DNS Answer, Part II -- Domain regisration

Benjamin Scott dragonhawk at iname.com
Wed Aug 17 23:20:01 EDT 2005


On Aug 17 at 12:38pm, Cole Tuininga wrote:
> We are in the process of moving servers and providers.  We have a new
> server with the IPs 64.34.179.90 and 64.34.182.198. [...] it doesn't
> really make sense that a ns1.code-energy.com could be the primary
> nameserver for code-energy.com since it's required in order to resolve
> itself!

   When you register a second-level domain (like <code-energy.com.>), you do so 
with a registrar.  The registration includes the names and addresses of at 
least two nameservers.  You are required to provide the addresses because at 
the second level, almost anything is going to need glue.

   The registrar submits this information to the registry (who maintains the 
actual TLD zone).  There are multiple registrars for the <com.> TLD, but only 
one registry.  (Are we sufficiently confused yet?)

   The end result are a few records in the TLD zone.  NS records for the actual 
delegation, and A records for the glue.  The world can now find your 
authoritative nameservers.

   Your authoritative nameservers (<ns1> and <ns2>) should have identical 
copies of the zone.  The zone should have an SOA record.  The SOA record is 
where you claim authority for your zone.  The zone should have NS and A 
records which match the ones in the TLD zone.  Additional NS records are okay, 
but you should match the ones in the TLD.  And, of course, you can have any 
other records you want, within the limits of the protocol.

   If you want to change one or more of your listed name servers, the general 
best practice is:

1. Bring up the new name server(s) and make sure they have the same copy of
    the zone your existing name servers do.
2. Submit the addition(s)/modification(s) to the registrar.  Update your zone
    to reflect the change at the same time, and make sure all nameservers
    (old and new) load the updated zone.
3. Wait for the publication and TTL time delays to elapse.
4. Wait some more, just in case.
5. If you want to get fancy, use logging or statistics to make sure the old
    server(s) are no longer seeing queries.
6. Wait some more.  Just in case.  Again.
7. Decommission the old name server(s).
8. Repeat as needed.

   The idea here is to make sure (1) all your name servers are providing 
consistent information about your domain, and (2) the old servers stay running 
until everyone has switched to the new servers.

   You can do it all at once, if you like.  You get both new servers up, and 
submit registration changes with new IPs for both.  Wait it out, then shutdown 
old servers.  The only problem with this is if something goes wrong, you may 
not be able to back out the changes easily.

   Paranoid people (like me) do it in steps.  In the old days, when Network 
Delusions would only list two servers at once, you changed one server, waited 
it out, then changed the other and waited it out again.  This is still the 
only option if you're keeping all the same hardware but changing physical 
locations.  It keeps at least one good server alive all the time.

   These days, you are allowed to have more then one server, so you can do even 
better, if you have the equipment.  You bring up the new servers and submit 
those as adds.  You wait it out.  Now you've got old and new all answering 
queries.  If anything goes wrong with the new ones, you can just take 'em 
offline and tinker till it works.  Once you're happy, you can submit deletes 
for the old servers, wait it out, and then shut them down.

   The names of your nameservers don't matter; you don't need to use <ns1> and 
<ns2>.  In particular, if you do add-wait-remove-wait-shutdown, you can just 
keep <ns3> and <ns4> or whatever when you're done.  One local ISP uses <adam> 
and <eve>; I always liked that.

   It's important to keep your zone consistent because, as I mentioned earlier, 
the glue in the TLD is not authoritative.  If your zone data differs from the 
TLD data, and other systems manage to find that data somehow, things can get 
confused.

   As far as the waiting goes... you have to wait, first, for your registrar to 
submit the changes to the registry.  Then you have to wait for the registry to 
update the TLD zone.  Then you have to wait for TTL to expire.  TTL on the 
GTLDs should be 48 hours.  Registry updates usually happen within 24.  So 72 
hours is the usual figure one sees.

   As others noted, some big providers have been caught doing things like 
ignoring TTLs.  Exactly how prevalent this is is unclear to me at this time. 
Waiting more can never hurt.

   As far as the WHOIS queries that were being posted to this list... while 
WHOIS is useful, you should always ask DNS itself.  WHOIS is what the 
registrar claims is going on; it can sometimes diverge from the reality.  If 
you run DNS queries with "dig" or the like, you're doing what the computers 
actually do when they resolve a name.

   Finally, I'll mention that I've been using DomainMonger.com for domain 
registration for a few years and have no complaints.  Very reasonable rates 
(although you can find cheaper).  They include a reasonable set of services 
(DNS hosting, web forwarding, email forwarding) with the registration. They 
generally stay out of my way unless I ask.

-- 
Ben <dragonhawk at iname.com>



More information about the gnhlug-discuss mailing list