switching entire DNS system to new servers and IP addresses

John Miller johnmill at brandeis.edu
Thu Feb 23 20:47:54 UTC 2017


On Thu, Feb 23, 2017 at 2:52 PM, Eldridge, Rod A [ITNET]
<rod at iastate.edu> wrote:
>
> Iowa State University is replacing 7 ISC NAMED/BIND servers and 4 ISC DHCP servers with Infoblox servers on March 14th. We want to keep the domain names of our external servers the same (with one exception), but we will be changing all of the IPv4 and IPv6 addresses of those external servers.
>
> Current external name servers:
>
>    DNS-1.IASTATE.EDU                       129.186.6.249, 2610:130:101:100::249
>    DNS-2.IASTATE.EDU                       129.186.88.249, 2610:130:102:e01::249
>    ISU.DNS.NORTHERNLIGHTS.GIGAPOP.NET      146.57.253.249, 2607:ea00:1:9::aa
>
> The exception is that we will be removing ISU.DNS.NORTHERNLIGHTS.GIGAPOP.NET (a server located at the UMN) and will be installing a server at UIowa (that will be named DNS-3.IASTATE.EDU).
>
> The new IPv4 addresses for the new external name servers will be:
>
>    DNS-1.IASTATE.EDU                       129.186.67.129
>    DNS-2.IASTATE.EDU                       129.186.67.145
>    DNS-3.IASTATE.EDU                       128.255.x.x     <== not yet assigned
>
> We haven't assigned IPv6 addresses yet.
>
> We'd like advice about any issues or problems we might run into and to watch out for, what preparations should we do or must we do before the switch, and any other advice to help us make this switch go smoothly and unnoticed.
>

Hi Rod,

As Reindl says, if the records are staying the same between InfoBlox
and the UIowa servers, TTLs with Educause may not matter.  That said,
it's worth checking on to be sure the data's the same.  Your own
internal TTLs will definitely be important, though.

Something else to think about are your _reverse_ records.  Everybody
looks at the WHOIS info for their domain, but since ISU has its own
/16 ARIN allocation, don't forget to update things there as well:

dig +trace 186.129.in-addr.arpa NS

in-addr.arpa.        172800    IN    NS    b.in-addr-servers.arpa.
in-addr.arpa.        172800    IN    NS    d.in-addr-servers.arpa.
in-addr.arpa.        172800    IN    NS    f.in-addr-servers.arpa.
in-addr.arpa.        172800    IN    NS    e.in-addr-servers.arpa.
in-addr.arpa.        172800    IN    NS    a.in-addr-servers.arpa.
in-addr.arpa.        172800    IN    NS    c.in-addr-servers.arpa.
;; Received 414 bytes from 192.5.5.241#53(192.5.5.241) in 383 ms

129.in-addr.arpa.    86400    IN    NS    z.arin.net.
129.in-addr.arpa.    86400    IN    NS    r.arin.net.
129.in-addr.arpa.    86400    IN    NS    arin.authdns.ripe.net.
129.in-addr.arpa.    86400    IN    NS    u.arin.net.
129.in-addr.arpa.    86400    IN    NS    y.arin.net.
129.in-addr.arpa.    86400    IN    NS    x.arin.net.
;; Received 158 bytes from 199.212.0.73#53(199.212.0.73) in 5096 ms

186.129.in-addr.arpa.    86400    IN    NS    dns-1.iastate.edu.
186.129.in-addr.arpa.    86400    IN    NS    dns-2.iastate.edu.
;; Received 89 bytes from 199.212.0.63#53(199.212.0.63) in 55 ms

186.129.in-addr.arpa.    86400    IN    NS    dns-1.iastate.edu.
186.129.in-addr.arpa.    86400    IN    NS
isu.dns.northernlights.gigapop.net.
186.129.in-addr.arpa.    86400    IN    NS    dns-2.iastate.edu.
;; Received 225 bytes from 129.186.88.249#53(129.186.88.249) in 42 ms


You may also want to think about public DNS providers.  I know Google
allows you to clear their cache for your records; doing this will help
speed things up for people.

Another thing to think about: do you delegate zones to internal
departments?  Are you slaving any zones for people?

John


More information about the bind-users mailing list