mdkuch at merit.edu
Thu Feb 23 20:21:34 UTC 2017


Hello, Rod -

It is important to consider the TTL on the glue records at Educause/Verisign. The EDU. root sets TTLs for each NS/A/AAAA record for two days. 

I recommend operating authoritative DNS servers at the old IP addresses for four days after the EDU. and IASTATE.EDU. zone updates.

In practice, we have encountered caching resolvers that provide non-decrementing TTL values to downstream resolvers and clients. Even if a misbehaving resolver expires its cache at the two-day mark, some of its clients are likely to retain the old records for an additional two days.


Mitchell Kuch
Application Programmer/Analyst
Merit Network, Inc.

mdkuch at merit.edu | +1.734.527.5748
1000 Oakbrook Drive, Suite 200 | Ann Arbor, MI 48104

----- Original Message -----
From: "Eldridge, Rod A [ITNET]" <rod at iastate.edu>
To: bind-users at lists.isc.org
Sent: Thursday, February 23, 2017 2:52:35 PM
Subject: switching entire DNS system to new servers and IP addresses

Iowa State University is replacing 7 ISC NAMED/BIND servers and 4 ISC DHCP servers with Infoblox servers on March 14th. We want to keep the domain names of our external servers the same (with one exception), but we will be changing all of the IPv4 and IPv6 addresses of those external servers.

Current external name servers:

   DNS-1.IASTATE.EDU                       129.186.6.249, 2610:130:101:100::249
   DNS-2.IASTATE.EDU                       129.186.88.249, 2610:130:102:e01::249
   ISU.DNS.NORTHERNLIGHTS.GIGAPOP.NET      146.57.253.249, 2607:ea00:1:9::aa      

The exception is that we will be removing ISU.DNS.NORTHERNLIGHTS.GIGAPOP.NET (a server located at the UMN) and will be installing a server at UIowa (that will be named DNS-3.IASTATE.EDU).

The new IPv4 addresses for the new external name servers will be:

   DNS-1.IASTATE.EDU                       129.186.67.129
   DNS-2.IASTATE.EDU                       129.186.67.145
   DNS-3.IASTATE.EDU                       128.255.x.x     <== not yet assigned

We haven't assigned IPv6 addresses yet. 

We'd like advice about any issues or problems we might run into and to watch out for, what preparations should we do or must we do before the switch, and any other advice to help us make this switch go smoothly and unnoticed.

Thank you. 


--
Rod Eldridge
Networks & Communications
IT Services, Iowa State University of Science and Technology



_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


More information about the bind-users mailing list