DNSMigration

Before migrating, cleansing your DDI data is crucial

During a DDI migration, it’s important to get ahead of any bad data and misconfigurations before they wreak havoc on your future solution.

Last updated: September 15, 2025

An avatar of the author
BlueCat
Soap
Key takeawaysThis key takeaway was generated through LLMs crawling the page and coming up with an overview of the content.

The article explains the risks of migrating DNS, DHCP, and IPAM (DDI) when organizations use a fast “lift and shift” approach that copies legacy misconfigurations and bad data into new systems. In real-world enterprise networks using decentralized tools like Microsoft and BIND, inconsistent DHCP lease times, non-standard DNS TTLs, proliferated DHCP/DNS options, and stale or incorrect IPAM spreadsheets commonly lead to operational instability and possible IP conflicts. BlueCat addresses these problems with a systematic, data‑cleansing migration process, custom tooling to detect outliers before cutover, a gradual migration method with automatic failover to previous systems, and customer engagement to validate operational intent before changing configurations.

Why is a ‘lift and shift’ migration risky for DDI environments?

A ‘lift and shift’ migration is risky because it simply copies existing configurations and data—including misconfigurations and stale records—into the new DDI system. That replicates legacy dysfunctionality and can plant latent faults in core infrastructure, increasing the likelihood of unpredictable downtime. The article highlights common legacy issues such as inconsistent DHCP lease times, non‑standard DNS TTLs, proliferated DHCP/DNS options, and bad IPAM spreadsheets that, if moved without cleansing, may cause bandwidth waste, IP address conflicts, and operational complexity in the new environment.

What specific data and configuration issues does BlueCat commonly find when migrating from decentralized DNS/DHCP/IPAM?

BlueCat commonly discovers four recurring issues during migrations from decentralized setups: wildly inconsistent DHCP lease times that lack standardization across device types and user personas; varied and non‑standard DNS TTLs that can generate excessive queries and bandwidth use; proliferation and redundancy of DHCP/DNS options that complicate administration; and incorrect or stale IPAM data—often from spreadsheets—leading to potential IP address conflicts. The article notes that most networks exhibit many of these problems simultaneously, with bad IPAM data being particularly frequent.

How does BlueCat’s migration approach reduce the risk of downtime and configuration errors?

BlueCat reduces risk by prioritizing data quality and controlled transition over speed. The migration team uses a systematic process and proprietary platform to cleanse DDI data and identify outliers long before cutover, ensuring potential problems are flagged in advance. They employ a gradual migration technique that supports automatic failover to the previous system if a misconfiguration or bad data slips through, and they engage customers to understand the operational rationale behind existing settings so that legitimate, intentional configurations aren’t removed. This combination of tooling, phased migration, and customer collaboration preserves enterprise integrity during migration.

Migrating DNS, DHCP, and IPAM (DDI) is an inherently risky business. It’s the network equivalent of open-heart surgery. You’re changing out the connectivity mechanism for every device and server on your network without incurring any downtime. With all of the configurations and routing pathways involved, there’s a lot that can go wrong.

It’s surprising, then, that many DDI companies have a “lift and shift” approach to migrations. In many cases, they seem to assume that moving from legacy to purpose-built solutions is something to do as fast as possible. Yet by prioritizing speed, they often increase the very risk of downtime that makes network admins wary of DDI migrations in the first place.

The problem with quick “lift and shift” migrations is that misconfigurations and bad data move from one system to the other. Essentially, it replicates the dysfunctionality of legacy DDI systems in a new solution. It’s basically the equivalent of planting a time bomb in your core infrastructure. Rather than dealing with these problems upfront in a systematic way, the network team is left to pick up the pieces when something goes wrong at an unpredictable point in the future.

What bad DDI migrations look like

It’s not like these data errors and misconfigurations are rare. Migrating customers over from decentralized “solutions” like Microsoft and BIND unveils issues all the time. Here are some examples of what BlueCat usually discovers:

DHCP lease times

When managing DHCP through spreadsheets, lease times tend to be all over the map. There’s no rhyme or reason to how lease times are assigned. When migrating networks to BlueCat, we standardize lease times around user personas and device types. As a result, the enterprise is much easier to manage in the long term.

