Bind migration of master DNS (no DNSSEC used)
by shippropeller from LinuxQuestions.org on (#5RA59)
Hi
I run 2 bind DNS servers, 1 master and 1 slave on rented VPS from Linode and DigitalOcean on Ubuntu 16.04 which I want to migrate to newly setup VPS with Ubuntu 20.04
I don't want to upgrade them with do-release-upgrade.
There is no DNSSEC involved.
When I migrated last time from 14.04 to 16.04 I had to restart bind on new master and on slave several times until it was again in sync, so I want to do it "the right way" this time with smallest possible interruptions/restarts.
I saw already the ISC guide "How to change the nameservers for a zone":
https://kb.isc.org/docs/aa-00331
This doesn't answer how to change *master* nameserver for a zone or at least I don't recognize it in this article.
For the following config excerpts let's assume the 2 existing servers have IP addresses 10.1.1.1 (master) and 10.1.1.2 (slave) and the new master has 10.2.2.1, is configured as slave at the moment and also exists on TLD parent with glue.
--- old master 10.1.1.1 ---
#named.conf
acl slaves {
10.1.1.2;
10.2.2.1;
};
options {
recursion no;
allow-transfer { slaves; };
};
zone "example.com" in {
type master;
file "/etc/bind/db.example.com";
};
#/etc/bind/db.example.com
$TTL 3600
@ IN SOA oldmaster.example.com. webmaster.example.com. (
2021102901 ; Serial
10800 ; Refresh
3600 ; Retry
604800 ; Expire
86400 ; Minimum TTL )
IN NS oldmaster.example.com.
IN NS oldslave.example.com.
IN NS newmaster.example.com.
oldmaster IN A 10.1.1.1
oldslave IN A 10.1.1.2
newmaster IN A 10.2.2.1
--- slave 10.1.1.2 ---
#named.conf
masters masterservers { 10.1.1.1; };
options {
recursion no;
allow-transfer {"none";};
};
zone "example.com" in {
type slave;
masters { masterservers; };
file "db.example.com";
};
--- newmaster 10.2.2.1 (at the moment) ---
#named.conf
masters masterservers { 10.1.1.1; };
options {
recursion no;
allow-transfer {"none";};
};
zone "example.com" in {
type slave;
masters { masterservers; };
file "db.example.com";
};
--- END ---
So I need to change several Macros like masterservers, slaves, the MNAME in the SOA RR. If I remember correctly I did change last time the MNAME and as by reloading the oldmaster it recognized it is becoming slave and didn't send the update of SOA to slave. So I had to update things on newmaster, change masterservers Macro on slave and restart newmaster and slave and force retransfer and all such things.
So my question is: in which order do I change things to "do it right", all changes are sent via notifies by old or new master to respective servers and so on?
Regards,
shippropeller
I run 2 bind DNS servers, 1 master and 1 slave on rented VPS from Linode and DigitalOcean on Ubuntu 16.04 which I want to migrate to newly setup VPS with Ubuntu 20.04
I don't want to upgrade them with do-release-upgrade.
There is no DNSSEC involved.
When I migrated last time from 14.04 to 16.04 I had to restart bind on new master and on slave several times until it was again in sync, so I want to do it "the right way" this time with smallest possible interruptions/restarts.
I saw already the ISC guide "How to change the nameservers for a zone":
https://kb.isc.org/docs/aa-00331
This doesn't answer how to change *master* nameserver for a zone or at least I don't recognize it in this article.
For the following config excerpts let's assume the 2 existing servers have IP addresses 10.1.1.1 (master) and 10.1.1.2 (slave) and the new master has 10.2.2.1, is configured as slave at the moment and also exists on TLD parent with glue.
--- old master 10.1.1.1 ---
#named.conf
acl slaves {
10.1.1.2;
10.2.2.1;
};
options {
recursion no;
allow-transfer { slaves; };
};
zone "example.com" in {
type master;
file "/etc/bind/db.example.com";
};
#/etc/bind/db.example.com
$TTL 3600
@ IN SOA oldmaster.example.com. webmaster.example.com. (
2021102901 ; Serial
10800 ; Refresh
3600 ; Retry
604800 ; Expire
86400 ; Minimum TTL )
IN NS oldmaster.example.com.
IN NS oldslave.example.com.
IN NS newmaster.example.com.
oldmaster IN A 10.1.1.1
oldslave IN A 10.1.1.2
newmaster IN A 10.2.2.1
--- slave 10.1.1.2 ---
#named.conf
masters masterservers { 10.1.1.1; };
options {
recursion no;
allow-transfer {"none";};
};
zone "example.com" in {
type slave;
masters { masterservers; };
file "db.example.com";
};
--- newmaster 10.2.2.1 (at the moment) ---
#named.conf
masters masterservers { 10.1.1.1; };
options {
recursion no;
allow-transfer {"none";};
};
zone "example.com" in {
type slave;
masters { masterservers; };
file "db.example.com";
};
--- END ---
So I need to change several Macros like masterservers, slaves, the MNAME in the SOA RR. If I remember correctly I did change last time the MNAME and as by reloading the oldmaster it recognized it is becoming slave and didn't send the update of SOA to slave. So I had to update things on newmaster, change masterservers Macro on slave and restart newmaster and slave and force retransfer and all such things.
So my question is: in which order do I change things to "do it right", all changes are sent via notifies by old or new master to respective servers and so on?
Regards,
shippropeller