Best practice check before performing multi site VPN network cutover into new ISP

[albertwt]

Hi All,

I'd like to know what's the proper best practice for network cutover which involves multi site internet and VPN access ?

we are moving into new ISP and it is whole new range of IP address and technology, eg. we have to host our own DNS and public facing website.

if anyone can help or suggest me with the cut over checklist then that'll be great.

Cheers,
AWT

[jamesreedersmith]

Plan, plan, allow a few weeks, plan some more, work out how much time you need, add at least 20% to that, double check you havent missed anything, add another 20% for the things you missed first time, carry out the work, spend a week firefightig problems.

[albertwt]

thanks for the reply mate,
we are changing the ISP to new one but our domain name is the same and yes, the thing that is still mystery for us, is the public DNS which previously our provider provides the DNS translation (host the external DNS) but now i have to prepare linux box for that to host our external DNS which resolve the website IP and our email server IP.

so in this case i need to grab all of our IP addressrange and host it into the external facing DNS ?

[SYNACK]

so in this case i need to grab all of our IP addressrange and host it into the external facing DNS ?

All you need for the external DNS is to setup the zone for your domain (somesite.com.au) and add in the required records for your external resources like www.somesite.com.au and mail.somesite.com.au pointing to your desired external ip addresses.

You will also need to add MX records to point any mail comming to an address @somesite.com.au to your mail servers external DNS name like smtp.somesite.com.au.

You can look at your current external setup from your existing host and I would advise you copy it as a template of what you already have by usign the nslookup tool in windows from the command prompt

Code:

nslookup -querytype=all somesite.com.au

This will show you what is set up already so you know what is needed on the new DNS server. I am suprised that you only need one as the general requirement is to have two nameservers, is your new ISP replicating your zone for you automaticlly (which is probably the best way to go about it) to one of their DNS servers also.

[albertwt]

thanks for your reply man,

here's what I've got from the connection at my home

C:\Users\Administrator>nslookup -querytype=all domain.com.au
Server: mygateway1.ar7
Address: 10.1.1.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to mygateway1.ar7 timed-out

how come it doesn't give me anything useful ?

[SYNACK]

If it is giving you that message it con't resolve the DNS name that you gave it, is the domain already live and can you get to it via a browser?

You can PM me the domain name if you would like me to have a go and send back the results.

[albertwt]

Thanks for your willingness to help SYNACK, however this is what I'm doing in the office and it is quite different from home:

C:\Users\Administrator\Documents> nslookup -querytype=all domain.com.au
Server: dc-dnsrv01.domain.com.au
Address: 10.2.2.34

domain.com.au internet address = 10.2.2.4
domain.com.au internet address = 10.2.2.34
domain.com.au nameserver = dc-dnsrv02.domain.com.au
domain.com.au nameserver = dc-dnsrv01.domain.com.au
domain.com.au nameserver = branch-dns01.domain.com.au
domain.com.au
primary name server = dc-dnsrv01.domain.com.au
responsible mail addr = root.domain.com.au
serial = 2008048990
refresh = 10800 (3 hours)
retry = 3600 (1 hour)
expire = 432000 (5 days)
default TTL = 86400 (1 day)
domain.com.au MX preference = 50, mail exchanger = mail.domain.com.au
dc-dnsrv02.domain.com.au internet address = 10.2.2.4
dc-dnsrv01.domain.com.au internet address = 10.2.2.34
branch-dns01.domain.com.au internet address = 10.1.2.13

the result is rather useless as well since i cannot list all of the public IP that this company have. as I'm still learning in networking, I wonder how and where can i get this information from ?

[SYNACK]

As you are changing ISPs you'll get a bunch of new IPs anyway and you will need to talk to your new provider to find out what those are. By the looks of it the internal DNS is being resolved internally rather than externally as it has all private addresses.

You will need use an external DNS server to get the external DNS mappings. Given the responce before from DNS at home are you sure that the external domain name is registered and exists. You should be able to resolve it from outside if it is.

[albertwt]

thanks for the reply man, it seems that i need to ask the new ISP for my router (public facing) interface hopefully they can provide that.

and i've just queried my domain from:

http://cdn.whois.com.au/static/auwho...?domain.com.au

and it works actually, the response comes from the ISP DNS.