switching entire DNS system to new servers and IP addresses
John Miller
johnmill at brandeis.edu
Thu Feb 23 20:47:54 UTC 2017
On Thu, Feb 23, 2017 at 2:52 PM, Eldridge, Rod A [ITNET]
<rod at iastate.edu> wrote:
>
> Iowa State University is replacing 7 ISC NAMED/BIND servers and 4 ISC DHCP servers with Infoblox servers on March 14th. We want to keep the domain names of our external servers the same (with one exception), but we will be changing all of the IPv4 and IPv6 addresses of those external servers.
>
> Current external name servers:
>
> DNS-1.IASTATE.EDU 129.186.6.249, 2610:130:101:100::249
> DNS-2.IASTATE.EDU 129.186.88.249, 2610:130:102:e01::249
> ISU.DNS.NORTHERNLIGHTS.GIGAPOP.NET 146.57.253.249, 2607:ea00:1:9::aa
>
> The exception is that we will be removing ISU.DNS.NORTHERNLIGHTS.GIGAPOP.NET (a server located at the UMN) and will be installing a server at UIowa (that will be named DNS-3.IASTATE.EDU).
>
> The new IPv4 addresses for the new external name servers will be:
>
> DNS-1.IASTATE.EDU 129.186.67.129
> DNS-2.IASTATE.EDU 129.186.67.145
> DNS-3.IASTATE.EDU 128.255.x.x <== not yet assigned
>
> We haven't assigned IPv6 addresses yet.
>
> We'd like advice about any issues or problems we might run into and to watch out for, what preparations should we do or must we do before the switch, and any other advice to help us make this switch go smoothly and unnoticed.
>
Hi Rod,
As Reindl says, if the records are staying the same between InfoBlox
and the UIowa servers, TTLs with Educause may not matter. That said,
it's worth checking on to be sure the data's the same. Your own
internal TTLs will definitely be important, though.
Something else to think about are your _reverse_ records. Everybody
looks at the WHOIS info for their domain, but since ISU has its own
/16 ARIN allocation, don't forget to update things there as well:
dig +trace 186.129.in-addr.arpa NS
in-addr.arpa. 172800 IN NS b.in-addr-servers.arpa.
in-addr.arpa. 172800 IN NS d.in-addr-servers.arpa.
in-addr.arpa. 172800 IN NS f.in-addr-servers.arpa.
in-addr.arpa. 172800 IN NS e.in-addr-servers.arpa.
in-addr.arpa. 172800 IN NS a.in-addr-servers.arpa.
in-addr.arpa. 172800 IN NS c.in-addr-servers.arpa.
;; Received 414 bytes from 192.5.5.241#53(192.5.5.241) in 383 ms
129.in-addr.arpa. 86400 IN NS z.arin.net.
129.in-addr.arpa. 86400 IN NS r.arin.net.
129.in-addr.arpa. 86400 IN NS arin.authdns.ripe.net.
129.in-addr.arpa. 86400 IN NS u.arin.net.
129.in-addr.arpa. 86400 IN NS y.arin.net.
129.in-addr.arpa. 86400 IN NS x.arin.net.
;; Received 158 bytes from 199.212.0.73#53(199.212.0.73) in 5096 ms
186.129.in-addr.arpa. 86400 IN NS dns-1.iastate.edu.
186.129.in-addr.arpa. 86400 IN NS dns-2.iastate.edu.
;; Received 89 bytes from 199.212.0.63#53(199.212.0.63) in 55 ms
186.129.in-addr.arpa. 86400 IN NS dns-1.iastate.edu.
186.129.in-addr.arpa. 86400 IN NS
isu.dns.northernlights.gigapop.net.
186.129.in-addr.arpa. 86400 IN NS dns-2.iastate.edu.
;; Received 225 bytes from 129.186.88.249#53(129.186.88.249) in 42 ms
You may also want to think about public DNS providers. I know Google
allows you to clear their cache for your records; doing this will help
speed things up for people.
Another thing to think about: do you delegate zones to internal
departments? Are you slaving any zones for people?
John
More information about the bind-users
mailing list