Before starting the migration, ensure you have:
- SSH access to both old and new servers
- Root privileges
- Matching BIND versions (or plan for version differences)
- Identical network configurations
- Maintenance window scheduledThe core BIND configuration consists of these critical components:
/etc/bind/named.conf
/etc/bind/named.conf.options
/etc/bind/named.conf.local
/var/lib/bind/ (zone files location)
/var/cache/bind/ (cache and DNSSEC keys)
/etc/default/bind9 (service parameters)1. Backup Existing Configuration
On the old server, create a complete backup:
sudo tar -czvf bind_backup.tgz /etc/bind/ /var/lib/bind/ /var/cache/bind/2. Install BIND on New Servers
sudo apt-get update
sudo apt-get install bind9 bind9utils dnsutils3. Transfer Configuration Files
Securely copy the backup to new servers:
scp bind_backup.tgz user@new-server:/tmp/
ssh user@new-server "sudo tar -xzvf /tmp/bind_backup.tgz -C /"4. Zone File Verification
Check zone file integrity before loading:
sudo named-checkconf /etc/bind/named.conf
sudo named-checkzone example.com /var/lib/bind/db.example.com5. Cache Migration Strategy
For cache transfer, consider these approaches:
# Option 1: Dump and restore cache
sudo rndc dumpdb -cache
sudo cp /var/cache/bind/named_dump.db new-server:/var/cache/bind/
# Option 2: Forwarders temporary configuration
options {
forwarders { 192.168.1.10; }; # Old server IP
forward only;
};Testing DNS Resolution
dig @new-server example.com
dig @new-server google.com
dig @new-server localhostLog Monitoring
Check for errors in the system log:
tail -f /var/log/syslog | grep namedWhile Webmin's backup feature can work for simple configurations, we recommend manual migration because:
- Webmin might miss custom ACLs or complex configurations
- Manual transfer ensures version compatibility
- Direct file copying preserves all permissions and ownership
Update these critical parameters in named.conf.options:
options {
directory "/var/cache/bind";
allow-transfer { none; }; # Restrict zone transfers
listen-on { any; };
listen-on-v6 { any; };
recursion no; # For authoritative servers
};Maintain the old servers powered but offline during the testing period. If issues arise:
# On router/firewall
iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to old-server-ip
iptables -t nat -A PREROUTING -p tcp --dport 53 -j DNAT --to old-server-ipWhen dealing with legacy systems like Ubuntu 8.04 servers, it's crucial to first document the existing configuration. Connect to the old servers and run:
named -v cat /etc/bind/named.conf ls -l /etc/bind/ ls -l /var/cache/bind/
This gives you the BIND version and shows where zone files and configurations are stored. Older Ubuntu versions typically use /etc/bind/ for configuration and /var/cache/bind/ for zone files.
These are the essential components you'll need to transfer:
/etc/bind/named.conf /etc/bind/named.conf.options /etc/bind/named.conf.local /etc/bind/named.conf.default-zones /var/cache/bind/ (all zone files) /etc/default/bind9
For slave servers, also preserve rndc.key if present in /etc/bind/.
Here's the step-by-step process I recommend:
# On old server: tar -czvf bind_backup.tar.gz /etc/bind/ /var/cache/bind/ /etc/default/bind9 # On new server (after Ubuntu 9.04 base install): sudo apt-get install bind9 scp user@old_server:/path/to/bind_backup.tar.gz . sudo tar -xzvf bind_backup.tar.gz -C / sudo named-checkconf
While Webmin's backup feature can work, I recommend manual file transfer because:
- Webmin might not capture all custom configurations
- The backup format might be harder to debug
- Direct file transfer maintains permissions and ownership
After transferring files, test thoroughly:
sudo systemctl restart bind9 sudo systemctl status bind9 dig @localhost example.com named-checkzone example.com /var/cache/bind/db.example.com
For dynamic DNS or zones with DNSSEC, additional steps are needed:
# For DNSSEC: sudo dnssec-keygen -a NSEC3RSASHA1 -b 2048 -n ZONE example.com sudo rndc reconfig
Remember to update any IP-based ACLs in named.conf.options if the new servers have different IPs.