DNS TTLs

The time to live (TTL) settings in decentralized DNS solutions also tend to vary quite a lot. Non-standard TTLs can amplify misconfiguration problems, chewing up bandwidth by allowing constant queries to non-existent sites. When migrating networks to BlueCat, we identify device-specific TTLs that make sense and standardize them across the enterprise.

DHCP/DNS options

In decentralized systems, the use of DNS and DHCP options tends to proliferate. This creates a lot of option redundancy, making the infrastructure harder to manage over the long term. During a BlueCat migration, we optimize option settings so administrators can modify options in a single step.

Bad IPAM data

A lot of the IP address management data we see is just plain incorrect.  This is one of the main issues with IP address spreadsheets–old assignments aren’t updated. In the worst case, this can result in IP address conflicts that bring down the network. In a BlueCat migration, we pay very close attention to IPAM data, ensuring that we cleanse potential conflicts before we move into production with a new system.

Any of these challenges would be concerning if they occurred in isolation. In BlueCat’s experience, however, pretty much every network has all of the above issues. The problem of bad IPAM data is particularly common. Even (or especially) when enterprises have tried to limp along with a split solution of managing IPAM separately from legacy Microsoft and BIND solutions for DNS and DHCP.

BlueCat’s approach

For all of these reasons, the BlueCat migration team puts special importance on cleansing DDI data. BlueCat knows from experience that the risk associated with any core infrastructure is real. Even more, BlueCat knows that prioritizing speed over quality during the migration process can have serious implications down the line.

That’s why we have developed a systematic process and unique tools that cleanse DDI data long before it migrates over to BlueCat. We run everything through BlueCat’s custom-built platform to identify any outliers and flag potential problems far in advance of any cutover. We’ve also developed a new way of gradual migration that allows for automatic failover to a previous system in the event that a misconfiguration or bad data slips through our filters. This is yet another way that BlueCat ensures the integrity of our customers’ enterprises.

In addition to our technical tools, BlueCat also places special emphasis on connecting with our customers, to really understand the reasoning behind their network architecture. Sometimes what we consider a misconfiguration is rooted in a solid operational logic or business priority. That’s why we take the time to ask before we change anything, rather than simply porting everything over blindly.

Learn more about BlueCat’s unique DDI migration process.

Published in:

DNSMigration

Published on: June 10, 2020

An avatar of the author

BlueCat provides core services and solutions that help our customers and their teams deliver change-ready networks. With BlueCat, organizations can build reliable, secure, and agile mission-critical networks that can support transformation initiatives such as cloud adoption and automation. BlueCat’s growing portfolio includes services and solutions for automated and unified DDI management, network security, multicloud management, and network observability and health.

Related content

Close-up of interlocked metal chain links symbolizing connected network objects and relationships in IPAM
Blog

How to map your network with user-defined links in Integrity X

Map your network with user-defined links in Integrity X to define and manage custom relationships, such as dual-stack and NAT environments.

Read more
Flock of geese flying in formation across a blue sky, framed by a pink graphic border, symbolizing coordinated network migrat
Blog

Automate your DDI modernization path by migrating with Micetro

Automate cross-platform DNS and DHCP migration with Micetro to reduce risk, eliminate manual effort, and modernize infrastructure faster.

Read more
Three armored figures walking toward a futuristic Las Vegas skyline with pyramids, glowing orb, and "Welcome to Fabulous Las
Blog

Your journey to intelligent NetOps begins at Cisco Live

Visit BlueCat’s booth or book a meeting now to learn more about how our solutions can help you build a network that supports constant change.

Read more
Stacked colorful wooden directional arrows on a post by a calm seaside with distant hills and blue sky
Blog

Replace BIND and ISC with Micetro DNS/DHCP Server (MDDS)

Tired of patching and manually configuring BIND DNS and ISC DHCP? Discover how Micetro MDDS appliances can replace them for modern DDI.

Read more