Secondary DNS

Last change on 2020-07-29 • Created on 2020-04-30 • ID: DN-CD291

Introduction

This article is about configuring secondary DNS for various DNS software. In the article we use the address 192.0.2.1 as an example.

For secondary DNS with our servers, please refer to our article listing the respective IPs and name server addresses.

Note: The configuration options for DNS software either accept multiple IP addresses or can be configured multiple times with different IP addresses.

The setup assumes that the IP address to which your server sends its NOTIFY packages is identical to the one from which your server accepts AXFR/IXFR requests.

Support by DNS software

This section contains configuration examples for different DNS software and how it might be configured on a customer's server. All configurations have been tested.

NSD

 zone:
   name: example.com
   notify: 192.0.2.1 NOKEY
   provide-xfr: 192.0.2.1 NOKEY

Man page

BIND

 zone "example.com" {
   type master;
   file "/etc/bind/example.com";
   also-notify  { 192.0.2.1; };
   allow-transfer  { 192.0.2.1; };
 };

PowerDNS

 pdnsutil set-meta example.com ALSO-NOTIFY 192.0.2.1
 pdnsutil set-meta example.com ALLOW-AXFR-FROM 192.0.2.1

Knot

 remote:
   - id: slave
     address: 192.0.2.1@53
 acl:
   - id: acl\_slave
     address: 192.0.2.1
     action: transfer
 zone:
   - domain: example.com
     storage: /etc/knot/
     file: "example.com.zone"
     notify: slave
     acl: acl\_slave

Knot documentation

CoreDNS

 # Coredns file
 example.com {
     file /etc/coredns/example.com {
         transfer to 192.0.2.1
     }
 }

Support by web panels

cPanel/WHM

No direct support, requires editing of respective nameserver configuration files. Example for cpanel with bind (default DNS server):

 # /etc/named.conf
 options {
   #\[...\]
   also-notify  { 192.0.2.1; };
   allow-transfer  { 192.0.2.1; };
   #\[...\]
 }

Global definitions for the notify and allow-transfer seem pretty stable. Definitions inside a zone may be overwritten.

Plesk

Basically the same as cPanel/WHM. Bind is the one and only DNS software, that is supported by plesk. There is an extension called Slave DNS Manager but this does not rely on sending NOTIFYs to the slave servers to trigger an AXFR. It rather expects to be the slave fully under your control and allowing access via rndc (bind control utility).
Global definitions for the notify and allow-transfer seem pretty stable. Definitions inside a zone are overwritten when one applies e.g. DNS templates to all zones.

Webmin

Webmin provides the module BIND DNS Server which adds bind to the server. After adding a master zone, one can edit zone options for this zone.

Webmin edit master zone.png

In the zone options, add the dedicated AXFR server's IP address to the fields Allow transfers from.. and Also notify slaves..

Webmin zone options.png

This will create a bind configuration similar to those proposed for plain bind. You may need to restart the bind DNS server after this.

Table of Contents