Best practices for DNS during name server migration
I am in the process of setting up name servers for our hospital's public
domain. We currently have one Web server internally that handles our Internet and intranet sites,
and our PIX has a hole through it for access from the outside to the inside Web server. My question
is in how to best handle the DNS during this migration, specifically concerning the Exchange
entries (we handle our own e-mail). My new DMZ, with name servers and public Web server, has been
set up and tested, and I am to the point of defining the DNS on those name servers for propagation
(to include MX entries). Along these lines, my secondary issue is how do I keep the DMZ DNS entries
(private IP subnet 10.10.x.x) from propagating out with my public IP DNS entries?
Maybe I'm missing something, but I don't completely understand what transition you're going
through. Your DNS is currently externally hosted, and you're moving it inside the firewall, and
your ISP will perform secondary, correct?
If that's the case, I would set up different zones for internal and external DNS to keep your
internal entries from slipping out. There are other ways to do it, but simply filtering records has
a huge potential for human error.
During the transition, keep the existing DNS server up and running for a few days until it's no
longer getting requests for your domain. It doesn't hurt to have it online and thinking it's
authoritative. Just don't plan on changing any DNS records during the transition period. After your
nameserver changes have propagated throughout the Internet, you can take the old DNS server
This was first published in September 2003