Jump toUpdate content

How to configure secondary DNS

Reviewed on 26 May 2021Published on 26 May 2021

Secondary DNS allows you to have your domain’s zone file automatically backed up on a second set of name servers. This backup is a read-only copy of the zone file, containing the DNS records.

This how-to assumes that you want to manage your domains exclusively with BIND. It shows you how to configure your Dedibox as your primary DNS and nssec.online.net as your secondary DNS.

Important:

Be aware that there is a delay of 24 hours upon completing this procedure before it takes effect.

Requirements:
  • You have an account and are logged into the Dedibox Console
  • You have a Dedibox server,
  • Ports 53/TCP and 53/UDP are open on your server, enabling it to respond to DNS requests
  • You own a domain name, which is configured on your server with a valid SOA

How to configure BIND

  1. If you use a management panel for your server, add the domain in your panel.

  2. Log in to your server as root via SSH.

  3. Use your favorite text editor to edit the general BIND configuration file, located at /etc/bind/named.conf. The configuration of your domain should be as follows (replace domaine.fr with your domain):

    zone "domaine.fr" { 
    type master;
    notify yes;
    allow-transfer { 62.210.16.8; };
    file "/etc/bind/domaine.fr.db";
    };
  4. Edit the file pointed to in the configuration carried out at step 3. In this example, you can see that the content of the zone is located in the file /etc/bind/domaine.fr.db. Use your favorite text editor to edit the file as follows:

    $TTL 86400
    @ IN SOA sd-xxxx.dedibox.fr. root.domaine.fr. (
    2006081720
    8H
    2H
    4W
    1D )
    IN NS sd-xxxx.dedibox.fr.
    IN NS nssec.online.net.
    IN MX 10 mail.domaine.fr.

    domaine.fr. A 195.154.xx.xx
    ns IN A 62.210.xx.xx
    mail IN A 62.210.xx.xx
    www CNAME domaine.fr.
    ftp CNAME domaine.fr.

    Ensure that you do the following:

    • Replace domaine.fr with your own domain name.
    • Replace sd-xxxx.dedibox.fr with the name of your Dedibox.
    • Replace 62.210.xx.xx with the IP of your Dedibox.
    • Pay special attention to keep the “.” as they are indicated.
    • Update the serial number (here 2006081720) using the format YearMonthDateNumber
  5. Restart BIND for the changes to take effect:

    /etc/init.d/bind9 reload

How to declare the domain name

  1. From the console, click Server in the top menu, and select Server List.

  2. Click Manage next to the relevant server.

  3. Click Secondary DNS in the left side menu. The Create a new entry form displays.

  4. Enter your domain name, and next to IP select your primary DNS server.

  5. Click Create.

Note:

The initial installation of a new domain name takes about 24 hours (restart of the server each night at 2:45 CET), then updates are made according to the “refresh” indicated in the SOA of the primary DNS of your domain.

How to test your domain

AFNIC is the association tasked with managing the domain name registry in France. Before you carry out your test:

  • Wait 24 hours after finishing the configuraiton steps above
  • Remember to create a postmaster mailbox (postmaster@domain.fr) for your domain.
  1. Use a zonecheck service such as this one: http://zonecheck.francedns.com/fr/:

    • In zone, enter your domain without www or http
    • In primaire, enter the reverse (sd-xxxx.dedibox.fr) of your server and its IP
    • In secondaire enter nssec.online.net and 62.210.16.8 as the IP
  2. Click Vérifier!

  • If the test generates errors, correct the problems identified in the error messages
  • If the test result is SUCCÈS, this means everything is working. You can update the DNS servers of your domain at your registrar.

How to deal with a failed zone transfer

If the transfer of your zone does not work, it may be that:

- Your DNS server does not accept requests of the type AXFR
- You forgot to update the serial of your zone (`YearMonthDayNumber`)

To test the transfer of your zone, authorise the transfer to your personal IP (allow-transfer) and test the transfer from your personal IP, using the following command:

dig @ip_of_my_dedibox mydomain.tld axfr

The serial of your zone must be up to date (2010112402 for example for the 2nd modification on 24/11/2010).

See Also