Re: Primary Server Name Change

Fri, 13 May 2011 04:24:15 -0700 

On 05/12/2011 08:15 PM, Mark Andrews wrote:

In message<4dcc225f.8000...@obsd.us>, CT writes:

Primary Name server
bind    - 9.7.3
OS    - CentOS 5.6
Authoritative for 2 zones using DNSSEC

This may be an obvious question but I will ask anyway.. :)

I want to change the name of the server
from
old.zone1.com
to
new.zone2.com

IP Address - no change

- change soa in master zone files
- work with slaves to make sure named.conf are correct

Other than that are there any gotchas.. ??

I am wondering if I will have to "unsign" my zones
and the upload new keysets to the registrar.

To do a graceful transition to a new nameserver you should.

* Commision the new nameserver.
* Add the new address records and wait for them to propogate to
   all authoritative servers and any cached negative responses for
   them to expire.
* Add the NS record for the new nameserver.
* Update the parent zone to ADD the new nameserver and glue.
* Wait for the old NS RRet and referrals to expire from caches.
* Remove the NS record for the old nameserver.
* Update the parent zone to REMOVE the old nameserver and glue.
* Wait for the intermediate NS RRet and referrals to expire from caches.
* Remove the old address records if they are no longer required.
* Decommision the old nameserver.

As the addresses of the new and old nameservers are the same you
can shorten this process a little.

* Add the new address records and wait for them to propogate to
   all authoritative servers and any cached negative responses for
   them to expire.
* Update the NS RRset
  + Add the NS record for the new nameserver.
  + Remove the NS record for the old nameserver.
* Update the parent zone
  + Update the parent zone to ADD the new nameserver and glue.
  + Update the parent zone to REMOVE the old nameserver and glue.
* Wait for the old NS RRet and referrals to expire from caches.
* Remove the old address records if they are no longer required.

In all cases you re-sign the zone whenever you make changes to it.


Thx
CT
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Mark,
Thank you for your very succinct response..

Exactly what I needed..

CT
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to