# Changing DNS Server IP Address



## monarckco (Apr 4, 2012)

We have started a new account with our ISP providing us with more fixed IP addresses for our hosting servers.  This of course means that I must change the DNS server's IP address in order for everything to work correctly.  The only problem with this is that the DNS root servers still have the old IP address stored as the server to go to in case of a query.  I know that I can't update the root servers settings, but instead have to wait until it tries to come back and contact our server to get the new information (based on the TTL I believe).  

What is the easiest and most pain-free way to change the DNS servers IP address?  Should I set the router to support both sets of IP addresses and just wait for the root server to make contact and update its information?  What do most people do in this situation?

Thanks in advance


----------



## kpa (Apr 4, 2012)

Root servers do not have information about your name servers, they are only concerned about delegations of top level domains. What you have to do is to contact the registrar of your domain and tell them the address(es) of you new DNS server(s) of your domain so they can update the delegation information (NS records for your domain in their zone file for the TLD they administer) for your domain.


----------



## monarckco (Apr 5, 2012)

I checked our registrar's site and they do have an area where I can change the IP address of a registered DNS domain.  It is currently set up to use the old IP address.  This same domain is set as the DNS server for all of our clients' domain names.

Let me see if I got this right as DNS is definitely one of my (many) weaknesses.  For example, if our server's DNS server name is n.ourhosting.com and is pointing towards our old IP address of 1.2.3.4, it will fail to resolve names once I change the server and routers IP information locally because 1.2.3.4 no longer exists.  But once I change that IP to our new IP address, 1.2.3.5 for example, then it will connect without issue and all of our clients domains will also be accessible.

Makes sense, I had no idea how the root servers would know which IP to contact for new DNS information if I changed that DNS servers IP address.  I shouldn't have to change anything like the domains' TTL or anything should I?  And how long does it usually take for the IP change to take effect?

EDIT: I just read that it can take from 12-72 hours for a root server to see that the DNS server's IP address has changed and therefore it's better to have to DNS servers running at the same time.  One with the original IP address data and another with the new addresses.  Then, once the root server has refreshed and found your new IP address, you can then change the second server's IP.  In my scenario, our second server has been down for a couple of weeks, so I need to go ahead and get it running again and then make the change.  And I guess I can have the router send both the new and old IP addresses to the same internal IP until I no longer need the old ones.  Does this sound right?


----------



## kpa (Apr 5, 2012)

It all depends on the TTL you have set to your DNS records. Within that time of the TTL *) there might be clients that still have the old nameserver information and they will be querying the old address until their cached records become invalid when the TTL runs out. So yes, it's wise to keep both addresses operational until you're sure the old address is no longer needed.

*) This TTL is the TTL of the NS record(s) for your domain, it could be the same TTL as the other records in your zone have but it can be different since DNS records can have a separate TTL value, for example:


```
$TTL 7200 ; 2 hours default for TTL
@             IN      SOA   ns1.example.com. hostmaster.example.com. (
....


 14400  IN   NS    ns1.example.com.  ; NS record with 4 hour TTL
```

See here for a good explanation of NS records and delegation:

http://www.zytrax.com/books/dns/ch8/ns.html


----------



## monarckco (Apr 5, 2012)

So you mean that what I need to worry about is the clients' DNS cache, not the root DNS server information?  

Maybe I've misunderstood some of the material I read, but I thought that the root server held the IP address of our local authoritative DNS server and would redirect external clients to that address when they query one of our domains.  Which would mean that until the root DNS server refreshed and received the information of our new IP address, everyone would be directed towards a server address that no longer exists.

I have found the area of our domain registrar's control panel where I can change the IP address of the DNS server, but they also have an option to add multiple IP address to point to the same server.  For example, I could say that both 1.2.3.4 and 1.2.3.5 are the ns1.ourhosting.com DNS server.  I was thinking about just adding the new IP into the list while leaving the current one where it is, waiting a few days the for root server to refresh, and then change our server's IP addresses to match.  Is this logical or just a waste of time?


----------



## kpa (Apr 5, 2012)

It's all based on delegation of authority. The root servers only know about immediate top level domains, more specifically they only know the authoritative name servers for those TLDs. The authoritative nameservers of a TLD in turn know the authoritative name servers of the next level in the hierarchy. For example if you have a DNS name http://www.ibm.com the root servers know where to ask about *.com, the authoritative name servers for com in turn know where to ask about *.ibm.com and the authoritative name server for ibm.com knows the authoritative answer to http://www.ibm.com.

So yes, you're only concerned about cached DNS records held by clients that hold the wrong information until they become invalid when the TTL runs out. 

The reason you're give multiple options for the server address is fault tolerance, in DNS a domain can have secondary server(s). If you only have one DNS server for your domain you shouldn't put more than one address.


----------



## monarckco (Apr 5, 2012)

Ok, so if I update the IP addresses in our DNS entries and router, lower the TTL for our ns1.ourhosting.com entry to make sure it refreshes a bit quicker, and change the IP address at our domain name registrar we should be good to go without too much time lost, correct?

I guess the only thing I'm still a bit uneasy about is the fact that the following site claims that it will 12-72 hours for changes to take effect: http://www.simpledns.com/kb.aspx?kbid=1158

It seems that I must be reading something wrong or just plain misunderstanding it.  I do apologize for my lack of knowledge/skill with DNS, but this really is my first time dealing with it and my boss is pressuring me to get it switched fast.  He seems to think all I need to do is click a button and everything is fixed.


----------



## kpa (Apr 5, 2012)

Lower the TTL well before you do the change so that all clients will be using the records with the lower TTL at the time of the change. Otherwise you should be good to go.

The 12-72 hours refers to the TTL. Since you are the one who can set it for your own records it's completely under your own control how long the transition period will be.


----------



## monarckco (Apr 6, 2012)

Ok, thanks again for the help.

I've set our ns1.ourhosting.com DNS domain zone file's TTL to 300 (5 minutes) and all of our clients' domains to 600 (10 minutes).  Now, I'm just gonna kick back and wait for those changes to permeate everyone's local DNS cache and make the IP switch on Monday.  I'll come back and post how it went.

Thanks again for the help.


----------



## kpa (Apr 8, 2012)

One thing I forgot to mention. If your DNS server is also serving the reverse DNS of you addresses you'll have to change that too but that's not through the registrar of your domain but the owner of the network, your ISP.


----------

