[Pdns-users] Wondering if this will work.
Alan Hodgson
ahodgson at simkin.ca
Wed Oct 30 14:14:01 UTC 2013
On Wednesday, October 30, 2013 01:35:06 PM Hoy Henry wrote:
> My intent with this is to shut down my current NS2 BIND server and cutover
> to the new environment with the fresh NS1 and NS2 PDNS installs. With
> this, I would LIKE to re IP NS1 and NS2 to different addresses when the
> cutover happens. If I do this, will this be a problem? Do I need to
> change the IP addresses on the Current NS2 (And NS1 Entry in DNS) and let
> those records propagate before making the cutover?
One thing you might have overlooked is that there are glue records registered
with your DNS provider that are inserted into the TLD zone file. Those have a
48 hour TTL, generally, and you have to change those when you re-IP. They
should match the entries in your relevant zone.
It's probably best to re-IP one name server at a time, therefore, making the
appropriate change at the registrar and in your zones (on both old and new
servers), then wait at least 48 hours (or more, if your own A record has a
higher TTL) before changing the IP of the other name server.
> As a secondary question, what would be the proper IPTABLE rules to allow the
> communication of DNS to happen? I will not be using recursion with these
> servers for dns lookups.
For DNS, you need to allow inbound UDP and TCP port 53. Technically, in most
cases, you could get away with just UDP, but if you have any records larger
than 512 bytes or you get queries from some old broken resolvers, you need the
TCP as well.
More information about the Pdns-users
mailing list