User Tools

Site Tools


manuals:server:secondary_dns

Secondary DNS Servers

If you are using your own authoritative DNS server in your VPS, you can create a secondary server on our shared infrastructure through vpsAdmin. This is useful, for example, when your domain registrar requires you to have multiple servers on different IP addresses for delegation to your own server.

You can set up individual zones in the menu DNS → Secondary Zones. After creating a zone using the “Primary Servers” form, you add the address of your primary authoritative server that is running in your VPS.

In the zone details, you will see the names and addresses of the assigned secondary servers. You need to adjust the configuration of your primary server so that it informs our secondary servers about changes in records and allows zone transfers. vpsAdmin provides a sample configuration for BIND.

The list of secondary servers shows their status, i.e., the current zone serial number and the dates of the last load, the next refresh, and expiration.

Hidden primary server

It is possible to run your primary server on a private IPv4 address, or to simply not have it accessible from the Internet at all. In that case, delegate your domain at your registrar only to the shared secondary servers, i.e. ns3.vpsfree.cz and ns4.vpsfree.cz.

TSIG

Zone transfers between primary and secondary servers can be further secured using TSIG. First, create a shared key in the menu DNS → TSIG Keys. Each key is identified by an arbitrary name, chosen algorithm, and secret code. These values must match on all servers. When adding primary servers to a zone, you can set the selected TSIG key. The sample configuration again shows how to set up TSIG on the primary server.

manuals/server/secondary_dns.txt · Last modified: 2024/07/21 13:35 by aither