Forwarding in Bind

[Kevin Darcy]

Polarbear wrote:

> Hi all,
>
> I have a question here which I hope someone with the knowledge will
> enlighten me. I am trying to migrate my primary and secondary dns servers
> onto another IP address as the existing block will be taken back by my ISP
> soon.
>
> To reduce downtime, is it possible for me to include forwarding in the new
> primary dns so that those zones which have not been migrated to the new
> server will continue to serve by looking up from the forwarded (old) dns
> server? Does forwarding work this way?

No, forwarding does not work this way. Nameserver-to-nameserver traffic is
typically non-recursive, and non-recursive queries are never forwarded.

In order to minimize downtime, you need to temporarily add extra NS/A records
to your zones and to the zone delegations maintained by the relevant registry
or registries. Then, once the migration is complete, just delete the obsolete
A records and any NS records pointing to them. The exact sequence of changes
depends on how far apart you can stagger the nameserver address changes,
whether you have any (off-site) slaves which are unaffected by the address
changes (a useful thing to have in situations such as these), and whether you
want to keep your existing nameserver names (since most registries don't
allow two different nameserver names to point to the same address or a
nameserver name to resolve to multiple addresses). Unless you have 3 or more
servers, it may be impossible to avoid a Single Point of Failure during this
migration, since presumably each nameserver will be out of service
temporarily while it is being re-addressed. Note that the TTL on delegation
records in TLDs is typically 2 days, so you'd need to wait this long after
each change to be certain that everyone will see the new data (longer if you
use an even larger TTL in the zone itself).


- Kevin