[87311] in North American Network Operators' Group
Re: Gothcas of changing the IP Address of an Authoritative DNS Server
daemon@ATHENA.MIT.EDU (Joe Abley)
Wed Dec 14 10:03:39 2005
In-Reply-To: <20051213212859.2A5333C01AE@berkshire.machshav.com>
Cc: NANOG list <nanog@merit.edu>
From: Joe Abley <jabley@isc.org>
Date: Wed, 14 Dec 2005 10:02:56 -0500
To: Eric Kagan <ekagan@axsne.com>
Errors-To: owner-nanog@merit.edu
On 13-Dec-2005, at 16:28, Steven M. Bellovin wrote:
> In message
> <9828b780512131312q220a5ea6x97a6167e33c654a0@mail.gmail.com>, Sam Cr
> ooks writes:
>>
>> I would think you would want to drop your DNS record TTLs for all
>> domains being moved to something very low several days before the
>> switch-over period.
>
> More precisely, you want to change the TTL on the NS records, which
> are
> in the parent zone. If you're keeping the name but changing the
> address, worry about the A records, too.
You also want to check all the registries which are superordinate to
zones your server is authoritative for, and check that any IP
addresses stored in those registries for your nameserver are updated,
otherwise you will experience either immediate or future glue madness.
A conservative approach to this kind of transition is to arrange for
your nameserver (or different nameservers hosting the same data) to
respond on both the old and new addresses, and to continue in that
mode until you see no queries directed at the old address for some
safe-seeming interval (bearing in mind TTLs and cached records,
alluded to by Steven and Sam).
Joe
