switching entire DNS system to new servers and IP addresses
Iowa State University is replacing 7 ISC NAMED/BIND servers and 4 ISC DHCP servers with Infoblox servers on March 14th. We want to keep the domain names of our external servers the same (with one exception), but we will be changing all of the IPv4 and IPv6 addresses of those external servers. Current external name servers: DNS-1.IASTATE.EDU 129.186.6.249, 2610:130:101:100::249 DNS-2.IASTATE.EDU 129.186.88.249, 2610:130:102:e01::249 ISU.DNS.NORTHERNLIGHTS.GIGAPOP.NET 146.57.253.249, 2607:ea00:1:9::aa The exception is that we will be removing ISU.DNS.NORTHERNLIGHTS.GIGAPOP.NET (a server located at the UMN) and will be installing a server at UIowa (that will be named DNS-3.IASTATE.EDU). The new IPv4 addresses for the new external name servers will be: DNS-1.IASTATE.EDU 129.186.67.129 DNS-2.IASTATE.EDU 129.186.67.145 DNS-3.IASTATE.EDU 128.255.x.x <== not yet assigned We haven't assigned IPv6 addresses yet. We'd like advice about any issues or problems we might run into and to watch out for, what preparations should we do or must we do before the switch, and any other advice to help us make this switch go smoothly and unnoticed. Thank you. -- Rod Eldridge Networks & Communications IT Services, Iowa State University of Science and Technology ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Wildcard SRV record?
Wouldn't you just need this one SRV record: _vlmcs._tcp.foo IN SRV 0 0 1688 ais-dc01.ainfosec.com. [ see https://blogs.technet.microsoft.com/odsupport/2011/11/14/how-to-discover-office-and-windows-kms-hosts-via-dns-and-remove-unauthorized-instances/ ] -- Rod Eldridge Networks & Communications IT Services, Iowa State University of Science and Technology > On Oct 31, 2016, at 11:35 AM, Stephen Papewrote: > > Hello all, > > I have bind configured with a single TLD (.foo), and inside that are > records for a large number of subdomains (machine1.a.foo, > machine2.a.foo, machine1.b.foo, machine2.b.foo, etc.). DHCP clients > are assigned a domain based on some factors, but it might be a.foo, > b.foo, c.foo, etc. > > I'm trying to add a SRV record for everyone under .foo. I've tried: > > _vlmcs._tcp.*.foo.IN SRV 0 0 1688 ais-dc01.ainfosec.com. > > ... but it seems that wildcards don't work that way. I've tried > something similar with CNAMEs, but that didn't work either. > > What DOES work is adding a CNAME record for each and every domain that > I need. So a CNAME for _vlmcs._tcp.a.foo, _vlmcs._tcp.b.foo, etc. > > Is there a better way for me to do this, or do I have to generate a > whole lot of specific CNAME records? > > Thanks! > > -Stephen > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
receive_secure_serial: bad database
I haven't found a good explanation of that this log entry means: Oct 20 14:41:47 dns-s named[8311]: zone student.iastate.edu/IN/in (signed): receive_secure_serial: bad database I've found 58 log entires for this just in the last 90 minutes. Nothing before that in the last 9 days. I've also had named die several times for unknown reasons and once wasn't responding during this time as well. -- Rod Eldridge Networks & Communications IT Services, Iowa State University of Science and Technology ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users