How do I properly configure a secondary nameserver?
Posted on 2009-04-06
Formerly, our domain company.net used Register.com's name servers - since they are the registrar. My DNS skills were sufficient to configure the necessary A, MX, CNAME, and TXT records. All was well until their servers were taken out by a ddos attack last week.
My first priority was to get off of Register.com's nameservers... and I setup a new account with DNSMadeEasy - and cloned my A, MX, CNAME, and TXT records. Then I updated the domain on Register.com - changing the nameserver entries to reflect NS0.dnsmadeeasy.com thru NS5.dnsmadeeasy.com -- and that all went well. I get a clean bill of health using the DNS Report on dnsstuff.com and everything seems to be resolving A-OK.
I'm now trying to configure a secondary nameserver with a separate vendor to avoid a repeat of the service interruptions we had last week. The primary reason I chose DNSMadeEasy.com is that they allow Zone Transfers with an ACL. I chose the vendor dynDNS.com as my secondary nameserver (for both DNS and MX failover) since they seemed to be a good choice for a reasonable price.
I've tried to follow the helpful FAQ's from both DNSMadeEasy and dynDNS but I'm stumped. I've successfully configured my DNSMadeEasy account to *allow* AXFR - and I've created and ACL with the 4 DNS IP addresses as per dynDNS. I then applied the ACL to the domain on DNSMadeEasy... and waited for them to status my change (from updating to active)
However... dynDNS reports that the zone transfer is failing "Your domain delegation does not include required ns2.mydyndns.org nameserver." - and it's tried several times (about 1 hour apart)
Part of my confusion stems from the DNSMadeEasy demo on configuring a secondary nameserver... whereby they would have me configure an A record and CNAME record. I don't think that's required to facilitate the zone transfer - but I'm wondering if it's required at all... given that I *think* I need to configure the secondary nameservers (ns2.mydyndns.org thru ns5.mydyndns.org) on Register.com -- am I right? Also, I seem to recall reading some information that suggests limiting primary and secondary name servers to a maximum of 7 -- but is 9 really that bad?
I think I'm a little confused on this because my situation doesn't seem to match the examples in the various FAQ/HowTo's. I've really got 3 parties in the equation:
Register.com -- the registrar for my domain
DNSMadeEasy.com -- the vendor providing managed DNS services
dynDNS.com -- the vendor providing secondary DNS services
Any examples would be appreciated... or links to configurations or instructions on how to proceed.
Thanks very much