-1

We are looking into changing our name servers. Currently, Our nameservers point to our ISP. They handle all of our public DNS Entries.

I am under the understanding that in order to experience minimal downtime you should configure your DNS on the new nameservers, move the nameserver and then remove the entries from the old nameservers.

Because our ISP is our current nameserver, internally all of our stuff looks to them for DNS. Will this causes us issues?

Maybe I don't have a full understanding of DNS, but if our ISP thinks they are authoritative, at what point would they begin to look at our new nameservers for our IP Addresses?

S. Walker
  • 135
  • 7

2 Answers2

3

An ISP should have separated name servers for authoritative zones that works independently from recursive name servers handling queries from customers. This way changing the authoritative servers shouldn't cause any problems, and that's why a sane ISP would have it set up this way.

Naturally we can't guarantee this is the case with your ISP. But you can check. If you have different IP addresses as forwarders than you have as your current authoritative servers, it's very likely that everything is just fine.

Esa Jokinen
  • 46,944
  • 3
  • 83
  • 129
  • That makes all the since in the world! Therefore if they are authoritative, it still works as if they were not authoritative. However, what Is my ISP is not smart, and didn't separate recursive from authoritative? would we have issues? – S. Walker Aug 30 '17 at 23:14
  • Then, there is a problem. You need to contact your ISP for a removal and schedule the change accordingly. It may help you if you can change your forwarders temporarily to some open DNS, like Google. However, other customers of your ISP will get false responses until the zones are removed. – Esa Jokinen Aug 31 '17 at 02:20
1

Because our ISP is our current nameserver, internally all of our stuff looks to them for DNS. Will this causes us issues?

No, internally you can have your own DNS server, and if you got an active directory it usually mean you have an DNS internally.

That setup is called a splitDNS. It mean that internally all computers only check your DNS server entry, and on the internet your ISP answer public query from external computers, like for a website, mailserver, etc... anything public

yagmoth555
  • 16,758
  • 4
  • 29
  • 50
  • Correct, so let's say my domain name is example.com. My internal DNS has no idea where example.com is. It looks at our ISP. They manage our external DNS and therefore have an authoritative entry for example.com. At What at what point would they begin to look at our new nameservers for our IP Addresses? – S. Walker Aug 30 '17 at 22:10
  • @W.Scott Your computers use your router as a DNS server? – yagmoth555 Aug 30 '17 at 22:23
  • No. Our computers use our internal DNS server as their DNS server. However, our **public** DNS server (to which our internal DNS forwards requests) is authoritative for our **public domain name** We are looking to change our **public nameservers** – S. Walker Aug 30 '17 at 22:26
  • @W.Scott Why you internal DNS server forward request to the ISP DNS ? You can create the example.com zone internally, even if you are not autoritative. – yagmoth555 Aug 30 '17 at 22:33
  • This is where my lack of DNS understanding comes in. If a computer internally looks for google.com, doesn't my internal DNS server forward that request to the next DNS server? Which would be my ISP? – S. Walker Aug 30 '17 at 22:37
  • @W.Scott Yes in that case, and your local DNS cache the result after. Where we can do trick is for a zone like example.com. Imagine you have a server named prod.example.com. If the zone exist in your local DNS server, the PC in your LAN will resolve the entry from there that you setup, like it could be 192.168.1.10 if its a server on the LAN. But the same PC outside your network will use your ISP nameserver, and from there you could use your public IP for prod.example.com if it's remotly workable on it – yagmoth555 Aug 30 '17 at 22:46
  • let me ask this: If I change my **public** nameservers for my **public domain name** to point to somewhere else, at what point do the old nameserver realize they are not authoritative? Is it immediate or will that take affect when the **zone** is removed from their servers? – S. Walker Aug 30 '17 at 22:52
  • @W.Scott Its immediate, but the other ISP usually have to do by themselve the zone cleanup after. So you must be ready at your new hoster to resolve your entry – yagmoth555 Aug 30 '17 at 22:56
  • @W.Scott ( But I suggest you to create the zone example.com locally too) – yagmoth555 Aug 30 '17 at 22:57
  • why would you recommend we create the **public zone** locally? – S. Walker Aug 30 '17 at 23:16
  • @W.Scott if your public nameserver is not available, all your PC will still work to resolve your public entry, you are not tied. – yagmoth555 Aug 30 '17 at 23:22