[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: how to relocate servers transparently

Jason, Brad, thanks for the reassurance.

Rhesa Rozendaal wrote:
 > In the past I witnessed such a move, and there were a lot of problems
 > with the DNS. As it turned out, many DNS servers out there kept caching
 > the old ip addresses for over 3 days, causing a lot of connection issues

This is most often due to the old authoritive servers continuing to serve the old zone details. When an A record is refreshed, the TTL for SOA/NS rr's also refreshes, therefore the NS information 'seems' to never be out of date. Some DNS caches will continue querying the old servers due to the fact that those NS records have not expired.

That last bit explains our problems exactly. We did get a new temporary dns server up on the old ip addresses, and that helped a lot.

When moving a site to new IP's/DNS servers I performed the following:

Create all accounts on the new box, and copy all the files over. Setup the DNS servers to issue the new zone details. At the same time, configure the OLD servers to serve the new zone data. When the old servers are queried, they will serve the new zone data, so when an A record is refreshed, the SOA/NS records will be that of the new servers.

We are going to physically move our boxes, but for the dns the process will amount to the same thing.

So here is what we'll do:
- Lower the ttl on all zones three days before the move
- Move all the boxes except for one dns server
- Set both the dns servers to serve the new IP addresses
- Move the old dns server once it no longer receives queries

I think that will make the move as transparent as possible.

I still have an uneasy feeling about dns caches out there that may keep serving the old ip addresses to their users _without_ ever consulting our dns servers. But I guess I could use a http proxy on the remaining dns box to forward http traffic for a while, which would take care of that part. The other protocols are less important (or visible), and more likely to work correctly anyway.

Thanks again guys, I may become an experienced ISP after all :-)


Reply to: