moving a name server
Kevin Darcy
kcd at daimlerchrysler.com
Wed Aug 11 23:27:57 UTC 2004
I think you have most of the steps of the plan laid out, *except* for
the fact that there is nothing in this plan about updating your
delegation records in the parent zone (ac.uk). You should always try to
keep the NS records in your zones and the delegation NS records in the
parent zone in sync with each other.
The only other thing I'd point out is that a lazier way to do things
would be to add iguana to the NS records, albeit lame (I'm assuming the
ac.uk registry wouldn't balk at the addition of a lame server), at least
24 hours prior to the cutover. As opposed to messing around with TTL
values and waiting for things to propagate. Most caching-resolver
implementations are smart enough to detect a lame server quickly and
work around it, so I don't think this would have any noticeable impact
on query latency.
- Kevin
asim khan wrote:
>Dear ISC Bind,
>
>The project:
>Move the zone umds.ac.uk - currently authorative by the name server
>macduff hosted on lime .
>Name server iguana to be authorative for zone umds.ac.uk aswell as
>kcl.ac.uk to hosted on whitebeam/hawthorn cluster.
>
>
>The following I think relate to this :
>
>Configuring a Name Server as Authorative for Multiple Zones
>Preventing Remote Name Servers from Caching a Resource Record
> Moving a Host
> Moving a Name Server
>Changing Your Zones Name Server
>
>My plan for the move is this :
>
>1. The TTL has to be reduced on macduff so the caching for the zone
>umds.ac.uk is updated for the new name server on iguana
>2. NS record to be iguana for zone umds.ac.uk
>3 Wait for the new authorative name server to take over for the zone
>with cache records recording the new name server aswell.
>4. macduff on lime IP address can be removed from the kclnameservers acl
>5. prospero slave nameserver should indicate the new IP in the master {
>137.73.2.5; };.
>
>This is the named.conf for the authorative names server iguana for zone
>kcl.ac.uk amongst others:
>// Use with the following in named.conf, adjusting the allow list as
>needed:
>key "rndc-key" {
> algorithm hmac-md5;
> secret "I have taken this out for security";
>};
>
>controls {
> inet 127.0.0.1 port 953
> allow { 127.0.0.1; } keys { "rndc-key"; };
>};
>
>acl kings {
> 137.73/16;
> 159.92/16;
> 193.60.112.0/20;
> 193.61.72.0/21;
> 193.61.200.0/21;
> 194.81.237.0/24;
> 194.83.136.0/21;
> 193.63.184.0/22;
>};
>acl ahdsyork {
> 144.32.128.230;
>};
>
>acl kclnameservers {
> 137.73.173.4;
> 137.73.173.12;
> 137.73.2.29;
> 137.73.2.36;
> 137.73.2.5;
> 137.73.2.8;
> 137.73.3.11;
> 137.73.36.155;
> 137.73.37.45;
> 137.73.37.48;
> 137.73.37.56;
> 137.73.6.160;
> 137.73.7.21;
> 159.92.16.13;
> 159.92.224.7;
> 193.61.206.5;
> 193.63.106.100;
> 193.63.106.103;
> 193.63.106.103;
>};
>
>acl secondary {
> 130.88.200/24; // dir.mcc.ac.uk
> 150.237.128.27; // warpserver.ucc.hull.ac.uk.
>};
>
>
>acl kclservers {
> 137.73.2/23;
> 137.72.66/23;
> 159.92.16.13;
> 159.92.16.14;
> 159.92.224.7;
>};
>logging {
>
>
> category "xfer-in" {
> "default_syslog";
> };
> category "xfer-out" {
> "default_syslog";
> };
> category "queries" {
> "default_syslog";
> };
>
>
>};
>
>options {
> directory "/var/dns/";
> /*
> * If there is a firewall between you and nameservers you want
> * to talk to, you might need to uncomment the query-source
> * directive below. Previous versions of BIND always asked
> * questions using port 53, but BIND 8.1 uses an unprivileged
> * port by default.
