In the coming weeks, the authoritative DNS nameservers dns1.illinois.edu, dns2.illinois.edu, and dns3.illinois.edu will be migrated from commodity GNU/Linux servers running ISC BIND to new Infoblox appliances. In addition, the IPv4 address of dns3.illinois.edu will change from 204.93.1.5 to 3.16.92.183, a new IPv6 address (2620:0:e00:c::53) will be added to dns2.illinois.edu, and the default record TTL in IPAM will change from 7200 (2 hours) to 3600 (1 hour).
No customer action is required as a result of these changes, and there will be no interruption to DNS service as a whole.
Here are the details:
On Fri Jan 18, the EDUCAUSE "glue" record for dns3.illinois.edu (published with a 2-day TTL we can't modify) will be updated to reflect the new IPv4 address. For the next few days, some queries intended for dns3 will be sent to the new appliance while some will be sent to the old server; both will work. The default record TTL in IPAM will also be adjusted at this time.
On Wed Jan 23 between 5:00-7:00am, the old server for dns3.illinois.edu will be disabled and our own authoritative record for dns3.illinois.edu (published with a 1-hour TTL) will be updated to reflect the new IPv4 address. Some queries sent to dns3 during this change window will fail, but dns1 and dns2 will remain up.
On Tue Jan 29 between 5:00-7:00am, the old server for dns1.illinois.edu will be disabled and replaced with an appliance using the same IPv4 and IPv6 addresses. dns1 will experience an outage during this change window, but dns2 and dns3 will remain up.
On Tue Feb 5 between 5:00-7:00am, the old server for dns2.illinois.edu will be disabled and replaced with an appliance using the same IPv4 address plus the newly assigned IPv6 address. dns2 will experience an outage during this change window, but dns1 and dns3 will remain up.
Q: Do these changes affect recursive DNS resolution for end hosts on campus?
A: No, the recursive DNS server addresses (130.126.2.131 and 2620:0:e00:a::1) are NOT changing.
Q: Do these changes affect my workflow for managing DNS records in IPAM?
A: No, the IPAM Grid Manager interface and API are not changing.
Q: I still maintain one or more "slaved" pseudo-delegation zones. Do I need to make any changes?
A: No. Your hidden master nameservers should already allow zone transfers and send NOTIFYs to the IPv4 addresses of dns1 and dns2 (130.126.2.100 and 130.126.2.120) which are not changing. The new dns3 (like the current dns3) will pull your zones from dns1, not directly from your hidden masters.
Q: Why are the commodity authoritative nameservers being replaced with appliances?
A: This is a prerequisite for enabling DNS Traffic Control (DTC) in IPAM; see also "DNS Deep Dive" from the June 2018 IT Pro Forum, and stay tuned for specific announcements.
Q: Why is the default record TTL changing?
A: The current value of 2 hours dates back to the pre-2012 campus DNS service which only published record changes at 2-hour intervals. The new value of 1 hour will halve the impact of forgetting to reduce individual record TTLs in advance of a change, without increasing the query load unreasonably.