In this article, you will learn:
- How Secondary DNS works
- How to set up secondary WEDOS DNS
- How to set up secondary DNS with another provider
- Frequently asked questions
Secondary WEDOS DNS
Secondary DNS servers act as a delivery network for records stored on another authoritative (primary) server. This is typically used in DNS Whitelabel solutions, allowing a provider to maintain their original administration interface and DNS server infrastructure, while also benefiting from WEDOS Zone‘s ⧉ anycast solution.
DNS has to be set up as secondary during creation according to Zone – Add Domain to DNS, or using WEDOS API as described in WAPI – WEDOS DNS.
Secondary DNS Setup
You typically need to set up secodnary DNS with:
WEDOS Setup
To set up a new secondary DNS domain in WEDOS DNS, follow the guide Zone – Add Domain to DNS. For a secondary domain specifically, make sure to set:
- Type: Change to secondary.
- Primary IP: Enter the primary DNS server’s IP address.
To manage secondary DNS, including adding TSIG verification, follow these steps:
- Log into WEDOS Global admin panel ⧉.
- In the left panel, select ZONE.
- Select the secondary domain you want to manage from the list.
- Update settings as needed.
- Click the Save Changes button. Then, Apply Changes to push saved changes to the server.
Available settings include:
- Primary DNS IP: This is the IP address of the original authoritative (primary) server, which contains DNS records for the secondary server to retrieve. Required.
- Primary DNS TSIG: For additional security, you can use TSIG (Transaction SIGnature) to authorize data transfer between the primary and secondary servers. Once set up on the primary server, enable primary server TSIG by checking the box and entering the corresponding Name, Algorithm, and Key.
To use TSIG, configure it on the primary DNS server. If you enable TSIG without proper setup on both sides, AXFR transfers will fail.
- Outgoing AXFR: Enable outbound AXFR for the domain and list the IPs of servers allowed to communicate via AXFR.
By default, the system synchronizes changes according to SOA REFRESH and RETRY values. To expedite the process, use the Schedule AXFR button (this will run AXFR within the next several minutes).
Primary DNS Provider
To make sure secondary WEDOS DNS works properly, make sure that:
- The primary DNS is accessible via AXFR from IPs in the
46.28.104.64/27range. - If you want to secure communication with TSIG, set it up on the primary DNS server first.
Third-Party Provider
To use WEDOS DNS servers as primary, and another provider’s as secondary, first obtain the following information:
- Secondary server IP address(es). Obtain this information directly from the provider.
- TSIG security, if applicable.
Then proceed to set up AXFR:
- Log into the Global admin panel ⧉.
- In the left menu, select ZONE.
- Select the domain to enable AXFR from.
- In the domain settings, check Allow outbound AXFR for this domain and enter secondary DNS Source IPs.
- Click the Save Changes button, followed by Apply Changes.
If your secondary DNS provider supports TSIG security, use the TSIG create (new) button to generate a new name, algorithm and key to enter into your provider’s system according to their guides. To disable TSIG, click the Cancel button.
Avoid enabling TSIG in our system if your provider doesn’t support it. Enabling TSIG with either WEDOS or your provider, but not both, will interfere with AXFR and prevent it from working correctly.
FAQ
What’s the difference between saving and applying changes to the secondary DNS?
Saving keeps your changes in the system but doesn’t activate them yet. Applying pushes the changes to the servers, making them take effect.