> */
> // query-source address * port 53;
> pid-file "/var/dns/run/named.pid";
> allow-transfer {
> kclnameservers;
> };
> allow-notify {
> kclnameservers;
> };
> allow-recursion {
> kings;
> };
> recursive-clients 2000;
>
> lame-ttl 600;
> max-ncache-ttl 1800;
> version "10";
> listen-on { 137.73.2.5 ;
> 137.73.3.11;
> 137.73.2.8;
> };
> notify-source 137.73.2.5;
> transfer-source 137.73.2.5;
>};
>
>
>
>//
>// --- Named/Bind driving file /etc/named.boot
>//
>//
>// --- File holding universal nameservers
>//
>view "catchall" {
> match-clients { any ; } ;
> zone "." {
> type hint;
> file "static/named.root";
> };
>
> //
> // --- This is a primary server for...
> //
> zone "0.0.127.IN-ADDR.ARPA" {
> type master;
> file "static/db.127";
> };
>
> zone "0.IN-ADDR.ARPA" {
> type master;
> file "static/db.0";
> };
>
> zone "255.IN-ADDR.ARPA" {
> type master;
> file "static/db.255";
> };
>
> //
> // --- This is a secondary server for...
> //
> zone "umds.ac.uk" {
> type slave;
> file "newslave/zone.umds.ac.uk";
> masters {
> 159.92.16.13;
> };
> };
>
> zone "92.159.IN-ADDR.ARPA" {
> type slave;
> file "newslave/rzone.umds.ac.uk";
> masters {
> 159.92.16.13;
> };
> };
>
> zone "uk" {
> type slave;
> file "newslave/zone.uk";
> masters {
> 128.16.5.32;
> };
> };
>
>
> zone "kcl.ac.uk" {
> type master;
> file "newmaster/zone.kcl.ac.uk";
> allow-transfer { kclnameservers ; secondary; } ;
> also-notify {
> 137.73.173.4;
> 159.92.16.13;
> 159.92.224.7;
> 193.61.206.5;
> };
> };
> zone "73.137.in-addr.arpa" {
> type master;
> file "newmaster/rzone.kcl.ac.uk";
> allow-transfer { kclnameservers ; secondary; } ;
> also-notify {
> 137.73.173.4;
> 159.92.16.13;
> 159.92.224.7;
> 193.61.206.5;
> };
> };
>
>
>
> zone "ahds.ac.uk" {
> type master;
> file "newmaster/zone.ahds.ac.uk";
> allow-transfer {ahdsyork;kclnameservers;};
> };
>
> zone "icsa.ac.uk" {
> type master;
> file "newmaster/zone.icsa.ac.uk";
> };
>
> zone "iaac.ac.uk" {
> type master;
> file "newmaster/zone.iaac.ac.uk";
> };
>
> zone "ccwp.ac.uk" {
> type master;
> file "newmaster/zone.ccwp.ac.uk";
> };
>
> zone "cvma.ac.uk" {
> type master;
> file "newmaster/zone.cvma.ac.uk";
> };
>
> zone "crsbi.ac.uk" {
> type master;
> file "newmaster/zone.crsbi.ac.uk";
> };
>
> zone "kcl.tv" {
> type master;
> file "newmaster/zone.kcl.tv";
> };
>
> zone "ispan.ac.uk" {
> type master;
> file "newmaster/zone.ispan.ac.uk";
> };
>
> zone "courtauld.ac.uk" {
> type master;
> file "newmaster/zone.courtauld.ac.uk";
> };
>
> zone "stmary-le-strandcharity.org.uk" {
> type master;
> file "newmaster/zone.stmary-le-strandcharity.org.uk";
> };
>
>
> zone "smlsc.org.uk" {
> type master;
> file "newmaster/zone.smlsc.org.uk";
> };
>
> zone "icar.org.uk" {
