Due to some network reorganization, there are some who
would like to change the IP addresses of our master and slave
domain name servers. We haven't changed these
A records in twelve years. Since then, we have expanded from supporting one
forward zone and a couple of reverse zones to 77 forward zones
registered by almost as many different people through many companies.
If we must do this, is there any elegant way to
keep from having to handle these domains one at a time? I am 98%
certain the answer is no, but I will ask anyway.
I have been counseling strongly against making this much
work for ourselves due to the twin problems of having to change
all those domains one at a time and the public-education campaign
explaining the resolver changes effecting those literally hundreds, possibly
thousands of systems that have had hard-coded DNS addresses which
were "set up by Dr. Jeckle X years ago and he has since
gotten fired and won't get out of Federal Prison until
2020-something/died/left in an 8-cylinder huff/graduated, etc, and now you're
doing what!?"
That reference to being fired and Federal prison actually
covers one domain. A whois run just 6 minutes ago as I write
this message still lists the individual in question as the registrant
and there is an active web page at that address.:-) Darn, no
Federal Bureau of Prisons inmate number in the admin contact
field. What a day!
Seriously, any constructive ideas are greatly appreciated.
Martin McCormick WB5AGZ Stillwater, K
Systems Engineer
SU Information Technology Department Network Group
Well if the nameservers only have single names each (which
is why NS records take names not IP addresses) you only
need to change the host records for the nameservers.
I would add new boxes. Make the old master a slave of the
new box. Make the old slaves use the new master. Change the
address records so that the old boxes are stealth slaves.
Update whois. Wait for the glue records to be update and
the TTL's of both the old glue and old address records to
expire.
At this point all external clients should be using the new
authoritative servers.
Then you need to look at the query logs on the old boxes
and chase down who is still using them. You will have
non-recursive queries (SA and AXFR/IXFR) for slaves you
weren't aware of. You will have recursive queries for
machine which have them configured into stub resolvers or
as forwarders.
If you are using DHCP don't forget to update the DHCP
configuration.
Mark