Moving DNS from VMS to AIX

Barry Margolin barmar at genuity.net
Mon May 1 22:32:53 UTC 2000 

In article <Pine.LNX.4.10.10005011601480.13579-100000 at romulus.csd.selu.edu>,
Ray  <ray at ops.selu.edu> wrote:
>I'm in the planning stages of migrating our DNS service off of 2 VMS nodes
>(running Multinet) to 2 RS/6000's running AIX 4.3.3.  Multinet DNS is
>based on Bind 8, and has the same format for config files.

Wow, I wasn't aware that Multinet had picked up BIND 8.  Good for them!

>1) I have lots of servers and clients with DNS hard-coded to the VMS
>machines.  Is it ok to setup the VMS machines as a forward-only server to
>ease the migration?  I read a lot about using forwarders in firewalled
>setups, but nothing about using it like this, for migration.  Is there a
>better way?

Configuring them as secondary servers would also be a reasonable way, but
either way should be fine.

>2) I'm also going to have to change InterNic and ARIN records to point to
>the new DNS servers.  Is there a good way to "test" and make sure my AIX
>machines are setup properly to handle outside queries?  My worst fear is
>we get Internic and Arin records changed, and boom...nothing works.  I
>have access to unix accounts outside my network, if that helps in
>testing...

dig <a name in your domain> a @<newserver> +norec

should send a query just like a resolving server does.  Make sure the
answers come back with the "aa" (Authoritative Answer) flag set.

>3) A combination of 1 & 2....  if i setup the VMS nodes as forward-only,
>and forward to the AIX machine, will it still answer outside queries for
>my domain on behalf of the AIX machine??  I am thinking if the query gets

It will work, but it's not *strictly* correct.  The servers that a domain
is delegated to are supposed to be authoritative, but a forwarding server
will respond with data from its cache if it has recently forwarded the same
query and cached the answer, and cached data is not authoritative.  I don't
think this should cause problems, but you might get complaints about lame
delegations; if it's only intended to be a temporary situation during the
transition, you should be OK.

>forward to AIX machine, and he has authoritative data for my domain, then
>he'll just answer.... but i'm not exactly sure if this is how it works.

The AIX machine answers the VMS machine, which caches the answer and sends
it to the original client.

>My plan is to have all zone data on AIX. VMS will only be a
>forwarder/cache server, and will forward all internal and external queries
>to the AIX machine, until i get all our client configs and Internic/Arin
>records changed... will this work? Is there a better way to migrate?

As I mentioned above, you could configure the VMS nodes as slave servers.
That will solve the problem of them answering non-authoritatively.

-- 
Barry Margolin, barmar at genuity.net
Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

More information about the bind-users mailing list