> type master;
> file "newmaster/zone.icar.org.uk";
> };
> zone "mykcl.com" {
> type master;
> file "newmaster/zone.mykcl.com";
> };
>
>
> zone "184.63.193.IN-ADDR.ARPA" {
> type master;
> file "newmaster/rzone.184.63.193";
> };
>
> zone "185.63.193.IN-ADDR.ARPA" {
> type master;
> file "newmaster/rzone.185.63.193";
> };
>
> zone "186.63.193.IN-ADDR.ARPA" {
> type master;
> file "newmaster/rzone.186.63.193";
> };
>
> zone "187.63.193.IN-ADDR.ARPA" {
> type master;
> file "newmaster/rzone.187.63.193";
> };
>
>
> zone "dcs.kcl.ac.uk" {
> type slave;
> file "newslave/zone.dcs.kcl.ac.uk";
> masters {
> 137.73.8.3;
> };
> };
>
> zone "8.73.137.IN-ADDR.ARPA" {
> type slave;
> file "newslave/rzone.8.73.137";
> masters {
> 137.73.8.3;
> };
> };
>
> zone "9.73.137.IN-ADDR.ARPA" {
> type slave;
> file "newslave/rzone.9.73.137";
> masters {
> 137.73.8.3;
> };
> };
>
>
> zone "smd.kcl.ac.uk" {
> type slave;
> file "newslave/zone.smd.kcl.ac.uk";
> masters {
> 193.61.206.5;
> };
> };
>
> zone "112.60.193.IN-ADDR.ARPA" {
> type slave;
> file "newslave/rzone.112.60.193";
> masters {
> 193.61.206.5;
> };
> };
>
> zone "113.60.193.IN-ADDR.ARPA" {
> type slave;
> file "newslave/rzone.113.60.193";
> masters {
> 193.61.206.5;
> };
> };
>
> zone "114.60.193.IN-ADDR.ARPA" {
> type slave;
> file "newslave/rzone.114.60.193";
> masters {
> 193.61.206.5;
> };
> };
>
> zone "115.60.193.IN-ADDR.ARPA" {
> type slave;
> file "newslave/rzone.115.60.193";
> masters {
> 193.61.206.5;
> };
> };
>
> zone "116.60.193.IN-ADDR.ARPA" {
> type slave;
> file "newslave/rzone.116.60.193";
> masters {
> 193.61.206.5;
> };
> };
>
> zone "117.60.193.IN-ADDR.ARPA" {
> type slave;
> file "newslave/rzone.117.60.193";
> masters {
> 193.61.206.5;
> };
> };
>
> zone "118.60.193.IN-ADDR.ARPA" {
> type slave;
> file "newslave/rzone.118.60.193";
> masters {
> 193.61.206.5;
> };
> };
>
> zone "119.60.193.IN-ADDR.ARPA" {
> type slave;
> file "newslave/rzone.119.60.193";
> masters {
> 193.61.206.5;
> };
> };
>
> zone "120.60.193.IN-ADDR.ARPA" {
> type slave;
> file "newslave/rzone.120.60.193";
> masters {
> 193.61.206.5;
> };
> };
>
> zone "121.60.193.IN-ADDR.ARPA" {
> type slave;
> file "newslave/rzone.121.60.193";
> masters {
> 193.61.206.5;
> };
> };
>
> zone "122.60.193.IN-ADDR.ARPA" {
> type slave;
> file "newslave/rzone.122.60.193";
> masters {
> 193.61.206.5;
> };
> };
>
> zone "123.60.193.IN-ADDR.ARPA" {
> type slave;
> file "newslave/rzone.123.60.193";
> masters {
> 193.61.206.5;
> };
> };
>
> zone "72.61.193.IN-ADDR.ARPA" {
> type slave;
> file "newslave/rzone.72.61.193";
> masters {
> 193.61.206.5;
> };
> };
>
> zone "73.61.193.IN-ADDR.ARPA" {
> type slave;
> file "newslave/rzone.73.61.193";
> masters {
