1

Our ISP is Comcast and we have 5 static public IPs from them that we use for various services, including customers connecting to our network, VPN, web, DNS, etc...

We need more IP addresses from Comcast. Unfortunately, Comcast is telling us that they can't just simply give us 5 more addresses. They only give static IP addresses in blocks of 1, 5 or 13.

In order for us to get more static IPs, they have to take away our current 5 static IPs and give us 13 new ones.

How do we make this transition without causing all sorts of DNS chaos? We run public DNS servers, so we can make the DNS changes ourselves, but it will take some time obviously for those DNS changes to propagate throughout the internet.

Are there any easy ways to make this transition? Like create some type of fallback DNS entry or something? Surely there must be some sort of procedure for this kind of thing. The Comcast support guy was useless.

Jake Wilson
  • 8,494
  • 29
  • 94
  • 121

3 Answers3

2

DNS records don't propagate, they are cached for the TTL (lifetime) of the record in question. I'm assuming your name servers are staying the same (based on what you've posted) so you'll want to look at the TTL of the records that are going to change and possibly lower the TTL to something that you're comfortable with. Any entity trying to access your "public" resources based on DNS that has your old information in their cache (for the lifetime of the TTL) will use the old information in their cache until the TTL expires and they perform a new lookup for those records. Any entity trying to access your "public" services that doesn't have any of your records cached will get the new information immediately. So if your current TTL is 3600 seconds (1 hour) then any entity that has that information in it's cache will attempt to use the old information for one hour, then the TTL expires and a new lookup is performed, at which time the new information is retrieved and cached (for the lifetime of the TTL).

joeqwerty
  • 108,377
  • 6
  • 80
  • 171
  • Just to add some commentary: IMHO people worry too much about changing their DNS records (based on a lack of understanding of how DNS works, no offense intended). My suggestion is to change the TTL on your current records to 1 hour (if they aren't already) and make the change at a time when you think there will be the least traffic to the "public" resources that rely on those records for DNS resolution. Late on a Friday or Saturday night is usually a good time. – joeqwerty May 25 '10 at 22:42
  • I blame AOL for that paranoia: +1 thought :) – Zypher May 25 '10 at 23:07
  • @Zypher: I hear Steve Case laughing somewhere... I bet he's working on some new BBS he's about to launch. – joeqwerty May 25 '10 at 23:14
  • yep, i've got him locked in my closet working on MY new BBS :) – Zypher May 26 '10 at 00:53
1

Could you keep both IP range ? If it is the case, move your servers to the new IPs and put a redirection (with a router NAT) from the old to the new IPs. Change your DNS to the new range and wait for the propagation. When it is done, you can remove your NAT, and free the old IP.

Check yours protocols : some are not able to cross NAT firewalls (like IPSec).

Dom
  • 6,628
  • 1
  • 19
  • 24
0

Being in a similar situation, I created a free account at editdns.net and configured a secondary zone for my domain. Once the zone transfers were working I updated my domain registrar's name servers to point to the EditDNS.NET name servers (free01.editdns.net and free02.editdns.net) instead of my DNS servers.

Once I was sure the domain was resolving correctly from editdns.net I had the ISP switch over my IP addresses. Next I updated all of my DNS server records with new addresses. Finally I reconfigure the editdns secondary zone to pull from my new dns server IP addresse.

Now I could have switched my domain registrar name servers back to my DNS servers but I figured it was nice having editdns.net name servers handling the dns lookup requests. So I left my domain registrar name servers pointing to the editdns.net name servers and I keep them updated through secondary zone transfers from my dns servers.

If done correctly there would be minimal impact to the internet world...

Dscoduc
  • 1,095
  • 2
  • 8
  • 15