ENABLING ZONE TRANSFER TO EXTERNAL SECONDARY DNS SERVERS
adding additional redundancy
Nettica has added the ability to perform zone transfers to external secondary
DNS services. There are trade-offs to using external secondaries,
the largest being the potential loss of real-time updates. This article
describes the process of enabling zone transfers to other DNS servers, as well
as the caveats and pitfalls associated with the process. This is an
advanced topic. Please contact support if you have any problems.
STEP ONE: SECONDARY DNS SERVER CONFIGURATION
To transfer a zone from the Nettica master server, specify 64.94.136.11
as the IP address of the master server at the secondary. This must be
done at the secondary DNS server (or secondary DNS provider). The only
supported method of managing zone transfers is by IP address (TSIG is not
supported). The zone must be created on the secondary through out-of-band
processes. There is no way to automatically create zones on secondary
servers using DNS.
STEP TWO:ALLOW ZONE TRANSFERS FOR THE DOMAIN
There is a new pseudo record-type called "XFR" that allows you to specify the
IP addresses of the external secondary DNS servers. Click on "XFR" to
create this record. Enter the IP addresses of secondary DNS servers
separated with a space. Some secondary DNS service providers require you
to specify specific IP address(es) that are not necessarily the IP
addresses of the secondary DNS servers. Follow their instructions in this
regard.
After creating the XFR record to allow zone transfers, create new NS records for the root
of the domain. Leave the hostname blank, and in the DATA section
enter the name of the secondary. Specify only one secondary DNS server
per NS record. You can add more the NS record to account
for multiple secondaries. Do not add NS records
for Nettica name servers, or for if you are a Bulk DNS customer that is
rebranding, your rebranded name servers. These records are still
managed using the Advanced DNS Settings link, or your Group Templates.
|
|
|
HOST NAME
|
TYPE
|
TTL
|
DATA
|
EDIT
|
DELETE
|
| example.com |
Host (A) |
Default |
172.128.10.102 |
 |
 |
| example.com |
Nameserver (NS) |
Default |
ns1.example.com |
|
|
| example.com |
Nameserver (NS) |
Default |
ns2.example.com |
|
|
| example.com |
Zone Transfer (XFR) |
Default |
172.128.10.101 172.128.10.102 |
|
|
| ns1.example.com |
Host (A) |
Default |
172.128.10.101 |
|
|
| ns2.example.com |
Host (A) |
Default |
172.128.10.102 |
|
|
|
|
|
In the example above, the domain example.com has two external secondaries
defined. The XFR record specifies that 172.128.10.101 and 172.128.10.102
are allowed zone transfers. In addition, A records are defined for these
secondaries, and NS records added specifying that ns1-ns2.example.com are
additonal secondaries.
|
|
|
HOST NAME
|
TYPE
|
TTL
|
DATA
|
EDIT
|
DELETE
|
| example.com |
Host (A) |
Default |
172.128.10.102 |
|
|
| example.com |
Nameserver (NS) |
Default |
ns1.secondaryprovider.com |
|
|
| example.com |
Nameserver (NS) |
Default |
ns2.secondaryprovider.com |
|
|
| example.com |
Zone Transfer (XFR) |
Default |
172.128.10.101 172.128.10.102 |
|
|
|
|
|
In this example, a secondary DNS provider service is
configured. There are no A records. The NS records specify the names
of the secondaries, and an XFR record specifies the IP addresses used to
transfer the zone to the secondaries.
STEP THREE: UPDATE DOMAIN REGISTRATION
After sucessfully completing steps one and
two, the domain should now be resolvable from both the primary
and secondary DNS servers. The last step is to go
to your domain registrar, and add the additional secondaries into your name
server list for the domain.
DISCUSSION
Please keep in mind the following with regards to external secondaries:
- If you delete and re-add a domain in our system, you will need to delete
and re-add the domain at the secondary as well (or at very least, force a
refresh). Otherwise the secondary DNS server may have a higher SOA
serial number, and it will think it has the latest zone information, even if
it does not.
- External secondaries can cause issues with real-time updates (which is why
the feature was not previously offered). If you are using external
secondaries, it is possible to receive an error while managing a domain saying
the domain is locked for zone transfer. If this occurs simply wait a few
moments and click "OK" again to resubmit the change. Note that if you
are not using external secondaries this will not
happen.
- Currently this feature is available from the basic DNS management
pages. It is not supported in the API, or in templates. We
will be adding support for that shortly.
- If adding external secondaries to a .dk domain (and only .dk
domains) be sure to include 193.163.102.6 in the list, which allows zone
transfers to the DK hostmaster.
- This is a beta feature. Please report any problems to customer
support.
CONCLUSION
Our goal
is to provide our customers with the tools they need to manage their
domains. This feature is available to all customers.
Feel free to link to this article either directly or indirectly.
Copyright � 2004-2009 Nettica Corporation All rights reserved.