North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Gothcas of changing the IP Address of an Authoritative DNS Server

  • From: Joe Abley
  • Date: Wed Dec 14 10:34:27 2005

On 14-Dec-2005, at 10:17, Joe Maimon wrote:

Joe Abley wrote:

You also want to check all the registries which are superordinate to zones your server is authoritative for, and check that any IP addresses stored in those registries for your nameserver are updated, otherwise you will experience either immediate or future glue madness.
I thought that would be only ONE registrar, hosting the ONE zone that contains the nameserver A record.

Unless you are in the habit of having domains registered with their own nameserver glue and pointing it at the same IP address.

Didnt registrars not allow that?
There are registries that store A records for nameservers that aren't subordinate to the zones they publish. While it'd be probably reasonable to assume that such registries wouldn't ever be able to publish glue records which would cause operational problems (since they'd be out-of-zone), in reality there's a substantial amount of hokey DNS software in use out there and you can never quite predict what will happen with absolute accuracy.

For my money, I'd err on the side of paranoia, and ensure that any registry that had the old address stored in its database got the new data, even if the old address isn't published in that registry's zone today.

You're absolutely correct, however, that in an ideal world you'd only have to worry about the registry which is superordinate to the name of the authority server in question. It's quite possible that assuming the world is ideal in this case will not cause substantial problems; however, see paranoia, above.


Joe