DNS Answer, Part II -- Domain regisration
Benjamin Scott
dragonhawk at iname.com
Wed Aug 17 23:20:01 EDT 2005
On Aug 17 at 12:38pm, Cole Tuininga wrote:
> We are in the process of moving servers and providers. We have a new
> server with the IPs 64.34.179.90 and 64.34.182.198. [...] it doesn't
> really make sense that a ns1.code-energy.com could be the primary
> nameserver for code-energy.com since it's required in order to resolve
> itself!
When you register a second-level domain (like <code-energy.com.>), you do so
with a registrar. The registration includes the names and addresses of at
least two nameservers. You are required to provide the addresses because at
the second level, almost anything is going to need glue.
The registrar submits this information to the registry (who maintains the
actual TLD zone). There are multiple registrars for the <com.> TLD, but only
one registry. (Are we sufficiently confused yet?)
The end result are a few records in the TLD zone. NS records for the actual
delegation, and A records for the glue. The world can now find your
authoritative nameservers.
Your authoritative nameservers (<ns1> and <ns2>) should have identical
copies of the zone. The zone should have an SOA record. The SOA record is
where you claim authority for your zone. The zone should have NS and A
records which match the ones in the TLD zone. Additional NS records are okay,
but you should match the ones in the TLD. And, of course, you can have any
other records you want, within the limits of the protocol.
If you want to change one or more of your listed name servers, the general
best practice is:
1. Bring up the new name server(s) and make sure they have the same copy of
the zone your existing name servers do.
2. Submit the addition(s)/modification(s) to the registrar. Update your zone
to reflect the change at the same time, and make sure all nameservers
(old and new) load the updated zone.
3. Wait for the publication and TTL time delays to elapse.
4. Wait some more, just in case.
5. If you want to get fancy, use logging or statistics to make sure the old
server(s) are no longer seeing queries.
6. Wait some more. Just in case. Again.
7. Decommission the old name server(s).
8. Repeat as needed.
The idea here is to make sure (1) all your name servers are providing
consistent information about your domain, and (2) the old servers stay running
until everyone has switched to the new servers.
You can do it all at once, if you like. You get both new servers up, and
submit registration changes with new IPs for both. Wait it out, then shutdown
old servers. The only problem with this is if something goes wrong, you may
not be able to back out the changes easily.
Paranoid people (like me) do it in steps. In the old days, when Network
Delusions would only list two servers at once, you changed one server, waited
it out, then changed the other and waited it out again. This is still the
only option if you're keeping all the same hardware but changing physical
locations. It keeps at least one good server alive all the time.
These days, you are allowed to have more then one server, so you can do even
better, if you have the equipment. You bring up the new servers and submit
those as adds. You wait it out. Now you've got old and new all answering
queries. If anything goes wrong with the new ones, you can just take 'em
offline and tinker till it works. Once you're happy, you can submit deletes
for the old servers, wait it out, and then shut them down.
The names of your nameservers don't matter; you don't need to use <ns1> and
<ns2>. In particular, if you do add-wait-remove-wait-shutdown, you can just
keep <ns3> and <ns4> or whatever when you're done. One local ISP uses <adam>
and <eve>; I always liked that.
It's important to keep your zone consistent because, as I mentioned earlier,
the glue in the TLD is not authoritative. If your zone data differs from the
TLD data, and other systems manage to find that data somehow, things can get
confused.
As far as the waiting goes... you have to wait, first, for your registrar to
submit the changes to the registry. Then you have to wait for the registry to
update the TLD zone. Then you have to wait for TTL to expire. TTL on the
GTLDs should be 48 hours. Registry updates usually happen within 24. So 72
hours is the usual figure one sees.
As others noted, some big providers have been caught doing things like
ignoring TTLs. Exactly how prevalent this is is unclear to me at this time.
Waiting more can never hurt.
As far as the WHOIS queries that were being posted to this list... while
WHOIS is useful, you should always ask DNS itself. WHOIS is what the
registrar claims is going on; it can sometimes diverge from the reality. If
you run DNS queries with "dig" or the like, you're doing what the computers
actually do when they resolve a name.
Finally, I'll mention that I've been using DomainMonger.com for domain
registration for a few years and have no complaints. Very reasonable rates
(although you can find cheaper). They include a reasonable set of services
(DNS hosting, web forwarding, email forwarding) with the registration. They
generally stay out of my way unless I ask.
--
Ben <dragonhawk at iname.com>
More information about the gnhlug-discuss
mailing list