[Support Guide] Minimal downtime for a live site DNS migration

Last reviewed by Netlify Support - November 2024

IMPORTANT UPDATE

While many details in this support guide remain valuable information, the best guide for a zero downtime DNS migration can be found here:

However, there is still great information below and our support team will continue to link people to sub-sections of this support guide when they are relevant to someone’s particular situation or question.


The trick with migrating a live site is all in DNS timing.

Specifically, we can't get a new SSL certificate for your site until the Time To Live (TTL) value has expired from your old DNS values. The new DNS values for Netlify must first be in place and correct, and then issuing the certificate is a breeze!

Below are the steps to follow for a successful migration with minimal downtime. There are quite a few steps in this process, not gonna lie. But no worries, you got this. Take a read through all the steps before starting, so you can familiarize yourself with what you will need to complete the process.

Here we go!

  1. Find the current TTL value for the record(s) pointing to your old provider. Pop open your terminal and run dig yoursite.com or use Google’s online Dig tool.

    • In the output, you'll see a line like this in the ANSWER SECTION: yoursite.com. X IN A a.b.c.d in which X is your current TTL in seconds. Here is an example of what it will look like:

    • In the example this number is 2878. That is your current TTL value in seconds.

    • Do this dig command for each hostname you will migrate to us (perhaps yoursite.com and www.yoursite.com?). Write these down in a safe place; we will come back to them in the last step.

  2. Visit your domain registrar’s website (or your other current DNS host), and find the DNS records section. For each hostname, set a new, low TTL value - I suggest a value of 10 - for all existing DNS records pointing to your old DNS provider. Please do not yet update the IP address or hostname values to use our service! We are just updating the TTL value in this step.

  3. Coffee break! Wait for your prior TTL value to pass , while your records still point to your old provider.

  4. Now’s a great time to test things out! How can you do this? Two good ways: 1) use a command like curl -vo /dev/null https://yourprodhostname.com --resolve yourprodhostname.com:443:75.2.60.5 to confirm that your SSL certificate is correct and the expected content is served (should it be an HTTP 301 redirect? or maybe content with HTTP 200? Or a password dialog with an HTTP 401?) or 2) you can override the DNS lookup for your hostname(s) following a guide like this one to override yourprodhostname.com with the address 75.2.60.5 which is an address that should return your site content, using your own SSL certificate.

  5. If you have any questions about whether you did this right - or any concerns about the following steps, now is the time to ask the questions, before you proceed!

  6. Now you can change your DNS records to point to us . Follow the advice in this documentation: Custom domains | Netlify Docs

  7. Wait for the new, low TTL value to expire (if you’ve set a value of 10, wait 10 seconds).

  8. Almost done! Time to clear the cache. Visit Google Public DNS and for each hostname you will use, clear the cache for records of type "A", like so:

  1. Now you can get your SSL certificate! Back at Netlify, go to Settings - Domain management - HTTPS and provision a certificate. Now that you've updated DNS and any old cached values have expired, your certificate can be issued.

  2. Assuming that worked ( you should test in a browser! ), then you can move the TTL back upwards in value to the old value you copied down way back at step 1. A super-low TTL is not a general best practice, just useful during migrations like these.

You’re done! Let us know how it went in the comments below!

4 Likes

hi. great article.
how do I proceed in this case described?
domain (call it “example . com”) was registered, never configured†.
† I chose a not-in-use domain to practice on before I DNS-migrate a more important one.

step 1
dig example . com
;; AUTHORITY SECTION:
example.com. 3600 IN SOA ns1 . iwantmyname . net. hostmaster . iwantmyname . com. 2014012000 86400 7200 3600000 3600

step 2
registrar dashboard show zero DNS records for example.com
3,600 seconds must be a default

skip step 3?
step 4 change nameservers?
step 5 - must wait 3600 seconds?

under “edit dns records”, this registrar “iwantmyname” also has “1-click DNS setup” for popular web apps/services.
e.g. Tumblr, Squarespace.

We’ve made it as easy as one click to add popular web services to your domain. Leave the complicated DNS details to us! Just find the web app/service below and click to start the setup process—the proper DNS records will be automatically added to your domain.

The form does recognize Netlify.

You are about to add the DNS records for Netlify to the following domain:
(www.)example.com
or add on a subdomain
Your Netlify subdomain: [form field ].netlify.com

It is unclear to me what records it would add.
Should any be added from the registrar?

Adding domains at the domain registrar is one of two ways to connect a domain to a Netlify site. We call the method using your existing DNS provider “manual configuration”:

And the other solution is our Managed DNS service.

So, yes, you can add DNS records for any domains or subdomains you want to use for Netlify sites to your current DNS service settings (which is normally done via the registrar in most - but not all - cases).

Also note, that instructions adding DNS records for subdomain (such as: one.example.com) differ from the instructions for the “bare domain” (like: example.com). Please see the manual configuration link above for more details.

If there are other questions, please let us know.

1 Like

For more information on this topic, check out our blog post Migrating DNS for a production site? We made you a site migration checklist. :rocket: :shamrock:

1 Like

I followed your steps but I still have an issue, the site keeps redirecting to the DNS provider’s page. And when I checked the primary domain on the google dig tool. I got a message saying " Record not found!"
primary domain: http://coolspringtrading.com/

Hi, @Fola-rin. I show that domain working now.

I’m not sure what changed. It could have been time to live (TTL) issues or maybe you made some change to get it working.

If there are other questions or if you want to share the solution you found, please feel free to reply here anytime.