In this article you will learn:
- What is the purpose of setting up secondary WEDOS DNS servers
- How to set up secondary DNS servers in WEDOS
- How to set up another provider's secondary DNS
- Frequently Asked Questions
WEDOS NS as secondary DNS
You can use WEDOS DNS servers as secondary DNS servers, i.e. let them download DNS records from other DNS servers using AXFR.
Secondary WEDOS NS settings
You configure WEDOS DNS servers as secondary servers both on the WEDOS side and with the authoritative DNS server provider.
Settings on the WEDOS side
For each domain that will use the WEDOS DNS servers as a secondary domain, add the following steps to the system:
- Log in to the customer administration ⧉.
- Select DNS from the top menu.
- Select Add domain to DNS from the left menu.
- Fill in:
- Domain name: enter a second-order domain name (without www and other subdomains, e.g. wds-test.cz).
- Type: change the value to secondary.
- Pattern: leave the value no pattern.
- Primary IP: Type the IPv4 address of the domain's primary authoritative DNS server.
- Check the consent box and click the add domain button.
To automate the process, use the WEDOS API.
WEDOS DNS uses the REFRESH and RETRY entries in the SOA header of the domain to determine whether a change has occurred on the primary DNS. It does not accept notifications from authoritative DNS servers.
If you have made a change to the authoritative DNS and need to speed up the loading into WEDOS DNS, use the Schedule AXFR button in the details. The system will then perform the check in a few minutes.
Settings on the provider side of authoritative DNS servers
Secondary WEDOS DNS will download data from authoritative DNS servers via AXFR from IPv4 addresses in the range of 46.28.104.64/27. Enable AXFR transmission for these addresses with your provider.
TSIG Security
You can use TSIG (Trasnaction SIGnature) technology to increase the security of the transmission. If your primary server supports it and you have it configured here, enter the settings in the VEDOS administration:
- Log in to the customer administration ⧉.
- Select DNS from the top menu.
- From the list, select the domain for which you want to set up TSIG authentication.
- Select Domain Settings from the left menu
- In the Domain section, check Use TSIG and fill in the name, algorithm, and key according to the TSIG settings on the primary server.
- Click the Save Changes and Apply Changes buttons (in that order).
Secondary DNS of another provider
If you want to use WEDOS DNS servers as primary and another provider as secondary, find out:
- The IP address (or addresses) of the secondary DNS servers. Obtain this information directly from the provider.
- TSIG security information, if the provider allows its deployment.
Next, set the outgoing AXFR by following these steps:
- Log in to the customer administration ⧉.
- Select DNS from the top menu.
- Select the domain for which you want to make the outgoing AXFR available.
- In the domain settings, select the Enable outbound AXFR for this domain check box and enter the IP addresses of the secondary DNS servers.
- Click Save Changes , and then click Apply Changes.
If your secondary DNS provider supports TSIG security, you can use the TSIG: set (new) button to generate a name, algorithm, and key to enter into your provider's system. You can then use the cancel button to delete the TSIG data from the system.
If your provider does not support TSIG, do not set it up. AXFR transmission with invalid TSIG settings on the WEDOS or provider side will not work.
Frequently Asked Questions
Is there any way I can automate the whole process?
Yes, use the WEDOS API, specifically the dns-domain-add command.
Is it possible to set up AXFR traffic with IPv6 addresses?
Unfortunately, secondary DNS currently works exclusively over IPv4.