switching entire DNS system to new servers and IP addresses

[Eldridge, Rod A [ITNET]]

Iowa State University is replacing 7 ISC NAMED/BIND servers and 4 ISC DHCP 
servers with Infoblox servers on March 14th. We want to keep the domain names 
of our external servers the same (with one exception), but we will be changing 
all of the IPv4 and IPv6 addresses of those external servers.

Current external name servers:

   DNS-1.IASTATE.EDU   129.186.6.249, 2610:130:101:100::249
   DNS-2.IASTATE.EDU   129.186.88.249, 2610:130:102:e01::249
   ISU.DNS.NORTHERNLIGHTS.GIGAPOP.NET  146.57.253.249, 2607:ea00:1:9::aa
  

The exception is that we will be removing ISU.DNS.NORTHERNLIGHTS.GIGAPOP.NET (a 
server located at the UMN) and will be installing a server at UIowa (that will 
be named DNS-3.IASTATE.EDU).

The new IPv4 addresses for the new external name servers will be:

   DNS-1.IASTATE.EDU   129.186.67.129
   DNS-2.IASTATE.EDU   129.186.67.145
   DNS-3.IASTATE.EDU   128.255.x.x <== not yet assigned

We haven't assigned IPv6 addresses yet. 

We'd like advice about any issues or problems we might run into and to watch 
out for, what preparations should we do or must we do before the switch, and 
any other advice to help us make this switch go smoothly and unnoticed.

Thank you. 


--
Rod Eldridge
Networks & Communications
IT Services, Iowa State University of Science and Technology



___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Wildcard SRV record?

[Eldridge, Rod A [ITNET]]

Wouldn't you just need this one SRV record: 

_vlmcs._tcp.foo IN SRV 0 0 1688 ais-dc01.ainfosec.com.

[ see 
https://blogs.technet.microsoft.com/odsupport/2011/11/14/how-to-discover-office-and-windows-kms-hosts-via-dns-and-remove-unauthorized-instances/
 ]


--
Rod Eldridge
Networks & Communications
IT Services, Iowa State University of Science and Technology



> On Oct 31, 2016, at 11:35 AM, Stephen Pape  wrote:
> 
> Hello all,
> 
> I have bind configured with a single TLD (.foo), and inside that are
> records for a large number of subdomains (machine1.a.foo,
> machine2.a.foo, machine1.b.foo, machine2.b.foo, etc.). DHCP clients
> are assigned a domain based on some factors, but it might be a.foo,
> b.foo, c.foo, etc.
> 
> I'm trying to add a SRV record for everyone under .foo. I've tried:
> 
> _vlmcs._tcp.*.foo.IN  SRV 0 0 1688 ais-dc01.ainfosec.com.
> 
> ... but it seems that wildcards don't work that way. I've tried
> something similar with CNAMEs, but that didn't work either.
> 
> What DOES work is adding a CNAME record for each and every domain that
> I need. So a CNAME for _vlmcs._tcp.a.foo, _vlmcs._tcp.b.foo, etc.
> 
> Is there a better way for me to do this, or do I have to generate a
> whole lot of specific CNAME records?
> 
> Thanks!
> 
> -Stephen
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

receive_secure_serial: bad database

[Eldridge, Rod A [ITNET]]

I haven't found a good explanation of that this log entry means:

Oct 20 14:41:47 dns-s named[8311]: zone student.iastate.edu/IN/in (signed): 
receive_secure_serial: bad database

I've found 58 log entires for this just in the last 90 minutes. Nothing before 
that in the last 9 days. I've also had named die several times for unknown 
reasons and once wasn't responding during this time as well.

--
Rod Eldridge
Networks & Communications
IT Services, Iowa State University of Science and Technology



___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users