> 193.61.206.5;
> };
> };
>
> zone "74.61.193.IN-ADDR.ARPA" {
> type slave;
> file "newslave/rzone.74.61.193";
> masters {
> 193.61.206.5;
> };
> };
>
> zone "75.61.193.IN-ADDR.ARPA" {
> type slave;
> file "newslave/rzone.75.61.193";
> masters {
> 193.61.206.5;
> };
> };
>
> zone "76.61.193.IN-ADDR.ARPA" {
> type slave;
> file "newslave/rzone.76.61.193";
> masters {
> 193.61.206.5;
> };
> };
>
> zone "77.61.193.IN-ADDR.ARPA" {
> type slave;
> file "newslave/rzone.77.61.193";
> masters {
> 193.61.206.5;
> };
> };
>
> zone "78.61.193.IN-ADDR.ARPA" {
> type slave;
> file "newslave/rzone.78.61.193";
> masters {
> 193.61.206.5;
> };
> };
>
> zone "79.61.193.IN-ADDR.ARPA" {
> type slave;
> file "newslave/rzone.79.61.193";
> masters {
> 193.61.206.5;
> };
> };
>
> zone "200.61.193.IN-ADDR.ARPA" {
> type slave;
> file "newslave/rzone.200.61.193";
> masters {
> 193.61.206.5;
> };
> };
>
> zone "201.61.193.IN-ADDR.ARPA" {
> type slave;
> file "newslave/rzone.201.61.193";
> masters {
> 193.61.206.5;
> };
> };
>
> zone "202.61.193.IN-ADDR.ARPA" {
> type slave;
> file "newslave/rzone.202.61.193";
> masters {
> 193.61.206.5;
> };
> };
>
> zone "203.61.193.IN-ADDR.ARPA" {
> type slave;
> file "newslave/rzone.203.61.193";
> masters {
> 193.61.206.5;
> };
> };
>
> zone "204.61.193.IN-ADDR.ARPA" {
> type slave;
> file "newslave/rzone.204.61.193";
> masters {
> 193.61.206.5;
> };
> };
>
> zone "205.61.193.IN-ADDR.ARPA" {
> type slave;
> file "newslave/rzone.205.61.193";
> masters {
> 193.61.206.5;
> };
> };
>
>
> zone "206.61.193.IN-ADDR.ARPA" {
> type slave;
> file "newslave/rzone.206.61.193";
> masters {
> 193.61.206.5;
> };
> };
>
> zone "207.61.193.IN-ADDR.ARPA" {
> type slave;
> file "newslave/rzone.207.61.193";
> masters {
> 193.61.206.5;
> };
> };
>
> zone "237.81.194.IN-ADDR.ARPA" {
> type slave;
> file "newslave/rzone.237.81.194";
> masters {
> 193.61.206.5;
> };
> };
>};
>
>view "internal" {
> match-clients { 192.168.10.0/24;137.73.145.0/26; };
> recursion yes;
>
> zone "internal.kcl.ac.uk" {
> type master;
> file "newmaster/zone.internal.kcl.ac.uk";
> allow-transfer {
> kclnameservers;
> };
> };
> zone "10.168.192.in-addr.arpa" {
> type master;
> file "newmaster/rzone.internal.kcl.ac.uk";
> allow-transfer {
> kclnameservers;
> };
> };
>
>};
>
>
>
>
>
>This is the named.conf for the currently macduff nameserver as
>authorative umds.ac.uk zones:
>
>bash-2.05# cat /usr/local/etc/named.conf
>
>key "rndc-key" {
> algorithm hmac-md5;
> secret "I have taken this out for security";
>};
>
>controls {
> inet 127.0.0.1 port 953
> allow { 127.0.0.1; } keys { "rndc-key"; };
>};
>
>
>acl kings {
> 137.73.0.0/16;
> 159.92.0.0/16;
> 193.60.112.0/20;
> 193.61.72.0/21;
> 193.61.200.0/21;
