Peter Rathlev <pe...@rathlev.dk> wrote: > We currently have two internal DNS servers that are both authoritative > for a range of internal zones and caching resolvers for our clients. We > would like to split this so authorizative and caching roles exist on > different servers. And we would like to do this with as little down > time as possible, also for dynamic zones. > > Moving static zones is of course trivial. Moving dynamic zones is what > I cannot quite wrap my head around.
I suggest the following process: * Set up a new hidden master, with copies of your zones. (See below) * Change your existing servers to slave from the new hidden master instead of the old master. Reconfigure the old master to be a slave of the new one. * Add new slaves which will be your new authoritative-only servers. * Change your delegations to point to your new authoritative-only servers. You don't need to worry about the data on disk on your existing slaves. They will continue to serve the same data, they will just xfer changes from a different master. My program nsdiff (http://dotat.at/prog/nsdiff) is useful for copying dynamic zones from from an existing master to a new master without faffing around with `rndc freeze`. On the new master, run nsdiff -m oldmaster -s localhost myzone | nsupdate -l and it will axfr the zone from the oldmaster and copy it into the new master using dynamic updates. (If you are changing your DNS infrastructure then nsdiff can be useful for verifying that the zone data is consistent between old and new.) Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ Southwest Forties, Cromarty, Forth: Southeasterly 6 to gale 8, occasionally severe gale 9 later. Rough or very rough, occasionally high later. Rain at times. Moderate, occasionally poor. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users