Secondary DNS Zones

Written By : Dustin Beason

Hello everybody and Happy New Year!

With the outages and attacks that have been occurring around the world in recent weeks, and with the frequency of those outages increasing over the last few years, we have been thinking a lot about how we could add additional layers of failover in some areas to help insulate us from unnecessary downtime.

Most recently, the outage over at Hover, caused by an DDoS attack, caught our attention. A few of our friends were affected, which started us to think on how we could mitigate it for them and for ourselves. We currently host DNS for various projects at several different places - so in the process of implementing it ourselves, we thought we would use two of those to share how you can quickly and easily setup a Primary and Secondary Zone to help minimize your own unnecessary outages.

We are going to use Dynect and DNS Made Easy for this example, but if you have a different provider you need assistance with, just drop us a support request and we will be happy to help.

Dynect to DNS Made Easy


Begin by logging into your DNS Made Easy(DME) and Dynect accounts in separate tabs or windows. You will need to bounce back and forth between the two to get the necessary information the first time around. Complete the following steps to setup your first Secondary Zone, replicating from a Primary Zone on Dynect to DNS Made Easy.

  • In the Dynect window, click Manage next to the domain you wish to add a secondary to.
  • Click the Zone Options tab.
  • Take note of the IP addresses in the first paragraph. These must be added to the secondary account to create the necessary ACLs and allow Notifies from Dynect to DME.
  • Leave that window as is, and move over the your DME window.
  • The first time you set this up this direction, you will need to add the IPs you took note of above.
  • Hover over Advanced, and select Secondary IP Sets

  • Click the + sign in the bottom corner of the Secondary IP Sets window.
  • Name the Secondary IP set. (I used From Dyn) But you may use whatever you would like.
  • Enter the IPs you took note of above, with one on each line.
  • Click Submit to save and close this dialog box.
  • Now Hover over the DNS dropdown, and select Secondary DNS.
  • Click Add Secondary in the upper right corner of the screen.
  • Enter the domain name you wish to replicate from Dynect into the Domain Names text area.
  • For IP Set, select the Secondary IP Set you created above.
  • Leave Folder as Default, unless you manage the DNS for tons of domains/customers and need to separate them.
  • Click OK to save the Secondary DNS Entry.
  • Now click on the domain or domains you’ve just added under Recently Updated Secondary Domains to bring up its details.
  • Take note of the IP addresses listed under the center section with the notes: To properly use the DNS Made Easy secondary DNS service, you will want to make sure you “allow transfer from” and “send notify to” the following IP addresses:
  • Switch windows back over to Dynect.
  • Check the radio button next to Custom External Servers.
  • Enter each of the IPs into its own text field. (clicking the + to the right of each text field will add another)
  • Click Save Settings.
  • It may take a few moments to complete, but at this point, you can return to the DME window and reload the page to check on the health of the secondary name servers. If the Current Serial Number is the same on the Secondary IPs you added above, replication is working!
  • The final step is to add the DME NS records to the primary domain’s registrar, so that in the unlikely event that Dynect fails, it will know to check with DME.
  • YOU HAVE SECONDARY DNS!

###DNS Made Easy to Dynect
Next, we will perform the steps necessary to setup Secondary DNS to Dynect from a Primary Zone on DNS Made Easy! You will want to have both windows open for this as well, since we will be bouncing back and forth.

  • In the Dynect window click Create Zone in the upper right of the page.
  • Click the Create Secondary Zone tab.
  • Take note of the IPs in the yellow Notice. (for use at DME)
  • Name your Zone with the name of the domain it will be a secondary for.
  • Switch over to the DNS Made Easy window.
  • Hover over the Advanced dropdown, and click Trasfer ACL (AXFR).
  • Click the + in the bottom left of the AXFR ACLs box.
  • Name the ACLs. ( I named mine To Dynect)
  • Enter the IP addresses that you took note of above in the text area, one IP on each line.
  • Click Submit.
  • Hover over the DNS dropdown, and select Managed DNS.
  • Click on the domain you want to replicate to Dynect in the Recently Updated Domains box.
  • Click the Settings Tab.
  • Select the ACL you created from the Zone Transfer (AXFR ACL) dropdown.
  • Click Save.
  • Click the Name Servers Tab.
  • Take note of the domain or IP listed under AXFR Server (used for zone transfers and NOTIFY).
  • Switch back over to Dynect.
  • Enter the IP or domain you just took note of into the Master Server IP field.
  • Click Create Secondary to complete the modifications.
  • Click Overview in the top left menu bar. Ensure that the Status goes to Green/Online.
  • The final step is to add the Dynect’s NS records to the primary domain’s registrar, so that in the unlikely event that DNS Made Easy fails, it will know to check with Dynect.
  • YOU HAVE SECONDARY DNS!

###Follow-Up I did not cover all of the options on the Dynect forms exhaustively because as far as I can tell, DME did not support some of those options. But these steps will get your Secondary DNS Zone online and functional in a jiffy!

It is worth mentioning one cool option that Dynect makes available : Notifications. If Dynect is your secondary, they will email you if they stop receiving updates from your primary. All you have to do is create a Contact under Manage Account > Manage Contacts, and select that user under the Zone Options of the Secondary Zone. BOOM - if the primary stops updating, you get an email.

I contacted support at both Dynect and DNS Made Easy while I was writing this post, and both were extremely responsive and helpful. Dynect did have the convenience of a live person available immediately both times I called, but DNS Made Easy responded quickly and efficiently through their ticket system as well. If you have any questions about this process, either of them would be glad to help. And as a Rails Machine Customer, we would be glad to help you anytime by just dropping us a support request!