Switching ISPs - DNS Changes

Posted on 2011-02-26
Last Modified: 2012-05-11
We are in the process of switching ISPs to improve our bandwidth - service will overlap - we have not cancelled the first one but the new one will be providing service next week - they have provided me with my new block of static ip addresses.

Now internally I've got a Fortigate 80C firewall (V4MR2 - Patch2 ) so theoritically I could be supporting two wan interfaces (I would rather not have to figure out how to configure that and then put it back after we get rid of ISP 1 unless you give me a compelling reason to).

Behind the firewall are three servers - all running Server 2003; one is our primary domain controller and handles AV installations (attached to logon scripts) as well as hosting a web based paging service for our staff.  Second server is Exchange 2003 (we are currently hosting our own mail although incoming  is screened by third party SPAM Filter before delivery to us).  

Now I know I need to reconfigure firewall with new addresses and I need to get the company who hosts our domain name to alter DNS records for us - which dns records do I have to request changes to and given the potential delay in propagation of dns changes how to I best time this to minimize disruption of service to all of our users (I can't afford to have 100+ users upset about missing e-mail!)

Question by:Lisaa_G
  • 2
  • 2
  • 2
  • +2
LVL 76

Accepted Solution

Alan Hardisty earned 250 total points
ID: 34989065
Get your hosting company to add a new MX record as a lower priority for one of your new IP Addresses as soon as you have decided which one you are going to use, make sure that IP Address is clean (check on and and get your ISP to configure Reverse DNS on the new IP Address once the MX record is in place (some won't put Reverse DNS in place until an MX record exists!).

Then when you are ready to switch over (a minimum of 48 hours later) - there should be no loss of email because your MX records will have replicated globally and as your primary IP won't be available, the secondary one will.

When the switch is complete, remove the old MX record and job done.

Please also have a read of my article to check the new IP Address is configured correctly:

Assisted Solution

droyden earned 100 total points
ID: 34989067
Prior to the DNS change you should ask the current company who runs the dns to drop the cache and time to live (TTL) values down very low. Although this will mean that their DNS servers will get more traffic over the migration period it will also mean that dns changes are reflected and propagated across other servers alot quicker (since they arent caching for so long)

Assisted Solution

Llacy80 earned 100 total points
ID: 34989073
You will need to change the A and MX records and any other host records through your DNS provider (most offer you the ability to login in to their web interface to change it). I would change on a Friday evening if possible because it can sometimes take up to 48 hours to propogate.

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.


Assisted Solution

sshah254 earned 50 total points
ID: 34989091
Droyden is right - drop the TTL.  Your TTL must be 86400 (1 day).  If you have it lower you are lucky.  Most registrars will allow you to lower your TTL to between 300 (5 mins) to 14400 (4 hours).  Drop it to as low as value as possible, and then follow alanhardisty's steps.


Author Comment

ID: 34989094
Thank you all - great input and really fast !  This sounds great from a service continuity perspective which is my primary concern - this sound like I'll have to keep both wan interfaces on the firewall for a short period though - am I correct?


Assisted Solution

Llacy80 earned 100 total points
ID: 34989095
Also since you do have a third party spam in place your lowest MX record is already set to them so I am pretty sure any undeliverable mail should be queued up on their end...
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 250 total points
ID: 34989103
You won't need to keep both WAN interfaces alive - if you have two MX records - one pointing to the old IP and one to the new IP - you can switch ISP's at your leisure and then only have one working WAN port.  Mail will try delivery to the primary MX record and then failover to the secondary.

Author Closing Comment

ID: 34989133
Thank you all - hope you don't mind sharing the points.

Great answers - complete - I can proceed with confidence now - you all make me look good!

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exchange 2007 3 29
powershell question need assistance 10 26
Delete Public Folder DB after migration 4 14
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now