Advice wanted on Nameserver switchover

Stewart Dean sdean at bard.edu
Tue Mar 15 15:38:58 UTC 2011 

See below

On 3/15/2011 10:59 AM, Jay Ford wrote:
> On Tue, 15 Mar 2011, Stewart Dean wrote:
>> Have two questions about the switchover of our external nameservers:
>>
>> I'll call the old nameservers oldns1, oldns2, offsitens and the new
>> nameservers newns1 and newns2
>
> So, you're replacing oldns1 & oldns2 with newns1 & newns2, while keeping
> offsitens.  The master is currently oldns1 & will be newns1.  The others are
> slaves.  Yes?
Right
>
> I suggest:
>    1. replace oldns2 with newns2
>       a. configure newns2 how you want it, pretty much identical to oldns2
>          but with different interface addresses; verify things work
>       b. disconnect newns2 from the net
>       c. change interface addresses of newns2 to those of oldns2
>       d. disconnect oldns2 from the net
>       e. connect newns2 to the net
>       f. verify newns2 working: zone transfers, query resolution...
but while oldns1 will be sending xfers to the new slave at the old address, the 
xfers will be refused there because they will be coming from the wrong 
address....the new slave will be expecting updates from the new master, not the 
old one.  Big deal, I'd have to change the new slaves' named.conf in addition to 
its interface address.  AND I would have to change the serial numbers in all the 
old master's zone files to get the xfers to work and then again in the new 
master for the xfer to work for #2
>
>    2. replace oldns1 with newns1
>       a. configure newns1 how you want it, pretty much identical to oldns1
>          but with different interface addresses; verify things work
>       b. disconnect newns1 from the net
>       c. change interface addresses of newns1 to those of oldns1
>       d. disconnect oldns1 from the net
>       e. connect newns1 to the net
>       f. verify newns1 working: zone transfers, query resolution...
>
>    3. verify offsitens still works
>
> No SOA changes, no whois fiddling, back-out 1 box at a time if necessary.
>
> Regarding your idea of pointing whois information at name servers which
> aren't live: don't do that.  DNS will probably handle it, but only after
> dealing with the fact that 2 of the 5 servers don't work.  You'll see delays
> & possibly failures.
OTOH, maybe the thing to do is to change the WHOIS to include both the oldns1&2, 
newns1&2 and offsitens.  If there's any problem with newns1&2, simply disconnect 
them and make oldns1&2 answer to the newns address while straightening things out.
Still want to know: what uses the SOA NS info?
>
> ________________________________________________________________________
> Jay Ford, Network Engineering Group, Information Technology Services
> University of Iowa, Iowa City, IA 52242
> email: jay-ford at uiowa.edu, phone: 319-335-5555, fax: 319-335-2951

-- 
<pre>
"One must think like a hero to behave like a merely decent human being." - May 
Sarton
"Having overcome your worst fear, the thing you are most vulnerable to, that is 
the definition of heroic.
Also, it's such a worthwhile human activity. The most." -Fran Liebowitz

Funny how it's women who see the real heroism (that of going on, of being true) 
so clearly.
Stewart Dean, Unix System Admin, Bard College, New York 12504 sdean at bard.edu
voice: 845-758-7475, fax: 845-758-7035
</pre>

More information about the bind-users mailing list