Migrating DNS Providers

Currently, the DNS provider for our domain is our ISP. However, we are moving to a new ISP, and therefore I need to migrate to a new DNS provider.

This is something I've never actually had to do in person before. My question is, what do I need to do when changing DNS providers?

There is a small additional issue to be aware of. I normally prefer to keep DNS service with the registrar for the domain, and failing that with the ISP. However, the domain in this case is a .edu domain, which means there is only one allowed registrar, and this registrar does not offer dns services. The ISP in this case also does not offer DNS services. Therefore, in this case, DNS will be completely third party, and hosted away both the registrar and the ISP.


Your procedure seems quite correct.

Don't forget to :

  • Increment SOA serial number on each configuration change
  • Lower SOA refresh time
  • Lower SOA retry time
  • Rise SOA expire time
  • Lower SOA negative TTL

Then get refresh/retry/expire/negativeTTL back to normal after your migration succeeded.


The steps I have in mind are:

  1. Update any router or firewall rules directing traffic to public-facing internal services to correctly handle connections for both the old and the new addresses
  2. Configure the new DNS provider to match ALL the records currently published on the old provider. Be aware that PTR records may require coordinating between your new ISP and your new DNS provider.
  3. Test test test by digging the new DNS provider directly. Pay special attention to mail server SPF and PTR records.
  4. Update the registrar for your domain with the name server info from the new provider
  5. Wait past the largest TTL on the old provider, and TEST TEST TEST that lookups are working.
  6. Discontinue the old DNS service only after step 5 checks out.
  7. Remove the old addresses from any router or firewall rules

All of this needs to be done well in advance of the ISP cut-over. Later on, when the ISP actually changes, follow this process:

  1. Set TTL on the old records to something small (say, 1/2 hour) just enough in advance that all records have expired and picked up the new TTL prior to the cut-over.
  2. Make sure all records pointing at internally-hosted services, including MX, SPF, PTR, and TXT records (don't forget signatures) are updated.
  3. A few days later, after I'm sure the new records have had adequate time to propogate, set the TTL times back where they belong.