GSS Migration

Unanswered Question
Mar 19th, 2008
User Badges:

Hi


Would like to get feedback on the best way to migrate Microsoft External DNS servers to GSS managed DNS servers.


We currently have primary and secondary Microsoft Internt DNS servers one in primary data centre and the other in backup data centre.


If we were to introduce GSS and move the domain names onto these boxes is their a recommended way of migrating.


Would it be possible to say add the GSS as another secondary DNS server and do a zone transfer from the current Microsoft servers to the GSS and then on the primary GSS start to change each of the DNS domain names with the various rules keeping the GSS as a secondary DNS server.


Once all the rules are updated for the DNS names we could then promote the GSS secondary to be the primary NS server.


To test it we could simply shutdown the Microsoft primary DNS server make sure the GSS acting as a secondary can service the names and if all works then promote it to be the primary NS server.


Any feedback would be appreciated.


Thanks

Bill

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
htarra Tue, 03/25/2008 - 14:58
User Badges:
  • Bronze, 100 points or more

With a GSS, it is possible to use a src ip access-list so the dns response can be different depending on the ip of the requester. Just be aware that if you have internal hosts trying to get a dns answer from the CSS they will also get the public ip. There is no way to distinguished between internal and external host. Normally, you should only answer with the private ip and the firewall uses dns fixup to translate the ip inside the dns response.

billsayegh Tue, 03/25/2008 - 15:18
User Badges:

Thanks for the response.


Our plan is to have External GSS for the Internet Domain Names and seperate set of internal GSS for internal host names. The external and internal will not talk to each other.


The question is that for the external DNS can we simply do a zone transfer to the GSS then start adding the availability rules to each domain name.


Thanks

Bill

Actions

This Discussion