[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Moving from one ISP to another, along with new nameservers

Posted on 2014-08-04
15
Medium Priority
?
450 Views
Last Modified: 2014-08-08
Current ISP is closing it's doors.  They also host our DNS records(about 5 total...MX, A, SPF and SRV).  New ISP will have new circuits up this Friday, but it looks like they don't include hosting nameservers without paying extra, so I thought I'd just use my registrar(register.com) as our nameserver(s) and host the DNS records there for free.  Since my servers(email and VPN appliance) will now have new public IPs(both are Nat'd on the firewall), is there a way to seamlessly transfer over with no/minimal downtime?  
In a nutshell:

OLDISP hosts our MX record, autodiscover record, A record for VPN and SPF record.  All of these records are using public IP addresses provided by OLDISP. Currently, when I look up our nameservers on register.com, they point to the nameservers hosted by OLDISP.

NEWISP has given me a new block of public IP addresses to use for my records. I would like to use register.com to manage my records as well as be my new nameserver(s).

I can't figure out how to do this on a Friday afternoon with little to no downtime.....  Thanks for any advice/suggeastions.
0
Comment
Question by:tenover
  • 6
  • 5
  • 4
15 Comments
 
LVL 9

Assisted Solution

by:stu29
stu29 earned 500 total points
ID: 40239657
Unfortunately there is no way to do this without downtime.  You have to move you name servers over to register.com, once it is there, you have to manually create a new record for each entry.  You would think they would have this down by now, but alas it is still a manual process.  Usually, the main DNS servers will update within 30 mins to an hour, and the lesser ones within 4hrs.

Once you have done this, update your firewall config's and wait ...
0
 

Author Comment

by:tenover
ID: 40239675
Thanks.  Would it make more sense to do this in steps, like so:

Have OLDISP(current nameserver host) update current records with the new public IP addresses.

Wait a week, then move nameservers from old ISP to register.com

OLDISP is getting rid of their T! hosting services, but has offered to keep hosting DNS zone and FTP services if would like them to.....

...?
0
 
LVL 9

Expert Comment

by:stu29
ID: 40239704
Honestly it is six and half a dozen.  Either way you have to wait for replication to take place to update either your existing records, or your new ones.  And changing your name server update is replicated the same way.

You may save yourself a bit of time on the IP replication, BUT .. you would then have another set of possible downtime when you change your name server as the old Name servers delete your old records and your new replicates out your new.
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 

Author Comment

by:tenover
ID: 40239730
Uggh....
Is there any MORE downtime involved if I go with my original plan, which would be to do EVERYTHING at once(change over my nameservers AND change all the public IP/zone entries)??  Is there a preferred wokflow for this?

I ask because THIS  Friday, the new ISP will be coming out with a new router and turning on the circuit.  At that point, I need to know in what order I should do/have done things for minimal downtime.

- change nameservers
- update all entries on new name servers with new public IPs
- bring new router up
- change any firewall NAT settings and/or references to public IPs and DNS settings
- reboot firewall
0
 
LVL 9

Expert Comment

by:stu29
ID: 40239779
Talk to Register.com and find out how long from when you pull your Name Servers over to them, you can create records.  Between this and replication it your downtime.  usually it is instant.

For your DNS

Move your name servers
Create your old records
Sit and wait.

For your new circuit:

Bring up your new router and test connectivity and stability.
Once you have signed off on the new circuit, either change your current config (or load your prior altered one ... this is what I usually do as during switch overs your concentration is never the best .. smile)
Reboot your router
Reboot your firewall
Test connectivity out
Test connectivity in (telnet etc)
Sit and wait for replication to occur from the DNS steps so your services will start working.

IF .. your firewall will handle BOTH your old circuit and your new circuit, you could configure it to accept mail etc on both old and new IP while replication takes place.
0
 
LVL 9

Expert Comment

by:stu29
ID: 40239781
TYPO

For your DNS

Move your name servers
Create your NEW records
Sit and wait.
0
 
LVL 16

Expert Comment

by:Jon Brelie
ID: 40239784
Can you add both lines?  IE: old ISP and new ISP concurrently?  If so, you can do this with zero downtime.

Otherwise, you're looking at whatever the TTLs are on your current host.

If you cannot, then your best bet is to move DNS to register.com *before* you change the lines.

1.  Change Auth NS to register.com, and setup identical records.  No downtime because remote hosts will either go to your old ISP or register.com.  It  doesn't matter which they hit because the records are identical.

