See below
On 3/15/2011 10:59 AM, Jay Ford wrote:
On Tue, 15 Mar 2011, Stewart Dean wrote:
Have two questions about the switchover of our external nameservers:
I'll call the old nameservers oldns1, oldns2, offsitens and the new
nameservers newns1 and newns2
So, you're replacing oldns1 & oldns2 with newns1 & newns2, while keeping
offsitens. The master is currently oldns1 & will be newns1. The others are
slaves. Yes?
Right
I suggest:
1. replace oldns2 with newns2
a. configure newns2 how you want it, pretty much identical to oldns2
but with different interface addresses; verify things work
b. disconnect newns2 from the net
c. change interface addresses of newns2 to those of oldns2
d. disconnect oldns2 from the net
e. connect newns2 to the net
f. verify newns2 working: zone transfers, query resolution...
but while oldns1 will be sending xfers to the new slave at the old address, the
xfers will be refused there because they will be coming from the wrong
address....the new slave will be expecting updates from the new master, not the
old one. Big deal, I'd have to change the new slaves' named.conf in addition to
its interface address. AND I would have to change the serial numbers in all the
old master's zone files to get the xfers to work and then again in the new
master for the xfer to work for #2
2. replace oldns1 with newns1
a. configure newns1 how you want it, pretty much identical to oldns1
but with different interface addresses; verify things work
b. disconnect newns1 from the net
c. change interface addresses of newns1 to those of oldns1
d. disconnect oldns1 from the net
e. connect newns1 to the net
f. verify newns1 working: zone transfers, query resolution...
3. verify offsitens still works
No SOA changes, no whois fiddling, back-out 1 box at a time if necessary.
Regarding your idea of pointing whois information at name servers which
aren't live: don't do that. DNS will probably handle it, but only after
dealing with the fact that 2 of the 5 servers don't work. You'll see delays
& possibly failures.
OTOH, maybe the thing to do is to change the WHOIS to include both the oldns1&2,
newns1&2 and offsitens. If there's any problem with newns1&2, simply disconnect
them and make oldns1&2 answer to the newns address while straightening things out.
Still want to know: what uses the SOA NS info?
________________________________________________________________________
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-f...@uiowa.edu, phone: 319-335-5555, fax: 319-335-2951
--
<pre>
"One must think like a hero to behave like a merely decent human being." - May
Sarton
"Having overcome your worst fear, the thing you are most vulnerable to, that is
the definition of heroic.
Also, it's such a worthwhile human activity. The most." -Fran Liebowitz
Funny how it's women who see the real heroism (that of going on, of being true)
so clearly.
Stewart Dean, Unix System Admin, Bard College, New York 12504 sd...@bard.edu
voice: 845-758-7475, fax: 845-758-7035
</pre>
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
