Switching the host for our name servers. DNS records are set up on both the old nameservers and the new ones. I’d like to test the new ones before switching over our SOA and wondering what are the best ways to test them before committing to them?
My dig skills are weak. Ideally I would force my local machine to use the new nameserver for our domain so I can check HTTP and HTTPS services are working correctly.
Switching the host for our name servers. DNS records are set up on both the old nameservers and the new ones. I’d like to test the new ones before switching over our SOA and wondering what are the best ways to test them before committing to them?
In general, if they look correct and have the same entries in both places, just a switch in SOA will get you going without too much worry. Of course do not delete or get rid if the old DNS entries until at least 24 hours after the switch is made. While 98% of the servers in the world will accept the change pretty much immediately, you gotta remember there are all kinds of crappy DNS servers out there that don’t respect TTLs and better wait and then ditch when the dust settles than just rush to get rid of it and end up with failed lookups.
My
digskills are weak. Ideally I would force my local machine to use the new nameserver for our domain so I can check HTTP and HTTPS services are working correctly.
This simplest thing you can do if both DNS servers are set with your data is to use dig to query a specific DNS server and not just your systems local default.
For example, this query would do a query for the authoritative NS (namservers) for a hostname on the OpenDNS servers:
dig @208.67.222.222 NS example.com
dig @208.67.222.220 NS example.com
And this would provide you with any records for that domain name on that DNS server; note only the NS option is replace by ANY:
dig @208.67.222.222 ANY example.com
dig @208.67.222.220 ANY example.com
Similarly, this would do the same NS query but using Google’s DNS servers:
dig @8.8.8.8 NS example.com
dig @8.8.4.4 NS example.com
And again this would provide you with any records for that domain name on that other DNS server:
dig @8.8.8.8 ANY example.com
dig @8.8.4.4 ANY example.com
You could do that with a few top tier DNS servers to make sure they are respecting the DNS change when it happens.
In general, SOA TTL times are about 900 seconds (aka: 15 minutes), so if you feel unsure about this my advice would be to just set the SOA TTL on the old DNS server to 300 (aka: 5 minutes) and then wait two hours or so and then do the switch. The 5 minute change gives you quick enough turn around so if something unpleasant happens you can quickly switch back to the old DNS servers without too much worry.
In general, this kind of stuff is a dance of requests and TTLs so patience in the flow is mandatory. But like I said, if all of the entries are correct in both setups you should be fine; the SOA TTL of 300 seconds is just a simple, harmless suggestion.