No, of course, if both servers are alive and "online" at the same time, you might as well not redirect the stream. However if you need to take the older system offline, or if you need to only have one system online at one given time, then redirecting the traffic will catch the glitches in the redirection of DNS, and it is possible.
Kind regards, Fredrik Widlund -----Original Message----- From: Jason Dixon [mailto:[EMAIL PROTECTED] Sent: den 10 september 2008 14:19 To: Fredrik Widlund Cc: Fubar; PF List Subject: Re: Reality check On Sep 10, 2008, at 7:51 AM, Fredrik Widlund <[EMAIL PROTECTED]> wrote: > Though some ISPs override DNS TTL, and the Microsoft IE browser > itself also does this. If it is business critical then a PF router > can indeed easily do this to catch the few cases where the old > server is still being used. This exists no matter what you do. Routing through an additional firewall/proxy, assuming both websites are live, does nothing to help. -J. > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Jason Dixon > Sent: den 10 september 2008 13:14 > To: Fubar > Cc: PF List > Subject: Re: Reality check > > On Wed, Sep 10, 2008 at 05:37:24PM +1000, Rod Whitworth wrote: >> I'm suffering from sleep deprivation today so benzedrine.cx sounds >> inviting ;-) >> >> Anyway a friend has a problem and I'd like a check on the sanity of >> my >> hazy proposed solution. >> >> All addresses are fictitious. >> >> X has a webserver which has address 1.2.3.4 He wants to change his >> hosting to another provider where a new server will be given address >> 5.6.7.8 >> >> The time of changeover is not entirely under X's control but the >> domain's DNS is. >> >> X would like all traffic to proceed to/from 1.2.3.4 until 5.6.7.8 is >> ready and then switch with absolutely minimal downtime. Of course.. >> >> My foggy brain says that it should be possible to use a box running >> pf >> to route requests arriving on one external interface (say 9.8.7.6) >> out >> another one (we have enough spare IPs on separate netblocks) to >> 1.2.3.4 >> until cut-over time and then pf.conf swaps to sending it to 5.6.7.8. >> >> If we put 9.8.7.6 into the DNS as the webserver address we should be >> able to transparently route the traffic to whichever real webserver >> we >> wish .......... I think. >> >> Then when all is stable we swap the DNS records to point to 5.6.7.8 >> and >> when no more traffic is seen to pass through our "black box router" >> we >> dispense with it. >> >> Will this scheme work? Do I need to use binat? (all addresses are >> global) does it matter if the webserver answers client requests and >> the >> traffic does not come back via the black box? > > This is silly. Just lower your DNS TTL and change your records > whenever > the new box is up and ready for traffic. Once your TTL has expired > (old > one + new one) then you're guaranteed all requests are hitting the new > server. > > Watching logs (as another reply suggested) doesn't work because you > never know when that last request will hit (unless you're managing > your > TTL). > > -- > Jason Dixon > DixonGroup Consulting > http://www.dixongroup.net/
