Re: how to relocate servers transparently
Rhesa Rozendaal wrote:
So here is what we'll do:
- Lower the ttl on all zones three days before the move
No, this isn't right. You must lower the TTL time at a bare minimum 2 *
(Current TTL) ahead of time. Why? Because nameservers out in the real
world will not even query your nameservers again until the TTL has
expired, meaning that if you change it today, the FIRST time another
nameserver that has already cached your records will ask for it again is
after the *current* TTL expires. Now take the case where one nameserver
is a forwarder for another (rare, but there are environments where it's
needed) and the one behind the forwarder could take up to 2 * TTL to
come ask for new information. Hopefully no one out there you need to
hit your site is dumb enough to have a triple-forwarded DNS resolver
- Move all the boxes except for one dns server
Better to duplicate the boxes or move half the boxes - but it really
depends on how your farm is set up. If you have a true N+1 server farm
environment where you have at least one spare box worth of processing
power on the front-end and multiple database servers, the only problem
you have between the sites is keeping the databases synchronized.
A number of possible solutions can help you if you can't afford this
level of redundancy... bring a webserver up on the OLD addresses after
the new addresses are published in DNS and the servers are answering on
the new addresses with a URL link/redirect to a NEW NAME (i.e.
"www2.whatever.com") and make sure the new servers will answer properly
on both the new name and the old name. Why? When someone hits the old
IP from cached information in their DNS server, you can send them to a
brand new name which will force their DNS server to look up the
record... because it's never gotten that one before.
- Set both the dns servers to serve the new IP addresses
Good. But you'll still have traffic going to the old addresses no
matter what you do.
- Move the old dns server once it no longer receives queries
Good but you need to leave behind a web server too.
Nope. But I guarantee that it *is* possible to make a completely
seamless move where no one gets "lost" getting to your site and you can
prove it by watching the logs on the left-behind webserver (or a new box
serving a static page) until no more hits go to it.
I think that will make the move as transparent as possible.
I still have an uneasy feeling about dns caches out there that may
keep serving the old ip addresses to their users _without_ ever
consulting our dns servers. But I guess I could use a http proxy on
the remaining dns box to forward http traffic for a while, which would
take care of that part. The other protocols are less important (or
visible), and more likely to work correctly anyway.
It's not the DNS server's fault... it's your original TTL time - they're
just doing what they were told to do like all computers do.
You'll get it... you're really close. Your idea for the proxy is better
than my one above for the full blown web server... I'm just relating how
I've seen it done in large farms.
Thanks again guys, I may become an experienced ISP after all :-)
Nate Duehr, firstname.lastname@example.org