2. CALL register.com and ask them to manually set the TTL on your hosted records there as low as possible.  (REgister.com tools do not allow you to specify TTL)

3. On new ISP day, have your new records ready to go and update them at register.com as soon as your new line is coming up.  (here you are subject to *potential* downtime for clients, but shouldn't be any longer than the TTL at Register.com.)
0
 

Author Comment

by:tenover
ID: 40239973
"1.  Change Auth NS to register.com, and setup identical records.  No downtime because remote hosts will either go to your old ISP or register.com.  It  doesn't matter which they hit because the records are identical."

I like this route, however it looks like as soon as I click on the register.com choice to "use register.com domain name servers", it will take over and remove my current name servers, which currently hold all the records.  There doesn't seem to be a way to go in and copy all my records over, and then on Friday, "flip the switch" to move from OLDISP name servers to register.com nameservers.....
0
 
LVL 16

Assisted Solution

by:Jon Brelie
Jon Brelie earned 1500 total points
ID: 40240449
Correct.  Register.com will become THE nameservers.  However remote clients that have cached the old name servers will still get valid records from the old servers until they are refreshed to use the "correct" servers.

Essentially, Yeah they're looking in the wrong place, but it doesn't matter.  Whether they look at the old servers, or the new, they'll still find the droids they're looking for.

You only have a handful of records.  If you create them immediately after taking DNS Auth over at register.com, you'll have TWO fully functioning DNS authorities that will answer requests until things propagate and everyone is using Register.com.
0
 

Author Comment

by:tenover
ID: 40240483
"If you create them immediately after taking DNS Auth over at register.com, you'll have TWO fully functioning DNS authorities that will answer requests until things propagate and everyone is using Register.com."

That is, if I update BOTH the OLD(OLDISP) and NEW(register.com) around the same time, right?  Once I switch ISPs(remember, all the public IPs are changing) then the OLD IPs won't work at all.......??
0
 
LVL 16

Assisted Solution

by:Jon Brelie
Jon Brelie earned 1500 total points
ID: 40240486
Nope, nope, nope.

You want to change DNS providers well before you do any actual network changes.  That way everything is settled and all remote clients are using register.com.

Like a week before.

That way you only have to change them in ONE place when you make your actual IP changes.  You're still subject to a minor interruption in service - about equivalent to whatever your new TTLs at register.com are.

But at least you won't have any outages during the DNS shift.

Trying to do them at the same time doubles your potential failure points.
0
 

Author Comment

by:tenover
ID: 40240491
Ok, thanks.  So what you are recommending, if the cutover is this Friday.....

On Wednesday, change my name server(s) from OLDISP to register.com and copy all the current records over to register.com, as they exist today(won't these changes still take a long time to propagate?? Outage would occur HERE instead of at cutover).

On Friday, right before the actual cutover, login to register.com and make all the DNS/IP modifications.

Make NAT/Address changes on Firewall(SonicWall NSA 3500)
Reboot Router.
Reboot Firewall.

??
0
 
LVL 16

Accepted Solution

by:
Jon Brelie earned 1500 total points
ID: 40240495
Pretty much, yes.

But not Wednesday.  Do it tomorrow.  DNS propagation doesn't take as long as it used to.

Everything else is fine, except for one thing:
Some remote clients will cache auth DNS servers for a domain and won't bother to check for updates as long as they are still getting records from the servers they are checking.

So:  Once you make the cut on the line and update records at register.com, call your old ISP and ask them to delete the zonefile for your domain from their servers.  When stubborn clients can't get the records they are looking for, *then* they'll finally do a public authDNS lookup and find where to go. (register.com)
0
 

Author Comment

by:tenover
ID: 40240500
Thanks.  I have a direct line to our current(small time) ISP, and they can delete within minutes. So to sum it up.......

- Login to register.com sometime in the next 24 hours and make them my new nameserver(s)
- Recreate all current DNS records from OLDISP to register.com immediatley(downtime will occur here)
- Upon cutover(This Friday, late afternoon), log back in to register.com and modify records to reflect NEWISP public IP addresses(downtime will occur here).
- Make any WAN interface/NAT changes on firewall
- Reboot Firewall
- Reboot router.


?
0
 
LVL 16

Expert Comment

by:Jon Brelie
ID: 40240505
Plus call your existing ISP to get the (now) incorrect zonefile removed.

You got it.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question