DNS migration strategy

[Matus UHLAR - fantomas]

On 05.08.10 17:17, listuser2 at gmail.com  wrote:
> We are in preparation to migrate all zones from a Bind 8 server to a Bind 9
> server. The Bind 9 servers are up and running in production. On the Bind 8
> server, we have a domain that has a very large zone file, it contains around
> 1,000 resource records.

couldn't you just replace bind8 with bind9?

> Ordinarily we would do AXFR from the Bind 9 server, check to make sure all
> the records resolve correctly, and then do the registrar update. For a very
> large zone, is there any migration strategy involved to ensure a smooth
> transition?
> 
> Someone suggested to do it in 2 steps by adding an additional hop, that is:
> 
> 1) replicate the zone from the Bind 8 server to the Bind 9 server
> 2) replace the zone file on the Bind 8 server to something like this:
> 
>      company.com.     3600     IN     NS     Bind9NS1.company.com.
>      company.com.     3600     IN     NS     Bind9NS2.company.com.
> 
> So the Bind 8 server is still authoritative, but it simply redirects DNS
> queries to the Bind 9 server. After everyone is happy, make the Bind 9
> server authoritative for this domain. Is there any advantage doing it this
> way?

I think this would not work. bind 8 would still behave as authoritative for
the domain and would return NXDOMAIN answers.

> Another suggestion was to reduce the TTL value to 10 minutes or lower, so if
> anything goes wrong that requires rollback it would not take ages. However,
> the TTL of NS records in the global TLD servers are all set to 172800
> seconds (48 hours), so no matter how low the TTL is it can still take up to
> 48 hours to correct a problem if it involves redelegation, right?

correct.

-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I just got lost in thought. It was unfamiliar territory.