Some services are infrastructure services. This means they provide the basic addressing, name resolution, and routing necessary for other services to function.
Generally, changing the IP address or name of an infrastructure server requires an intimate knowledge of the new network configuration and topology as well as manual setting changes. Changes to these infrastructure services can cause widespread disruption of other services until the correct setting modifications are made.
Infrastructure services
DNS
Directory service and Kerberos
Firewall
NetInstall
RADIUS
VPN
DNS
For a server not hosting DNS, changing that server’s IP address requires changes to the data in the DNS server. Minimally, the server’s NS, A, and PTR records must be changed. Because the DNS information for the server is hosted elsewhere, you must update those records manually on the DNS server.
Your network configuration might have other domains, computers, and record types that are impacted by a server’s IP address change (SRV records, for instance). These other records should be examined thoroughly after any change to a server’s IP address.
Changing a DNS server’s IP address impacts any client computer that uses the DNS server. For example, the DNS server’s IP address could be provided to DHCP clients automatically, so DHCP clients rely on the DNS server’s correct IP address. Host names for all domains hosted by the DNS server must be examined.
Because of DNS caching, many clients might not respond to changes in the DNS system as quickly as needed. To expedite DNS server setting propagation, update wireless access points, DHCP servers, manually configured IP address clients, and DHCP address clients by restarting them or renewing their DHCP leases.
In summary, clients that refer to the DNS server’s IP address for name resolution must be updated to use the new IP address.
Changing a server’s host name or domain impacts services that rely on the server’s domain name resolving correctly in DNS. The affected services include:
Directory service
Kerberos service and Kerberos realm names
Windows Internet Naming Service (WINS) server names
DHCP-supplied search domains
Directory service and Kerberos
Changing the IP address of an Open Directory Server might invalidate the data records (computer records or user home folders). The contents of the records aren’t altered when you change the IP address, only the configuration.
Changing the host name of the directory server requires that all bound machines be rebound to the new directory name and address.
If you have a Kerberos environment, the Kerberos realm doesn’t change when the host name is changed.
Firewall
Changing the IP address of the firewall can significantly alter the effectiveness of the service. In OS X Server, IP firewall rules are stored and referenced as address groups. A change to the IP address of the firewall server might prevent traffic to the address groups from being routed, and therefore no firewall rules would be applied.
Check all firewall rules when changing the IP address of the firewall server.
NetInstall
NetInstall doesn’t require reconfiguration after changing the IP address or host name. However, clients that use it must reselect the server after the changes.
RADIUS
If you change the RADIUS server’s IP address, you might need to check or reconfigure the IP addresses of the associated base stations. Also, if you’re using SSL certificates, you must regenerate or repurchase the certificates. You must use the Server app to import the new certificates and then configure the service’s new certificate.
VPN
VPN servers allocate IP address ranges to VPN clients and mediate DNS queries of VPN clients. Any of these can be affected by a change to the VPN server’s IP address or domain name. Additionally, the VPN server contains routing definitions based on IP addresses. A change to the IP address can make those routing addresses unreachable.
Check the VPN settings when changing the IP address of the VPN server.