Multi BIND DNS server merge

Posted on 2006-06-08
Last Modified: 2010-03-18
I have been charged with the process of merging two separate sets of dns servers into one (each with a primary and secondary server). We have our primary and secondary bind dns server running BIND 9.2.1 on say and

The second set of dns servers are running BIND 9.2.4 on and

While we will eventually update all the domains on the second set of servers to list the nameservers of the first set of dns servers I would like to merge the second onto the first as soon as possible.

My question is, can I simply setup a second NIC that would run on the 10.10.10.x network and then add the second servers domains to the named.conf file of the first server?

Is there a better/easier solution?

Thank you in advance.
Question by:GCaron

    Author Comment

    Would this be possible?

    If the second set of dns servers are and and they resolve to and respectively and the first set of dns servers are and which resolve to and respectively. Could I simply update the associated ip addresses of and to point to and after adding the zones to the first servers?

    Thanks again on any insight you can provide.

    LVL 19

    Accepted Solution

    If you add the zones on the second pair of servers to the master of the first pair, as slaves, let them do a zone transfer, then change their status to masters and slave it to the other server that's the transfer done. You would be advised in advance of the change to lower the TTL of your dns results to say 300 seconds, so that once you change the NS records, stale results won't be floating around everywhere looking for the old servers.
    LVL 1

    Assisted Solution

    There are a few important details left out of your question :

    Are these internal or public servers ?
    Are all clients able to reach both the 192.168.168.n and 10.10.10.n networks ?
    Do you have a specific arrangement of servers in mind as a target ? (eg, do you want to end up with 4 servers all the same, just servers, or ...)

    alextoft has already provided a basic mechanism to transfer zones.

    Your secondary question : "Could I simply update the associated ip addresses of and to point to and after adding the zones to the first servers?" provides more hints, and the answer to that is Yes, you can do that. It might be better though to actually change the nameservers to and because this will make zone file management easier in the long term.

    I'll assume that your end-plan is to have just 2 servers servicing all your clients for all the zones ...
    First thing is, which 2 servers ? If you use and then these are (according to your example addresses) in the same subnet. You might consider keeping or  if it is on a separate network for better resilience - that is a separate issue, it doesn't have much effect on the process. Also, as an aside, if you have (for example) and, I would suggest using something like and as your nameservers - I recall a while ago when there was a problem with the servers and all the isps that just had as nameservers just vanished from the net, it's rare but s**t happens.

    First thing is to get all the zones available on the servers you want. You already have a config file listing the zones (on the existing slave server), copy and paste the zone definitions into the configs for the other servers - don't forget that you may have to alter access controls if you restrict zone transfers etc.

    Once the zones have transferred, you can go to the registrar(s) and change the nameserver settings.

    Now, on the server you want to be master, promote all the slave zones to master, and demote the same zones to slave on the other server(s). Change ns records to match what you set at the registrar - eg if you choose to use and then these must be the servers listed both in the zone files and at the registrar.

    Keep the old servers around and active for a while, that way there will be no problems caused by clients using cached information and querying servers which are no longer there. This should be for a minimum of the TTL value of the ns records - but I would give it several weeks longer if you can as I've seen clients accessing a server well after the dns should have timed out.

    Once you have changed any systems which directly refer to the retiring server, you can shut them down (or disable DNS on them).

    You will find invaluable for testing !

    Author Comment

    Hi FurnessSupport,

    All the servers in question are on public ip, I was just using private ip addresses for the example. We have three primary servers on two separate networks for resilience. My end game is that I want to remove the servers completely.

    From the two responses I believe my best course of action would be to setup the domains as slaves on my servers to zone transfer all the files then convert them to master (on the master) etc. I will then update the ip address of and to match and, leaving the old servers up for several weeks to handle cached information. Once that has been done I can, at my leisure, update the listed nameservers at each of the domains from to use the nameservers.

    Does this sound about right?

    LVL 1

    Expert Comment

    Yes, that's about right. When you are tidying up the nameserver entries, just make sure that you keep the settings at the registry and the ns records in your zones in sync. There's be short periods when they won't agree, but it won't matter as long as they point to the same addresses.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Suggested Solutions

    Title # Comments Views Activity
    SNMP configuration on Debian server 5 67
    what is my network address? 3 26
    ovirt web management page 1 57
    linux 2 61
    I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
    Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now