Re: seemless migration (glue records vs bind primary & secondary servers)
(Top posting, as the top post seems internally consistant...)
> Not only are these comments welcome, they are greatly appreciated.
It is nice to be able to repay in small portion the help others on this
list have given me. :->
> Simply change the a record for the primary name server
> to the duplicate machine while the glue record is
You need to change the glue record for both your primary & secondary.
"Primary name server" is a concept private to your DNS servers.
If you are running bind, you edit zone files on your primary server and
push from primary to secondary. As far as the rest of the world is
concerned, there is absolutely no difference between your primary and
A "glue record" is approximately:
"An A record in the deligating zone for the name
server(s) that the zone is being deligated to"
We know .com deligates rcrcomputing.com to
The root servers for .com need to know the IP # for your NS1 and NS2 so
they can refer querries about your zones to the right servers.
You will need to edit the A (glue) records at the .com root servers for
both servers. Since you seem part of the happy tucows family:
1) http://manage.opensrs.net #login
2) link: Name Servers (top nav bar)
3) 'If you want to create or modify a nameserver
which is based on rcrnet.net click here.'
(very bottom of page)
4) should be clear from here....
If you do a whois on one of the domains that you do DNS for, it should
have the new ip# relatively quickly. (minutes ? hours ? I forget)
Rodney Richison wrote:
Not only are these comments welcome, they are greatly appreciated. This
was the type of discussion I was hoping for!
Dan MacNeil wrote:
A few random thoughts based on a couple recent moves we've had to
make, much of this is probably obvious or irelivant to you.
Moving DNS server IP numbers is different than changing ip# that they
You don't control the TTL (time to live) at the
root servers. You need to change your DNS
servers ip# now and leave the old ones running
serving the correct ip# for the new DNS server.
Simply change the a record for the primary name server to the duplicate
machine while the glue record is propagating? I hadn't thought of this.
Even in a well setup system, there are some settings that depend on
hard coded ip#. Firewall rules, postfix "mynetworks", etc. It is
sudo grep $OLDNET /etc/* -d recurse -l
...on all your systems.
While I have a written play-by-play calendar plan, this will certainly help!
You almost certainly do not have to move every thing all at once. If
you move one server at a time, you can learn from your experience and
maybe get a night's sleep between moves.
agreed. Though I'd sure like to get this behind me. I'm sweating bullets
If there will be overlap between your two T1 vendors, you can run your
servers with both the old and new ip numbers for a time.
For 1 to two weeks. I had completely forgotten I could do this with
debian. I just now found the below example.
iface eth0:0 inet static
iface eth0:1 inet static
If some of your customers are running their own DNS (like at
register.com), you should let them know of the move.
You want to adjust both $TTL and the SOA TTL , the later controls
negative caching, how long "not found" result is cached.
DNS checking tools, http://dnsreports.com are useful
If you are running on a T1, you can almost certainly drop TTL to 1
minute. --load on DNS and pipe won't be that high.
If I haven't said it clearly enough, thank you very much. 2 or three
heads are always better than one. The input makes me feel better and
introduces more alternatives.
Dan MacNeil <email@example.com>
Fearless Leader, Community Software Lab
God has no hands or feet or voice except ours, and
through these, God works. (St. Teresa of Avila)