0

We are transitioning from our current ISP to a new ISP and have a new block of IPs to utilize going forward. We host our own DNS servers internally and two of those new IPs will point to them upon making the switch.

My question is, can we change over to the new ISP and swap the DNS servers without downtime for external visitors to our website and other services? Or, if that's not possible, how can we ensure the smallest amount of downtime?

rtd1123
  • 103
  • 2
  • 1
    Why not host DNS externally during the transition? Or clone the DNS servers first and failover to the new site just for DNS? – ceejayoz Mar 22 '17 at 15:42

1 Answers1

2

Without knowing too much about your network architecture or hardware, its a little hard to give concrete, specific advice but assuming you publish through a firewall, I would do something along the lines of

  • Get your new internet line and its new IPs installed and added to your firewall
  • For each IP, update your firewall so it listens to one of the new IPs as well as the old IP
  • Test that the new IPs work by e.g. using a laptop on a home network to:
    • Run an nslookup against the new IP that is assigned to your DNS server
    • for other services like http etc use a local hosts file to override the DNS entries for your FQDNs and test you can get to websites etc.
  • Update your nameserver entries to point to the new IP addresses of your DNS servers
  • Update your DNS server entries to point to the new IPs
  • Wait some time for DNS to propogate (24 hours?)
  • test, test, test
  • cancel your old ISP :-)
Phil
  • 3,168
  • 1
  • 22
  • 29
  • Thanks so much for the insight, I have spoken to our Network Admin and confirmed this should work well with our network architecture. Thanks again for the insight into the proper order of the steps! – rtd1123 Mar 22 '17 at 16:37
  • Depending on your equipment the hardest part will be to get the outbound routing correct. You will have two ISPs in parallel and you should send all responses out over the same link that the request came in over. Sending packets with a source address of ISP 1 using the default gateway of ISP 2 will very likely get those packets dropped. You might need some policy based routing to make that work. – Sander Steffann Mar 22 '17 at 16:53
  • Never use `nslookup`, always use `dig` for troubleshooting. Things do change a little if you are using in-bailiwick servers or not. Since you do not provide their names and the website name it is impossible to help you there. Wait far more than 24 hours. It depends on the current TTL value for the nameservers A records, as well as the frequency of the zone updates, which depends on the TLD and again we can not help because you do not provide the domain name concerned. Also if you can have both IP blocks together your nameservers could reply to both during the transition. – Patrick Mevzek Mar 23 '17 at 00:22