I'm changing the registered DNS entries of one of my web servers. This change takes time to replicate throughout DNS. Can I setup two different static entries for a single server located inside my network? Another words, can I have a server with one internal IP address, be seen or addressed from the Internet by two different translated IP address. That way I can have both the old ip address and the new ip address active at the same time. This will allow for the time it takes DNS to replicate changes.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
2 static translations to a single source?
- Thread starter MichaelM
- Start date
I'm not sure if that is possible. However, rather than doing that why not reduce the TTL on the domain to 600 so that the DNS change will be fully propagated in only ten minutes?
Chris.
**********************
Chris A.C, CCNA, CCSA
**********************
Chris.
**********************
Chris A.C, CCNA, CCSA
**********************
computerhighguy
IS-IT--Management
Yes you can do this. It is actually quite simple.
Add another IP address to the NIC card on your server. Point one of the static translations to that other IP address.
It is what it is!!
__________________________________
A+, Net+, I-Net+, Certified Web Master, MCP, MCSA, MCSE, CCNA, CCDA, and few others (I got bored one day)
Add another IP address to the NIC card on your server. Point one of the static translations to that other IP address.
It is what it is!!
__________________________________
A+, Net+, I-Net+, Certified Web Master, MCP, MCSA, MCSE, CCNA, CCDA, and few others (I got bored one day)
- Thread starter
- #4
The company hosting my DNS has a minimum 1000 that I'm able to set for TTL. Even with that setting, during a previous change, it took anywhere from 1 hour, 4 hours, or a day. It seems to have something on how long some DNS servers are cashing that information (even though I specified a small TTL). I was watching traffic during the last change some people were being redirected right away, and even though I had set a low TTL, some were taking days to take the change.
I was researching this on the internet and it seems to be quite common problem, so I'm trying to take a different approach this time.
I was researching this on the internet and it seems to be quite common problem, so I'm trying to take a different approach this time.
- Thread starter
- #5
computerhighguy
IS-IT--Management
The problem with doing 2 outside IP addresses to a single inside IP address is this.
Inbound communications should work well. However, when the server starts to communicate on an outbound basis, it will actuall have 2 IP addresses on the internet. The PIX really isn't that great at figuring out which one to use. It will, eventually, get confused and see this confusing as a policy violation. It will then just shut down all access to or from that server. I speak from expereince on this.
It is what it is!!
__________________________________
A+, Net+, I-Net+, Certified Web Master, MCP, MCSA, MCSE, CCNA, CCDA, and few others (I got bored one day)
Inbound communications should work well. However, when the server starts to communicate on an outbound basis, it will actuall have 2 IP addresses on the internet. The PIX really isn't that great at figuring out which one to use. It will, eventually, get confused and see this confusing as a policy violation. It will then just shut down all access to or from that server. I speak from expereince on this.
It is what it is!!
__________________________________
A+, Net+, I-Net+, Certified Web Master, MCP, MCSA, MCSE, CCNA, CCDA, and few others (I got bored one day)
- Thread starter
- #7
computerhighguy, thanks, that is what I thought, but did not have any experience in it. I wasn't sure if there was a command that I didn't know about that would assign any kind of a priority to the outbound traffic to say which translation to use. I didn't want to have to test this on a production network. Thanks for your response.
If the DNS hosting company will only lower the TTL to 1000 seconds then that should be fine. It's just over sixteeen minutes. However, you must be aware that you have to let any DNS servers that have cached the record with the longer TTL flush these entries before making the change. So, if the TTL is say eight hours then once you change the TTL to 1000 seconds then you have to wait at least eight hours before making the change. At that point any server with cached information will only have a TTL of 1000 seconds. If planned correctly this should work fine.
I do a lot of IP migrations and generally I lower the TTL's about two to three days before the planned changeover. We then reconfigure firewalls/servers with new addresses, change the DNS and fifteen minutes later everything is sweet and resolving to the correct address.
Chris.
**********************
Chris A.C, CCNA, CCSA
**********************
I do a lot of IP migrations and generally I lower the TTL's about two to three days before the planned changeover. We then reconfigure firewalls/servers with new addresses, change the DNS and fifteen minutes later everything is sweet and resolving to the correct address.
Chris.
**********************
Chris A.C, CCNA, CCSA
**********************
![[morning]](/data/assets/smilies/morning.gif "[morning] [morning]")
As lgarner said, the TTL is defined in the zone file for the domain.
Chris.
**********************
Chris A.C, CCNA, CCSA
**********************
Chris.
**********************
Chris A.C, CCNA, CCSA
**********************
- Status
Similar threads
- Locked
- Question
- Locked
- Question