Bortzmeyer Stéphane

bortzmeyer@nic.fr

$Date: 2005-03-08 09:45:25 $

So, you want or need to change the IP address of a name server? And the name server is authoritative for a TLD? This requires careful planning. Here is a check-list. First, an advice. It is not a DNS-specific thing. General engineering practices apply: plan, write down, backup and test. I mention a few DNS-specific tricks but all the failures I've seen in changing DNS information came, not from ignorance of the DNS, but from ignorance of general engineering practices (planning, mostly, and lack of written plannings).

Decrease the TTL before (the typical TTL of an A record is one day, so you must decrease it at least one day before the change, you can use dig A domain to see the current TTL in seconds). Perform the change (on an Unix machine, grep ip.address /etc/**/* - the double star requires a modern shell like zsh - is always useful in order not to forget anything). Test in depth. Increase the TTL back to its former value.

It is better when you can keep both IP addresses for the duration of the change. If it is not possible, it will work but it will be more complicated. Send your written down plan (see first advice) to your secondaries and to the upper domain.

For a DNS server of a TLD, same thing but replace "upper domain" by "root" (ICANN). Of course, the written plan include dates, something like: 2004-12-03 09:00 UT : Send an early warning to the secondary and to IANA 2004-12-06 09:00 UT : Validate the filled-in IANA form 2004-12-07 09:00 UT : Change the TTL to 600 s 2004-12-08 12:00 UT : Change the IP address of ns1.example to 1.2.3.4 2004-12-08 12:00 UT : Send the filled-in form to IANA 2004-12-08 12:00 UT : Tell the secondaries about the change 2004-12-09 16:00 UT : validate the setup and increase the TTL again And will be checked by experts/colleagues.