Re: how to relocate servers transparently
Jason, Brad, thanks for the reassurance.
Rhesa Rozendaal wrote:
> In the past I witnessed such a move, and there were a lot of problems
> with the DNS. As it turned out, many DNS servers out there kept caching
> the old ip addresses for over 3 days, causing a lot of connection issues
This is most often due to the old authoritive servers continuing to
serve the old zone details. When an A record is refreshed, the TTL for
SOA/NS rr's also refreshes, therefore the NS information 'seems' to
never be out of date. Some DNS caches will continue querying the old
servers due to the fact that those NS records have not expired.
That last bit explains our problems exactly. We did get a new temporary
dns server up on the old ip addresses, and that helped a lot.
When moving a site to new IP's/DNS servers I performed the following:
Create all accounts on the new box, and copy all the files over. Setup
the DNS servers to issue the new zone details. At the same time,
configure the OLD servers to serve the new zone data. When the old
servers are queried, they will serve the new zone data, so when an A
record is refreshed, the SOA/NS records will be that of the new servers.
We are going to physically move our boxes, but for the dns the process
will amount to the same thing.
So here is what we'll do:
- Lower the ttl on all zones three days before the move
- Move all the boxes except for one dns server
- Set both the dns servers to serve the new IP addresses
- Move the old dns server once it no longer receives queries
I think that will make the move as transparent as possible.
I still have an uneasy feeling about dns caches out there that may keep
serving the old ip addresses to their users _without_ ever consulting
our dns servers. But I guess I could use a http proxy on the remaining
dns box to forward http traffic for a while, which would take care of
that part. The other protocols are less important (or visible), and more
likely to work correctly anyway.
Thanks again guys, I may become an experienced ISP after all :-)