Skip Navigation LinksHome » Articles

Enabling Zone Transfer To External Secondary DNS Servers

Adding Additional Redundancy

Nettica has added the ability to perform zone transfers to external secondary DNS services. There are trade-offs to using external secondaries, the largest being the potential loss of real-time updates. This article describes the process of enabling zone transfers to other DNS servers, as well as the caveats and pitfalls associated with the process. This is an advanced topic. Please contact support if you have any problems.

Step One: Secondary DNS Server Configuration

To transfer a zone from the Nettica master server, specify 64.94.136.11 as the IP address of the master server at the secondary. This must be done at the secondary DNS server (or secondary DNS provider). The only supported method of managing zone transfers is by IP address (TSIG is not supported). The zone must be created on the secondary through out-of-band processes. There is no way to automatically create zones on secondary servers using DNS.

Step Two: Allow Zone Transfers For The Domain

There is a new pseudo record-type called "XFR" that allows you to specify the IP addresses of the external secondary DNS servers. Click on "XFR" to create this record. Enter the IP addresses of secondary DNS servers separated with a space. Some secondary DNS service providers require you to specify specific IP address(es) that are not necessarily the IP addresses of the secondary DNS servers. Follow their instructions in this regard.

After creating the XFR record to allow zone transfers, create new NS records for the root of the domain. Leave the hostname blank, and in the,DATA section enter the name of the secondary. Specify only one secondary DNS server per NS record. You can add more the NS record to account for multiple secondaries. Do not add NS records for Nettica name servers, or for if you are a Bulk DNS customer that is rebranding, your rebranded name servers. These records are still managed using the Advanced DNS Settings link, or your Group Templates.

example zone transfer configuration

In the example above, the domain example.com has two external secondaries defined. The XFR record specifies that 172.128.10.101 and 172.128.10.102 are allowed zone transfers. In addition, A records are defined for these secondaries, and NS records added specifying that ns1-ns2.example.com are additonal secondaries for the domain.

Zone transfers to external secondary DNS provider

In this example, a secondary DNS provider service is configured. The NS records specify the names of the secondaries, and an XFR record specifies the IP addresses used to transfer the zone to the secondaries.

Step Three: Update Domain Registration

After sucessfully completing steps one and two, the domain should now be resolvable from both the primary and secondary DNS servers. The last step is to go to your domain registrar, and add the additional secondaries into your name server list for the domain.

Discussion

Please keep in mind the following with regards to external secondaries:

  • If you delete and re-add a domain in our system, you will need to delete and re-add the domain at the secondary as well (or at very least, force a refresh). Otherwise the secondary DNS server may have a higher SOA serial number, and it will think it has the latest zone information, even if it does not.
  • External secondaries can cause issues with real-time updates (which is why the feature was not previously offered). If you are using external secondaries, it is possible to receive an error while managing a domain saying the domain is locked for zone transfer. If this occurs simply wait a few moments and click "OK" again to resubmit the change. Note that if you are not using external secondaries this will not happen.
  • Currently this feature is available to all customers from the basic DNS management pages. Bulk DNS customers can also configure XFR records using templates and using the API.
  • If adding external secondaries to a .dk domain (and only .dk domains) be sure to include 193.163.102.6 in the list, which allows zone transfers to the DK hostmaster.
  • This is a beta feature. Please report any problems to customer support.

Conclusion

Our goal is to provide our customers with the tools they need to manage their domains. This feature is available to all customers.

Feel free to link to this article either directly or indirectly.