> 194.81.237.0/24;
> 194.83.136.0/21;
> 193.63.184.0/22;
>};
>
>
>acl kclnameservers {
> 137.73.173.4;
> 137.73.173.12;
> 137.73.2.0/24;
> 137.73.36.155;
> 137.73.37.45;
> 137.73.6.160;
> 137.73.7.21;
> 159.92.16.13;
> 159.92.16.12;
> 159.92.224.7;
> 193.61.206.5;
> 193.63.106.100;
> 193.63.106.103;
>
>};
>
>acl secondary {
> 130.88.200/24; // dir.mcc.ac.uk
>};
>
>acl rayne {
> 159.92.136.10;
>};
>
>options {
> directory "/var/dns";
> version "524";
> query-source address * port 53;
> notify yes;
> allow-transfer { kclnameservers ;
> secondary ;
> } ;
> allow-notify {
> 137.73.2.5;
> 137.73.2.8;
> };
> allow-recursion {
> kings;
> };
> allow-query {
> any ;
> };
> pid-file "run/named.pid";
> lame-ttl 600;
> max-ncache-ttl 1800;
> statistics-file "run/stats.db";
>};
>
>
>
>//
>// --- Named/Bind driving file /etc/named.boot
>//
>//
>// --- File holding universal nameservers
>//
>zone "." {
> type hint;
> file "static/named.root";
>};
>
>//
>// --- This is a primary server for...
>//
>zone "0.0.127.IN-ADDR.ARPA" {
> type master;
> file "static/db.127";
>};
>
>zone "0.IN-ADDR.ARPA" {
> type master;
> file "static/db.0";
>};
>
>zone "255.IN-ADDR.ARPA" {
> type master;
> file "static/db.255";
>};
>
>zone "umds.ac.uk" {
> type master;
> file "master/zone.umds.ac.uk";
> allow-transfer {
> kclnameservers ;
> secondary ;
> };
> notify yes;
> also-notify {
> 137.73.2.5;
> 137.73.2.8;
> 137.73.173.4;
> 159.92.224.7;
> 159.92.16.12;
> };
>};
>
>zone "ecrhs.org" {
> type master;
> file "master/zone.ecrhs.org";
> allow-transfer {
> kclnameservers ;
> secondary ;
> };
> notify yes;
> also-notify {
> 137.73.2.5;
> 137.73.2.8;
> 137.73.173.4;
> 159.92.224.7;
> };
>};
>
>zone "92.159.IN-ADDR.ARPA" {
> type master;
> file "master/rzone.umds.ac.uk";
> notify yes;
> allow-transfer {
> kclnameservers ;
> secondary ;
> };
> also-notify {
> 137.73.2.5;
> 137.73.2.8;
> 137.73.173.4;
> 159.92.224.7;
> 159.92.16.12;
> };
>};
>
>//
>// --- This is a secondary server for...
>//
>zone "uk" {
> type slave;
> file "slave/zone.uk";
> masters {
> 217.79.164.131;
> 195.66.240.130;
> 213.219.13.131;
> };
> allow-transfer { kclnameservers ; } ;
>};
>
>
>zone "kcl.ac.uk" {
> type slave;
> file "slave/zone.kcl.ac.uk";
> allow-transfer { kclnameservers ; } ;
> masters {
> 137.73.2.5;
> 137.73.2.8;
> };
>};
>zone "73.137.in-addr.arpa" {
> type slave;
> file "slave/rzone.kcl.ac.uk";
> allow-transfer { kclnameservers ; } ;
> masters {
> 137.73.2.5;
> 137.73.2.8;
> };
>};
>
>
>
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>Asim Khan
>Information Services & Systems
>King's College London
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>
>
>
>
>
>
More information about the bind-users
mailing list