DynDNS.com - Support -- Secondary DNS
Secondary DNS
This guide will help you get started with our Secondary DNS service.
What is Secondary DNS?
Secondary DNS provides global redundancy to a primary nameserver which you own and operate. By using Secondary DNS, you ensure that your services will always be accessible even if your primary nameserver fails.
How do I set it up?
Please complete the following steps to get started with Secondary DNS. Please note: This guide assumes that you are familiar with running your own DNS server (e.g. BIND), and understand how secondary nameservers operate (e.g. zone transfers, DNS Notify, etc.). If you do not wish to host your own primary nameserver, you may be interested in our Custom DNS service.
1. Create Secondary DNS
The first step is to create an account and purchase Secondary DNS. You will be prompted for the IP address of your primary nameserver. (Remember, the Secondary DNS zone should be created for the second-level domain name itself, e.g. mydomain.com, not ns1.mydomain.com.)
2. Configure your primary nameserver and network
You will need to grant our nameservers permission to transfer the zone file for your domain from the primary nameserver. In BIND, this is done with the allow-transfer statement in named.conf like in the example below:
zone "mydomain.com" {
type master;
file "db.mydomain.com";
allow-transfer { 1.2.3.4; 2.3.4.5; 3.4.5.6; 4.5.6.7; };
};
The appropriate syntax may vary depending on your nameserver. Note that the above IPs are an example; here is the full list of our Secondary DNS nameservers and their IP addresses:
Secondary DNS Nameservers
| Server | IP Address |
|---|---|
| ns2.mydyndns.org (Required) | 204.13.249.76 |
| ns3.mydyndns.org | 208.78.69.76 |
| ns4.mydyndns.org | 91.198.22.76 |
| ns5.mydyndns.org | 203.62.195.76 |
Additionally, you will need to add NS records to your domain's zone file like so:
mydomain.com. IN NS ns2.mydyndns.org. mydomain.com. IN NS ns3.mydyndns.org. mydomain.com. IN NS ns4.mydyndns.org. mydomain.com. IN NS ns5.mydyndns.org.
Don't forget to increment your zone serial after modifying the zone file. Lastly, if you use IP-based whitelisting, make sure to allow our nameservers to connect to your primary on TCP and UDP port 53.
3. Delegate your domain
The last step is to add our nameservers to your domain's delegation. Using the list above, simply place these nameservers into your domain's delegation list alongside the primary (and any other secondary servers already in operation). If you wish to run a hidden primary, you can learn more about hidden primary configuration here. Secondary DNS can take up to an hour to activate after a delegation change; during this time you should begin to see our servers query your primary and retrieve the zone file in your nameserver's logs.
Troubleshooting
Secondary DNS isn't retrieving my zone file.
There are two common problems that will prevent Secondary DNS from contacting the primary nameserver and retrieving the zone file:
- Firewall: Make sure that our nameservers' IP addresses are fully whitelisted in your firewalls, router and other security software on both TCP and UDP port 53. If you do not see any transfer attempts in your logs at all, our nameservers are likely being blocked.
- Zone Incrementing: Our nameservers will only transfer the zone file if the zone serial in the master is higher than the current zone serial in Secondary DNS. Make sure you increment the zone serial after making any changes to ensure we retrieve the latest copy.
If you still can't identify the problem from your end, please contact our Support team with as much relevant information (e.g. log snippets) as possible. We should be able to identify the reason our servers can't contact the master.
The records on the Secondary DNS servers are old.
If Secondary DNS receives a DNS Notify or the refresh period for your zone is exceeded, our nameservers will retrieve a new copy of your zone file automatically. However, it will only transfer the zone if the zone serial number on the master is higher than the current zone serial in Secondary DNS. If you make a change to your zone file and the change isn't being picked up by Secondary DNS, increment the zone serial to ensure our servers retrieve the latest copy.
I made a mistake and need to decrement my zone's serial number.
Please see our Decrementing your Zone Serial article for detailed instructions on fixing the problem.
My zone is inactive.
Secondary DNS can take up to two hours to fully activate after delegation. If your zone has not activated, make sure that your domain is properly delegated to our Secondary DNS nameservers:
Secondary DNS Nameservers
| Server | IP Address |
|---|---|
| ns2.mydyndns.org (Required) | 204.13.249.76 |
| ns3.mydyndns.org | 208.78.69.76 |
| ns4.mydyndns.org | 91.198.22.76 |
| ns5.mydyndns.org | 203.62.195.76 |
Please note: If DynDNS.com is not your registrar, you will need to log into your account with the domain's registrar and make the changes there. For more information, please see our article on zone inactivity here.
I would like to switch from Secondary DNS to Custom DNS.
Please see our Custom/Secondary DNS Conversion guide for more information.
© 1998-2010
Dynamic Network Services Inc.
-
Legal Notices -
Privacy Policy -
Contacts
![[Truste Seal]](/images/site/truste/truste_seal_web_small_gray.gif){kind=small}