DNS migration strategy
Matus UHLAR - fantomas
uhlar at fantomas.sk
Thu Aug 5 09:20:50 UTC 2010
On 05.08.10 17:17, listuser2 at gmail.com wrote:
> We are in preparation to migrate all zones from a Bind 8 server to a Bind 9
> server. The Bind 9 servers are up and running in production. On the Bind 8
> server, we have a domain that has a very large zone file, it contains around
> 1,000 resource records.
couldn't you just replace bind8 with bind9?
> Ordinarily we would do AXFR from the Bind 9 server, check to make sure all
> the records resolve correctly, and then do the registrar update. For a very
> large zone, is there any migration strategy involved to ensure a smooth
> transition?
>
> Someone suggested to do it in 2 steps by adding an additional hop, that is:
>
> 1) replicate the zone from the Bind 8 server to the Bind 9 server
> 2) replace the zone file on the Bind 8 server to something like this:
>
> company.com. 3600 IN NS Bind9NS1.company.com.
> company.com. 3600 IN NS Bind9NS2.company.com.
>
> So the Bind 8 server is still authoritative, but it simply redirects DNS
> queries to the Bind 9 server. After everyone is happy, make the Bind 9
> server authoritative for this domain. Is there any advantage doing it this
> way?
I think this would not work. bind 8 would still behave as authoritative for
the domain and would return NXDOMAIN answers.
> Another suggestion was to reduce the TTL value to 10 minutes or lower, so if
> anything goes wrong that requires rollback it would not take ages. However,
> the TTL of NS records in the global TLD servers are all set to 172800
> seconds (48 hours), so no matter how low the TTL is it can still take up to
> 48 hours to correct a problem if it involves redelegation, right?
correct.
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I just got lost in thought. It was unfamiliar territory.
More information about the bind-users
mailing list