New IP for Auth Servers
Teresa Campbell
tcampbell at mediacomcc.com
Wed Sep 16 14:23:57 UTC 2015
I recently moved my two authoritative servers to new servers on new IP's. I did it slowly leaving the old servers up so that everyone would have time to receive the new IP for my domain. When I query everything from google's free DNS servers to my own recursive servers I show the new IP's, which is what I expected. It has been a month since I moved to the new IP's, however I am still see a ton of query's going to the old Auth servers. My authoritative servers do not have recursive turned on so all the traffic I am seeing is coming from other DNS servers and they are querying my domains for records. Did I miss something? Is that normal? Is it safe to just turn the old servers off?
Here are the queries I am seeing in the logs
16-Sep-2015 09:00:16.807 client 78.140.179.9#22202 (ns2.mcomdc.com): query: ns2.mcomdc.com IN A -EDC (74.84.103.134)
16-Sep-2015 09:00:16.882 client 63.79.12.161#20765 (ns1.mcomdc.com): query: ns1.mcomdc.com IN A -EDC (74.84.103.134)
Here is the process I followed to move to the new IP's.
I brought up my new servers with the new IP's. I changed the A record for ns1.mcomdc.com on all 4 of the servers (old and new) to the new IP address. I waited a few hours to confirm it all looks good, then made the change to ns2.mcomdc.com. I then left all 4 servers up for 72 hours and came back and confirmed every major free recursive DNS server had the new ns server IP's and any changes I made to the new server and not the old where propagating across the internet. I am not sure it matters here but I am running BIND 9.10.2-P4
Thanks,
Teresa Campbell
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20150916/7642aeae/attachment.html>
More information about the bind-users
mailing list