Home > Articles > Information Technology

  • Print
  • + Share This
From the author of

Moving a Nameserver

Moving a nameserver is probably easier technically, but involves more people than just the nameserver admin. It also involves all the servers that are slaves of it, and all the servers it is a slave for, as well as all those that delegate domains to it. If you count all this, you find that many things depend on that nameserver, both the function it performs and its IP address. Additionally, if the nameserver is used as a resolving, recursive nameserver by someone, all the resolv.conf files need to be fixed.

Actually, it's not as many as that. Spurious glue records are now avoided, discouraged, and even handled as errors. This means that the number of glue records in need of change is small—it is probably one. It should be the one in the domain above yours that points to your nameserver inside your domain. If you recall the emperor zone within the penguin.bv zone, it contained these records:

emperor         NS      ns.emperor
                NS      ns.herring.bv.
ns.emperor      A       192.168.56.3

The people delegating name service to your nameserver will have a glue record analogous to that in their zone. In this case, the bv TLD admins will have something like this:

...
penguin         NS      ns.penguin.bv.
penguin         NS      ns.herring.bv.
ns.penguin      A       192.168.55.2
ns.herring      A       192.168.226.3
...

So, before moving a server, you will need to notify the admins of the zone above you. It is quite likely, as is the case for penguin.bv, that this is a TLD registrar, and you have to cope with the registrars forms, requirements, and processing time. This means that you don't know when the registrar will change their glue record. But most registrars will not change the glue record unless there is a nameserver giving authoritative answers for the zone at the new address. This precludes you from just moving the name server as soon as possible after the registrar has changed the record. In addition, the TTL on a TLD is likely to be one day, but your superior zone may not be a TLD; in any case, the TTL may be a week, or more. More than week may pass before the entire world knows that your nameserver has moved. That's a lot of time. Plan ahead.

Whether you're right under a TLD or you admin a corporate sub-domain, a good course of action is to first set up a new server and change the NS records within the zone. Then notify the domain above you of the change; only when the glue record has been changed, and has propagated to the slaves and expired from caches, disable the old server. If need be, you can do this by way of a third machine that acts as master temporarily while you move the real host.

Remember, though, the NS record must point to a domain name, and that domain name must point to an A record. It cannot point to a CNAME record. Whenever you move a nameserver, play it straight. Or run quickly—to put things right.

  • + Share This
  • 🔖 Save To Your Account