Enable Secondary DNS (Premium DNS)
Our Premium DNS accounts let you enable Secondary DNS, which backs up your zone file (domain name) to a secondary nameserver. If you enable Secondary DNS and your primary nameservers go down, your secondary nameservers receive and process requests so your domain name never goes offline.
When setting up Secondary DNS, you select our nameservers as your primary (master) or secondary (slave) nameserver set. If you designate our nameservers as the master set, the DNS Manager makes all zone file updates and the slaves (your nameserver set) pick them up. If you designate us as the slave, then your own master nameservers make the DNS updates, and you must configure them to send notifications to our slave nameservers so they pick up the changes.
You can configure Secondary DNS with or without transaction signatures (TSIG), which secure communications between the nameserver sets.
Regardless of whether you designate us as the slave or master, you must use DNS server software to configure your own nameserver set. We are compatible with the following software:
- BIND v9.1.0 or later
- NSD
- Windows Server 2008 and later
Using Secondary DNS requires in-depth understanding of setting up and using your own nameservers. Your own nameserver set must support AXFR (full zone transfer) and NOTIFY (zone change notification) requests to transfer zone files between the DNS servers.
NOTE: You cannot use both DNSSEC and Secondary DNS with the same domain name.
Enabling Secondary DNS with Our Nameservers as Masters
Use these instructions to designate our nameservers as the primary (master) set in your Premium DNS account. Consult the Help for your system and your DNS server software to configure your own nameservers as the secondary (slave) set.
You must set your DNS slave nameservers to initiate AXFR requests from both of our master zone transfer servers (not to be confused with secondary servers). Use the following transfer server information:
- xfr03.domaincontrol.com (72.167.238.111)
- xfr04.domaincontrol.com (72.167.238.110)
The servers listed here changed in May 2015. You might need to manually update your domain name to use these nameservers.
NOTE: These servers do not respond to general DNS queries, only to AXFR-type queries.
To Enable Secondary DNS with Our Nameservers as Masters
- Log in to your Account Manager.
- Click Premium DNS.
- Click Manage.
- For the domain name you want to use, click Advanced Settings.
- Go to the Secondary DNS tab.
- For Enable, select On.
- For Configure zone as, select Master.
- For Designate slaves, click Add one now or Add Slave.
- For IPv4 Address Range, enter the beginning and end of the range of IP addresses for your slave nameservers.
- (Optional) If you want to configure TSIG, use your DNS server's software to generate a TSIG key for one of our supported algorithms (md5, sha1, and sha256), and then complete the following fields:
- TSig Key Type — Select the type of algorithm (hash function) you want to use to authenticate your transactions. If you don't want to use TSIG, select None.
- TSig Key Name — Enter a unique name for the TSIG key.
- TSig Key Value — Enter a value for the TSIG key This value is a password that both nameserver sets share and use to authenticate requests.
- Click Save.
- Test your slave DNS servers to make sure they are transferring the zone from us successfully.
- Test your slave servers to make sure they respond authoritatively for your DNS zone records when queried directly.
NOTE: Our zone transfer servers do not respond to general DNS queries, only to AXFR-type queries.
If you want your slave servers to respond to general DNS queries for your domain name along with our master nameservers, you should do the following:
Manually add NS records for your secondary DNS servers to your zone in the DNS Manager.
- Log in to your Account Manager.
- Click Premium DNS.
- Next to Premium DNS, click Launch.
- For the domain name you want to work with, click Edit Zone.
- Go to the NS (Nameserver) section, click Quick Add, and then manually enter the NS records for your secondary DNS servers. (Do not replace or delete our NS records.)
- Edit any of the following fields:
- Host — Type @ to map the record directly to your domain name.
- Points to — Enter your NS record.
- TTL — Select how long the server should cache the information.
- Click OK.
- Click Save Zone File, and then click OK. The NS record displays in the NS (Name Server) section.
Set Nameservers for the DNS zone to manually update the registry delegation to both our master nameservers and yours.
For zones not registered with us, do the following:
Set your nameservers with your domain name's registrar to include both our Premium DNS nameservers and your slave nameservers. Premium DNS nameserver ranges are:
- [pdns01-pdns13].domaincontrol.com
- [pdns02-pdns14].domaincontrol.com
For zones registered with us, do the following:
- Log in to your Account Manager.
- Next to Domains, click Manage.
- Select the domain names you want to modify.
- From (Nameservers), select Set Nameservers.
- Select I have specific nameservers for my domains and then enter your slave nameservers (do not replace or delete our nameservers).
- Click OK.
Enabling Secondary DNS with Our Nameservers as Slaves
Use these instructions to designate our nameservers as the secondary (slave) set in your Premium DNS account. Consult the Help for your system and your DNS server software to configure your own nameservers as the primary (master) set.
NOTE: You must use your own primary nameservers to manage your DNS records and accept AXFR requests from our slaves, and you should set them to send NOTIFY requests to our slaves.
Use the following transfer server information:
- xfr01.domaincontrol.com (97.74.107.15)
- xfr02.domaincontrol.com (97.74.107.16)
- xfr03.domaincontrol.com (72.167.238.111)
- xfr04.domaincontrol.com (72.167.238.110)
You must configure the data for all 4 nameservers.
The servers listed here changed in May 2015. You might need to manually update your domain name to use these nameservers.
When you enter your master servers in our system, we do not use them in any particular order. However, our system prefers entries that use TSIG.
If you set our nameservers as slave, your DNS records in the Zone File Editor become read-only. You cannot configure Secondary DNS with our nameservers as slaves for domain names that use vanity nameservers.
To Enable Secondary DNS with Our Nameservers as Slaves
- Log in to your Account Manager.
- Click Premium DNS.
- Click Manage.
- For the domain name you want to use, click Advanced Settings.
- Go to the Secondary DNS tab.
- For Enable, select On.
- For Configure zone as, select Slave.
- For Designate masters, click Add one now or Add Master.
- For IPv4 Address Range, enter the beginning and end of the range of IP addresses for your master nameservers.
- (Optional) If you want to configure TSIG, use your DNS server's software to generate a TSIG key for one of our supported algorithms (md5, sha1, and sha256), and then complete the following fields:
- TSig Key Type — Select the type of algorithm (hash function) you want to use to authenticate your transactions. If you don't want to use TSIG, select None.
- TSig Key Name — Enter a unique name for the TSIG key.
- TSig Key Value — Enter a value for the TSIG key This value is a password that both nameserver sets share and use to authenticate requests.
- For Allow NOTIFY from, click Add Range, and then enter the range of IP addresses our nameservers must accept NOTIFY requests from.
- Click Save.
Disabling Secondary DNS
You can disable Secondary DNS for a domain name at any time. If you were using our nameservers as slaves, we move your domain name to the default Premium DNS nameservers and you can edit its DNS records in the Zone File Editor.
To Disable Secondary DNS
- From the Premium DNS Dashboard, select the domain name you want to disable Secondary DNS for, and then click Advanced Settings.
- For Enabled, select Off.
- Click Save.