List of published manuals

List of manuals for contractors

IIJ DNS Platform Service Manual

Migrating from This Service to Your Own DNS Server or Another Company’s DNS Service

Use the following procedure to migrate zones being operated with this service to a server you have prepared or to another company’s DNS service.

[ Note ]

When changing the name server, you can switch DNS servers smoothly by setting the TTL value to a short value in advance.

If you migrate the DNS server without disabling DNSSEC (deleting the DS record), name resolution can no longer be executed with a cache DNS server for which DNSSEC verification is enabled. Make sure to disable DNSSEC. Additionally, change the name server after "Disabled" is displayed for "DNSSEC status." Even if an issue with name resolution occurs as a result of the change of the name server during the "Disabling" operation, IIJ will accept no responsibility for the problem.

Disabling DNSSEC takes several days because of the DNSSEC mechanism. For migration, allow at least two weeks for the disabling operation of DNSSEC.

[ Reference ]

Migration of domain management is not necessarily required for changing the DNS server.

  1. Disable DNSSEC.
    For security reason, this service does not allow you to take the DNSSEC key outside. Therefore, you must disable DNSSEC to migrate the DNS server. Also refer to the page of "DNSSEC Management."
    1. Set the signature setting to "Disabled."
    2. Click "Disable."

    3. Delete the DS record. This process is performed automatically when you have signed up for the Domain Management Service. It might take a few days for you to be able to delete the DS record after disabling the DNSSEC signature setting.

      [ Note ]

      When you have signed up for the Domain Management Service or the registrar (designated business operator) you are using supports CDS records, the DS record is deleted automatically.

      If the registrar (designated business operator) you are using does not support CDS records, the registrar (designated business operator) will need to delete the DS record. For information on how to delete the DS record, contact your registrar (designated business operator).

    4. Confirm that the DNSSEC state has changed to "Disabled." It might take a few hours to a few days for the DNSSEC state to be "Disabled" after the DS record has been deleted.

      [ Note ]

      If you migrate the DNS server without disabling DNSSEC (deleting the DS record), name resolution can no longer be executed with a cache DNS server for which DNSSEC verification is enabled. Make sure to disable DNSSEC.

      Disabling DNSSEC cannot be performed immediately. Leave time in the schedule for disabling DNSSEC.

  2. Editing zones with the migration destination’s server
    A convenient way to edit zones is to set zone files that can be obtained from "Download Zone" on the control panel’s "Zone Management > Record Management" screen to the migration destination’s server. In doing so, change the name server (NR record) to the migration destination’s server.

  3. Edit zones with the migration source’s server (this service).
    In the same manner, change the name server (NR record) to the migration destination’s server. Sending queries to the migration destination’s server begins at this point of time.

  4. Register the name server.
    Use the procedure for "Registering and Changing Name Servers" to register the name server.
    Once registration is complete, the number of queries to this service will decrease, and migration to the migration destination’s server will be complete in a few days.

    [ Reference ]

    There will be no queries to this service when both of TTL of the NS record prior to the change in procedure (3) and TTL of the NS record registered with the higher name server have passed.

  5. Cancel the Managed DNS Service.
    To cancel, contact your IIJ sales representative.