[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: how to relocate servers transparently

Rhesa Rozendaal wrote:

So here is what we'll do:
- Lower the ttl on all zones three days before the move

No, this isn't right. You must lower the TTL time at a bare minimum 2 * (Current TTL) ahead of time. Why? Because nameservers out in the real world will not even query your nameservers again until the TTL has expired, meaning that if you change it today, the FIRST time another nameserver that has already cached your records will ask for it again is after the *current* TTL expires. Now take the case where one nameserver is a forwarder for another (rare, but there are environments where it's needed) and the one behind the forwarder could take up to 2 * TTL to come ask for new information. Hopefully no one out there you need to hit your site is dumb enough to have a triple-forwarded DNS resolver environment.

- Move all the boxes except for one dns server

Better to duplicate the boxes or move half the boxes - but it really depends on how your farm is set up. If you have a true N+1 server farm environment where you have at least one spare box worth of processing power on the front-end and multiple database servers, the only problem you have between the sites is keeping the databases synchronized. A number of possible solutions can help you if you can't afford this level of redundancy... bring a webserver up on the OLD addresses after the new addresses are published in DNS and the servers are answering on the new addresses with a URL link/redirect to a NEW NAME (i.e. "www2.whatever.com") and make sure the new servers will answer properly on both the new name and the old name. Why? When someone hits the old IP from cached information in their DNS server, you can send them to a brand new name which will force their DNS server to look up the record... because it's never gotten that one before.

- Set both the dns servers to serve the new IP addresses

Good. But you'll still have traffic going to the old addresses no matter what you do.

- Move the old dns server once it no longer receives queries

Good but you need to leave behind a web server too.

I think that will make the move as transparent as possible.

Nope. But I guarantee that it *is* possible to make a completely seamless move where no one gets "lost" getting to your site and you can prove it by watching the logs on the left-behind webserver (or a new box serving a static page) until no more hits go to it.

I still have an uneasy feeling about dns caches out there that may keep serving the old ip addresses to their users _without_ ever consulting our dns servers. But I guess I could use a http proxy on the remaining dns box to forward http traffic for a while, which would take care of that part. The other protocols are less important (or visible), and more likely to work correctly anyway.

It's not the DNS server's fault... it's your original TTL time - they're just doing what they were told to do like all computers do.

Thanks again guys, I may become an experienced ISP after all :-)

You'll get it... you're really close. Your idea for the proxy is better than my one above for the full blown web server... I'm just relating how I've seen it done in large farms.

Nate Duehr, nate@natetech.com

Reply to: