Re: Migrate domains to different DNS servers
On 04/20/2011 00:25, listus...@gmail.com wrote: Hello all, We have a couple of BIND 8 DNS servers that we want to decommission, obviously we need to migrate the domains to other DNS servers first, which ordinarily involves zone transfer and domain re-delegation. Redelegation, yes. I'm not sure why you think zone transfer is required though, since you could conceivably just transfer the zone and configuration files. However, we do not have control over a lot of the domains (think hundreds) on the BIND 8 servers, meaning we cannot re-delegate. A desperate measure (if you want to call it) is to transfer the zones to the new DNS infrastructure then change the A record of the old DNS to use the IP address of the new DNS. Effectively the old DNS becomes an alias of the new DNS. Um, what you're saying here doesn't really make sense, nor did your (obfuscated) example. If you are dealing with domains that you cannot redelegate your options are extremely limited. You need to keep the hostnames that the zones are delegated to alive, since (in an ideal world) the delegations are to hostnames. Assuming that there are no glue records that point to the old IP addresses, what you _should_ be able to do, assuming that you control the domain(s) that the name server records are in is to change the IP addresses to those of the new name servers. If that doesn't work what you may have to do is to add the old IP addresses as aliases on the new systems, and make sure that named is listening on those IP addresses too. So your steps should be: * Reduce the TTL on the NS record hostnames to, say, 6 hours or so, then wait at least as long as the old TTL before proceeding past the next step * Get all of the zones on the old servers active on the new ones (likely by copying the zone files, and the relevant configuration) * Once the old TTL has expired, update the host names that the NS records are pointed to now to the IP addresses of the new name servers * Check to make sure that all of the domains are working, at least once after you make the change, once again 6 hours later, again 6 hours after that, and again about 3 days after you made the change. * Update the TTL of the NS record hostnames to match what the parent has, which is usually 2 days (172800 seconds) * If desired, redelegate the domains you have control over to the new name server hostnames. hth, Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Migrate domains to different DNS servers
Hello all, We have a couple of BIND 8 DNS servers that we want to decommission, obviously we need to migrate the domains to other DNS servers first, which ordinarily involves zone transfer and domain re-delegation. However, we do not have control over a lot of the domains (think hundreds) on the BIND 8 servers, meaning we cannot re-delegate. A desperate measure (if you want to call it) is to transfer the zones to the new DNS infrastructure then change the A record of the old DNS to use the IP address of the new DNS. Effectively the old DNS becomes an alias of the new DNS. Example: Current: oldns1.domain.com 1.0.0.1 oldns2.domain.com 1.0.0.2 newns1.domain.com 2.0.0.1 newns2.domain.com 2.0.0.2 Future: oldns1.domain.com 2.0.0.1 oldns2.domain.com 2.0.0.2 newns1.domain.com 2.0.0.1 newns2.domain.com 2.0.0.2 We will give more thought about this, but so far it looks like it will work. Do you see any problem with this approach? Thanks for you valuable inputs. Peter ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Migrate domains to different DNS servers
Dnia 2011-04-20 17:25 listus...@gmail.com napisał(a): Hello all, We have a couple of BIND 8 DNS servers that we want to decommission, obviously we need to migrate the domains to other DNS servers first, which ordinarily involves zone transfer and domain re-delegation. However, we do not have control over a lot of the domains (think hundreds) on the BIND 8 servers, meaning we cannot re-delegate. In what sense you don't have control? I assume you don't have administrative access to the BIND8 boxes. Do you have AXFR access to BIND8 boxes and/or do you have the zone files? Do you have access to registrar, where you have registered your domains? Also, important factor is whether the DNS for those domains are in-zone or out-zone i.e. assume you have example.com. Are NS servers ns1.example.com (in-zone) or ns1.otherdomain.com (out-zone) One important problem is data. If you don't have access to zones' contents (either via AXFR or having zone files) then how would you know what your new nameservers should respond? Assuming you have data, here are your options for delegation If you have access to registrar, you can freely change the servers domain is delegated to, so you can simply change that delegation. i.e. domain was delegated to ns1.domain.com, now is to ns3.domain.com or ns1.newdomain.com In case of out-zone nameservers that's only a name change. In case of in-zone nameservers, it's either name and IP address change, or only IP address change. If you don't have registrar access, you have out-zone nameservers and you control (can change RR in) the zone that nameservers are, you can change the A/ records for NS, which will be a variation of your idea. If you don't have registrar access and either you have in-zone nameservers, or can't control A/ records of out-zone nameservers, than AFAIK you're out of luck. A desperate measure (if you want to call it) is to transfer the zones to the new DNS infrastructure then change the A record of the old DNS to use the IP address of the new DNS. Effectively the old DNS becomes an alias of the new DNS. Possible problem: glue records. With internal NS and no access to registrar you have no way to update glue records, so domain will still be delegated to old servers. Regards, Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Migrate domains to different DNS servers
By re-delegate do you mean at the Registrars and ISPs? If so and if you have more than one DNS server for redundancy (as you should) then you can replace one server at a time using the same name/IP on the new server as on the old server. When we did this a few years back we simply moved the network cables from old server to new server (after configuring the new server of course). Of course you'd want to disable any notification/transfer from old BIND8 to new BIND9 prior to doing that. -Original Message- From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of Torinthiel Sent: Wednesday, April 20, 2011 5:59 AM To: bind-users@lists.isc.org Subject: Re: Migrate domains to different DNS servers Dnia 2011-04-20 17:25 listus...@gmail.com napisał(a): Hello all, We have a couple of BIND 8 DNS servers that we want to decommission, obviously we need to migrate the domains to other DNS servers first, which ordinarily involves zone transfer and domain re-delegation. However, we do not have control over a lot of the domains (think hundreds) on the BIND 8 servers, meaning we cannot re-delegate. In what sense you don't have control? I assume you don't have administrative access to the BIND8 boxes. Do you have AXFR access to BIND8 boxes and/or do you have the zone files? Do you have access to registrar, where you have registered your domains? Also, important factor is whether the DNS for those domains are in-zone or out-zone i.e. assume you have example.com. Are NS servers ns1.example.com (in-zone) or ns1.otherdomain.com (out-zone) One important problem is data. If you don't have access to zones' contents (either via AXFR or having zone files) then how would you know what your new nameservers should respond? Assuming you have data, here are your options for delegation If you have access to registrar, you can freely change the servers domain is delegated to, so you can simply change that delegation. i.e. domain was delegated to ns1.domain.com, now is to ns3.domain.com or ns1.newdomain.com In case of out-zone nameservers that's only a name change. In case of in-zone nameservers, it's either name and IP address change, or only IP address change. If you don't have registrar access, you have out-zone nameservers and you control (can change RR in) the zone that nameservers are, you can change the A/ records for NS, which will be a variation of your idea. If you don't have registrar access and either you have in-zone nameservers, or can't control A/ records of out-zone nameservers, than AFAIK you're out of luck. A desperate measure (if you want to call it) is to transfer the zones to the new DNS infrastructure then change the A record of the old DNS to use the IP address of the new DNS. Effectively the old DNS becomes an alias of the new DNS. Possible problem: glue records. With internal NS and no access to registrar you have no way to update glue records, so domain will still be delegated to old servers. Regards, Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Proud partner. Susan G. Komen for the Cure. Please consider our environment before printing this e-mail or attachments. -- CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. -- ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
