Gothcas of changing the IP Address of an Authoritative DNS Server
Joe Abley
jabley at isc.org
Wed Dec 14 15:29:52 UTC 2005
On 14-Dec-2005, at 10:17, Joe Maimon wrote:
> Joe Abley wrote:
>
>> You also want to check all the registries which are superordinate
>> to zones your server is authoritative for, and check that any IP
>> addresses stored in those registries for your nameserver are
>> updated, otherwise you will experience either immediate or future
>> glue madness.
>
> I thought that would be only ONE registrar, hosting the ONE zone
> that contains the nameserver A record.
>
> Unless you are in the habit of having domains registered with their
> own nameserver glue and pointing it at the same IP address.
>
> Didnt registrars not allow that?
There are registries that store A records for nameservers that aren't
subordinate to the zones they publish. While it'd be probably
reasonable to assume that such registries wouldn't ever be able to
publish glue records which would cause operational problems (since
they'd be out-of-zone), in reality there's a substantial amount of
hokey DNS software in use out there and you can never quite predict
what will happen with absolute accuracy.
For my money, I'd err on the side of paranoia, and ensure that any
registry that had the old address stored in its database got the new
data, even if the old address isn't published in that registry's zone
today.
You're absolutely correct, however, that in an ideal world you'd only
have to worry about the registry which is superordinate to the name
of the authority server in question. It's quite possible that
assuming the world is ideal in this case will not cause substantial
problems; however, see paranoia, above.
Joe
More information about the NANOG
mailing list