Re: seemless migration (glue records vs bind primary & secondary servers)

To: debian-isp <debian-isp@lists.debian.org>
Subject: Re: seemless migration (glue records vs bind primary & secondary servers)
From: Dan MacNeil <dan@thecsl.org>
Date: Sun, 15 Jan 2006 15:04:58 -0500
Message-id: <[🔎] 43CAAAEA.6000702@thecsl.org>
In-reply-to: <[🔎] 43C9DC5B.1010506@rcrcomputing.com>
References: <[🔎] 43C913D9.2040108@rcrcomputing.com> <[🔎] 43C933FB.6000903@thecsl.org> <[🔎] 43C9DC5B.1010506@rcrcomputing.com>

(Top posting, as the top post seems internally consistant...)

> Not only are these comments welcome, they are greatly appreciated.

It is nice to be able to repay in small portion the help others on thislist have given me. :->


> Simply change the a record for the primary name server
> to the duplicate machine while the glue record is
> propagating?

You need to change the glue record for both your primary & secondary.

"Primary name server" is a concept private to your DNS servers.

If you are running bind, you edit zone files on your primary server andpush from primary to secondary. As far as the rest of the world isconcerned, there is absolutely no difference between your primary andsecondary servers.


A "glue record" is approximately:

	"An A record in the deligating zone for the name
	 server(s) that the zone is being deligated to"

From:
	 '/usr/bin/whois'

We know .com deligates rcrcomputing.com to

   	NS2.RCRNET.NET   65.16.101.122
    	NS1.RCRNET.NET   65.16.101.126

The root servers for .com need to know the IP # for your NS1 and NS2 sothey can refer querries about your zones to the right servers.

You will need to edit the A (glue) records at the .com root servers forboth servers. Since you seem part of the happy tucows family:


	1) http://manage.opensrs.net #login
	
	2) link: Name Servers (top nav bar)

	3) 'If you want to create or modify a nameserver
	    which is based on rcrnet.net click here.'
	    (very bottom of page)

	4) should be clear from here....

If you do a whois on one of the domains that you do DNS for, it shouldhave the new ip# relatively quickly. (minutes ? hours ? I forget)



########

Rodney Richison wrote:

Not only are these comments welcome, they are greatly appreciated. This
was the type of discussion I was hoping for!

Dan MacNeil wrote:

A few random thoughts based on a couple recent moves we've had to
make, much of this is probably obvious or irelivant to you.

Moving DNS server IP numbers is different than changing ip# that they
serve.

   You don't control the TTL (time to live) at the
   root servers. You need to change your DNS
   servers ip# now and leave the old ones running
   serving the correct ip# for the new DNS server.



Simply change the a record for the primary name server to the duplicate
machine while the glue record is propagating?  I hadn't thought of this.


Even in a well setup system, there are some settings that depend on
hard coded ip#. Firewall rules, postfix "mynetworks", etc. It is
probably worth:

   sudo grep $OLDNET /etc/* -d recurse -l

...on all your systems.



More "jewels"
While I have a written play-by-play calendar plan, this will certainly help!

You almost certainly do not have to move every thing all at once. If
you move one server at a time, you can learn from your experience and
maybe get a night's sleep between moves.



agreed. Though I'd sure like to get this behind me. I'm sweating bullets
over this...

If there will be overlap between your two T1 vendors, you can run your
servers with both the old and new  ip numbers for a time.



For 1 to two weeks. I had completely forgotten I could do this with
debian. I just now found the below example.

auto eth0:0
iface eth0:0 inet static

    address 192.168.1.41
    netmask 255.255.255.0
    broadcast 192.168.1.255

auto eth0:1
iface eth0:1 inet static

    address 192.168.1.44
    netmask 255.255.255.0
    broadcast 192.168.1.255

If some of your customers are running their own DNS (like at
register.com), you should let them know of the move.
You want to adjust both $TTL and the SOA TTL , the later controls
negative caching, how long "not found" result is cached.

DNS checking tools, http://dnsreports.com are useful

If you are running on a T1, you can almost certainly drop TTL to 1
minute. --load on DNS and pipe won't be that high.


If I haven't said it clearly enough, thank you very much. 2 or three
heads are always better than one. The input makes me feel better and
introduces more alternatives.



--
Dan MacNeil <dan@thecsl.org>
Fearless Leader, Community Software Lab
http://thecsl.org/go/vol

God has no hands or feet or voice except ours, and
through these, God works. (St. Teresa of Avila)

Reply to:

References:
- seemless migration
  - From: Rodney Richison <rodney@rcrcomputing.com>
- Re: seemless migration
  - From: Dan MacNeil <dan@thecsl.org>
- Re: seemless migration
  - From: Rodney Richison <rodney@rcrcomputing.com>

Prev by Date: Re: Recommendations for server, 2 take
Next by Date: Re: [Weird problems with INTEL Ethernet Card]
Previous by thread: Re: seemless migration
Next by thread: Intel iE7230 and SARGE?
Index(es):
- Date
- Thread