Shawn Cøady
asked on
How do I properly configure a secondary nameserver?
Formerly, our domain company.net used Register.com's name servers - since they are the registrar. My DNS skills were sufficient to configure the necessary A, MX, CNAME, and TXT records. All was well until their servers were taken out by a ddos attack last week.
My first priority was to get off of Register.com's nameservers... and I setup a new account with DNSMadeEasy - and cloned my A, MX, CNAME, and TXT records. Then I updated the domain on Register.com - changing the nameserver entries to reflect NS0.dnsmadeeasy.com thru NS5.dnsmadeeasy.com -- and that all went well. I get a clean bill of health using the DNS Report on dnsstuff.com and everything seems to be resolving A-OK.
I'm now trying to configure a secondary nameserver with a separate vendor to avoid a repeat of the service interruptions we had last week. The primary reason I chose DNSMadeEasy.com is that they allow Zone Transfers with an ACL. I chose the vendor dynDNS.com as my secondary nameserver (for both DNS and MX failover) since they seemed to be a good choice for a reasonable price.
I've tried to follow the helpful FAQ's from both DNSMadeEasy and dynDNS but I'm stumped. I've successfully configured my DNSMadeEasy account to *allow* AXFR - and I've created and ACL with the 4 DNS IP addresses as per dynDNS. I then applied the ACL to the domain on DNSMadeEasy... and waited for them to status my change (from updating to active)
However... dynDNS reports that the zone transfer is failing "Your domain delegation does not include required ns2.mydyndns.org nameserver." - and it's tried several times (about 1 hour apart)
Part of my confusion stems from the DNSMadeEasy demo on configuring a secondary nameserver... whereby they would have me configure an A record and CNAME record. I don't think that's required to facilitate the zone transfer - but I'm wondering if it's required at all... given that I *think* I need to configure the secondary nameservers (ns2.mydyndns.org thru ns5.mydyndns.org) on Register.com -- am I right? Also, I seem to recall reading some information that suggests limiting primary and secondary name servers to a maximum of 7 -- but is 9 really that bad?
I think I'm a little confused on this because my situation doesn't seem to match the examples in the various FAQ/HowTo's. I've really got 3 parties in the equation:
Register.com -- the registrar for my domain
DNSMadeEasy.com -- the vendor providing managed DNS services
dynDNS.com -- the vendor providing secondary DNS services
Any examples would be appreciated... or links to configurations or instructions on how to proceed.
Thanks very much
Shawn
My first priority was to get off of Register.com's nameservers... and I setup a new account with DNSMadeEasy - and cloned my A, MX, CNAME, and TXT records. Then I updated the domain on Register.com - changing the nameserver entries to reflect NS0.dnsmadeeasy.com thru NS5.dnsmadeeasy.com -- and that all went well. I get a clean bill of health using the DNS Report on dnsstuff.com and everything seems to be resolving A-OK.
I'm now trying to configure a secondary nameserver with a separate vendor to avoid a repeat of the service interruptions we had last week. The primary reason I chose DNSMadeEasy.com is that they allow Zone Transfers with an ACL. I chose the vendor dynDNS.com as my secondary nameserver (for both DNS and MX failover) since they seemed to be a good choice for a reasonable price.
I've tried to follow the helpful FAQ's from both DNSMadeEasy and dynDNS but I'm stumped. I've successfully configured my DNSMadeEasy account to *allow* AXFR - and I've created and ACL with the 4 DNS IP addresses as per dynDNS. I then applied the ACL to the domain on DNSMadeEasy... and waited for them to status my change (from updating to active)
However... dynDNS reports that the zone transfer is failing "Your domain delegation does not include required ns2.mydyndns.org nameserver." - and it's tried several times (about 1 hour apart)
Part of my confusion stems from the DNSMadeEasy demo on configuring a secondary nameserver... whereby they would have me configure an A record and CNAME record. I don't think that's required to facilitate the zone transfer - but I'm wondering if it's required at all... given that I *think* I need to configure the secondary nameservers (ns2.mydyndns.org thru ns5.mydyndns.org) on Register.com -- am I right? Also, I seem to recall reading some information that suggests limiting primary and secondary name servers to a maximum of 7 -- but is 9 really that bad?
I think I'm a little confused on this because my situation doesn't seem to match the examples in the various FAQ/HowTo's. I've really got 3 parties in the equation:
Register.com -- the registrar for my domain
DNSMadeEasy.com -- the vendor providing managed DNS services
dynDNS.com -- the vendor providing secondary DNS services
Any examples would be appreciated... or links to configurations or instructions on how to proceed.
Thanks very much
Shawn
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Chris -
I think I am there! Modifying the NS record with the terminating . worked. The A record wouldn't allow a termination... so I just deleted it.
DNS Report gives me a warning... but I think it's beneign given my situation.
Thanks for your help.
I think I am there! Modifying the NS record with the terminating . worked. The A record wouldn't allow a termination... so I just deleted it.
DNS Report gives me a warning... but I think it's beneign given my situation.
Thanks for your help.
WARN
Glue at parent nameservers
WARNING. The parent servers (I checked with c.gtld-servers.net.) are not providing glue for all your nameservers. This means that they are supplying the NS records (host.example.com), but not supplying the A records (192.0.2.53), which can cause slightly slower connections, and may cause incompatibilities with some non-RFC-compliant programs. This is perfectly acceptable behavior per the RFCs. This will usually occur if your DNS servers are not in the same TLD as your domain (for example, a DNS server of "ns1.example.org" for the domain "example.com"). In this case, you can speed up the connections slightly by having NS records that are in the same TLD as your domain.
Excellent :)
And yes, you can ignore the warning above, hard to fix that one anyway unless you have a fair amount of control over what the registrar is doing.
Chris
ASKER
OK... Here is what I've done so far...
1) On Register.Com (the registrar for my domain) I *added* ns2.mydyndns.org as a nameserver. Doing this seemed to satisfy dynDNS because a short time later the status on my secondary DNS changed from "inactive" to "active" - I believe that means the zone transfer succeeded. dynDNS now suggests that I add their additional nameservers (ns3, ns4, and ns5) - but I'm going to hold off on that for now.
2) I ran a DNS Report (www.dnsstuff.com) and there were a few complaints that pointed to missing info on my domain's DNS configuration... so I performed the following actions on my DNS at DNSMadeEasy.com
A) I added an A record: ns2.mydyndns.org w/IP 204.13.249.76
B) I added an NS record: ns2.mydyndns.org
This morning I ran another DNS Report... and I get the following warnings and errors (pasted as a code snippet)
It feels odd creating an A record on my DNS with the dynDNS nameserver "name" - since the end result is... ns2.mydyndns.org.mydomain.
Am I almost there... or do I have a long way to go to get where I need to be? My goal is to keep Register.com as the domain's registrar only, use DNSMadeEasy as my primary DNS, and dynDNS as my secondary DNS.
Thanks Experts!
Open in new window