4

Switching the host for our name servers. DNS records are set up on both the old nameservers and the new ones. I’d like to test the new ones before switching over our SOA and wondering what are the best ways to test them before committing to them?

My dig skills are weak. Ideally I would force my local machine to use the new nameserver for our domain so I can check HTTP and HTTPS services are working correctly.

Giacomo1968
  • 53,069
  • 19
  • 162
  • 212
Meltemi
  • 6,807
  • 11
  • 30
  • 30
  • What exactly do you want to test? I actually did some DNS switchover stuff this morning so have lots of practical advice but ultimately this site is not about broad open ended questions like this. – Giacomo1968 Nov 07 '15 at 01:54
  • specifically that our website won't go down. `example.com` should redirect to `www.example.com` for both `http` & `https` – Meltemi Nov 07 '15 at 02:14
  • This is still too broad and too vague a question. Are you changing web hosting services or using a new DNS host? – Giacomo1968 Nov 07 '15 at 02:21
  • 1
    I'm sorry for the confusion. We're changing DNS hosting providers. DNS records are set up on both the old nameservers and the new ones. I'd like to test the new ones before switching over our SOA and wondering what the best ways to test are? – Meltemi Nov 07 '15 at 02:28
  • Fair enough. Posted my answer with my basic advice. – Giacomo1968 Nov 07 '15 at 02:46

1 Answers1

7

Switching the host for our name servers. DNS records are set up on both the old nameservers and the new ones. I’d like to test the new ones before switching over our SOA and wondering what are the best ways to test them before committing to them?

In general, if they look correct and have the same entries in both places, just a switch in SOA will get you going without too much worry. Of course do not delete or get rid if the old DNS entries until at least 24 hours after the switch is made. While 98% of the servers in the world will accept the change pretty much immediately, you gotta remember there are all kinds of crappy DNS servers out there that don’t respect TTLs and better wait and then ditch when the dust settles than just rush to get rid of it and end up with failed lookups.

My dig skills are weak. Ideally I would force my local machine to use the new nameserver for our domain so I can check HTTP and HTTPS services are working correctly.

This simplest thing you can do if both DNS servers are set with your data is to use dig to query a specific DNS server and not just your systems local default.

For example, this query would do a query for the authoritative NS (namservers) for a hostname on the OpenDNS servers:

dig @208.67.222.222 NS example.com
dig @208.67.222.220 NS example.com

And this would provide you with any records for that domain name on that DNS server; note only the NS option is replace by ANY:

dig @208.67.222.222 ANY example.com
dig @208.67.222.220 ANY example.com

Similarly, this would do the same NS query but using Google’s DNS servers:

dig @8.8.8.8 NS example.com
dig @8.8.4.4 NS example.com

And again this would provide you with any records for that domain name on that other DNS server:

dig @8.8.8.8 ANY example.com
dig @8.8.4.4 ANY example.com

You could do that with a few top tier DNS servers to make sure they are respecting the DNS change when it happens.

In general, SOA TTL times are about 900 seconds (aka: 15 minutes), so if you feel unsure about this my advice would be to just set the SOA TTL on the old DNS server to 300 (aka: 5 minutes) and then wait two hours or so and then do the switch. The 5 minute change gives you quick enough turn around so if something unpleasant happens you can quickly switch back to the old DNS servers without too much worry.

In general, this kind of stuff is a dance of requests and TTLs so patience in the flow is mandatory. But like I said, if all of the entries are correct in both setups you should be fine; the SOA TTL of 300 seconds is just a simple, harmless suggestion.

Giacomo1968
  • 53,069
  • 19
  • 162
  • 212
  • This is great. Thanks! Do you know, offhand, how to use dig to pull all the records from both my old & new nameservers so I can compare the two? – Meltemi Nov 07 '15 at 02:57
  • 1
    n/m I found: `dig @new.nameserver mydomain.com any` – Meltemi Nov 07 '15 at 03:15
  • @Meltemi Yeah, I just added some more info to my answer. Dig is a tad confusing since most folks only use it when things like this happen and it’s tossed aside, but your instincts to use Dig are spot on. Hope this switchover goes well. – Giacomo1968 Nov 07 '15 at 04:18
  • This is a great answer. I would just add that if you are REALLY worried, you could always boot a simple VM and point it explicitly to the new DNS server and use it for a bit to make sure resolutions happen as expected. – simpleuser Dec 20 '15 at 22:52