Secondary DNS is responsible for retrieving zone file data from the primary DNS server. Using secondary DNS on a separate network from your primary DNS allows your visitors to access your website in the event of a primary DNS failure. Secondary DNS offers security through redundancy.
Prerequisites
Topics
- Configuring the DNS Records on Your Server
- Adding Your Domain to OVHcloud Secondary DNS
- Authorizing Zone Transfers
Configuring the DNS Records on Your Server
First, you need to install BIND (or any DNS server). You can use this link for BIND Installation. BIND stands for Berkeley Internet Name Domain. It is a program you can download and install on your Unix or Linux server to give it the ability to become a DNS server for private (LAN) or public (Internet) networks.
To test if you have BIND, use the following command:
# named -v
The command will tell you what version of BIND you are running. If nothing shows, BIND is not currently installed. Please consult your distro documentation about how to install BIND. The distro documentation may give you a command to run in your terminal which is an easier way to install BIND.
BIND, or a different DNS server, is required to authorize OVHcloud's Secondary DNS Server as a trusted server. With BIND, your DNS server is ready to be used. You can now utilize OVHcloud Secondary DNS.
Adding Your Domain to OVHcloud Secondary DNS
Log in to the OVHcloud Control Panel. Then, select your server and navigate to the "Secondary DNS" tab.
Next, click the Add a domain button to enter your domain.
You will be provided a secret value that you must add as the contents of a new TXT record in your DNS zone file with your registrar. In the "Name" field, write "ownercheck" (depending on your registrar this may need to be ownercheck.yourdomain.com). In the "Value" field, write the secret value you were provided.
Prior to clicking the Next button, make sure your newly added record is publicly accessible. You can check this by using MX Toolbox, a third-party site the performs DNS lookups. Change the option to "TXT Lookup" and put ownercheck.yourdomain.com in the field. Once you are done adding the information at your registrar, click the Next button.
You will be prompted to click the Add button to validate the ownership. The OVHcloud Control Panel will validate that you are the owner of the domain and complete the configuration. If you were successful, you will get a popup message such as the one below:
Using this configuration, you can take advantage of a free secondary DNS server provided by OVHcloud which will host a slave zone of your domain.
This secondary DNS server works as a backup of your main DNS server.
Authorizing Zone Transfers
You need to authorize zone transfers in your server towards OVHcloud’s Secondary DNS Server. Remember to only authorize trusted DNS servers.
The default locations of DNS zone files vary by distro. The following are the files where domain information is stored in BIND:
Debian
/etc/bind/named.conf.local
Fedora
/var/named/example.com
Zone File
acl trusted-servers { 147.135.0.4; // sdns1.ovh.us }; zone example.com { type master; file "example.com"; allow-transfer { trusted-servers }; };
Once configured, don’t forget to restart named
:
$ sudo systemctl restart named
Conclusion
Secondary DNS is usually a paid service, but OVHcloud provides it for free. In this article, you learned how to configure secondary DNS to utilize the security of redundancy.