Last week we encountered a problem with one of our client domains going down. Not going to mention the DNS registrar they were using but it was one of the big three.

All of a sudden, in the middle of the day, their DNS servers went down for 25 minutes. No new requests could be served.

While the domain name had 2-5 DNS servers like ns1.nameserver.com, ns2.nameserver.com, ns3.nameserver.com, all servers went down at the same time.

As part of this post, I will show you how to configure a true secondary authoritative DNS server.

This is different than adding another name-server from your existing registrar.

Adding a secondary authoritative DNS server is designed for cases where all of your registrar name-servers are down. It's a way to eliminate single point of failure and rely on at least two totally different DNS companies.

NOTE: In this post, I will use the example.com and altns.com domain names. These are only examples.

1 - What to achieve?

What we wanted to achieve was to be able to receive authoritative DNS answers for our client domains from a secondary DNS server.

Initially, our example.com looked like this (with nslookup):


Here's what we were looking for - two authoritative hosts:


2 - Which method to use?

We've identified 4 methods to achieve the target goal:

1. Use your own DNS server
2. Use DynDNS Secondary DNS service
3. Use our own DNS server AND use DynDNS Secondary DNS service
4. Other solution

If you have a fast and reliable dedicated server with a static IP address, you can always go ahead with solution 1 and install a DNS server for altdns.com on it.

Else, solution 2 is for you. Well... if you've got enough control over your domain's actual DNS configuration to allow zone transfers for example.com. If you do, then solution 2 is for you. Else, go with 3.

NOTE: "zone transfers" is what allows secondary DNS servers to replicate a domain's DNS structure.

3 - Solution 1 - Use your own DNS server

To use this solution, all you have to do is to setup a DNS server somewhere, on any server, as long as it has a static IP address. This server will be hosting altdns.com and will be the secondary DNS for example.com.

Steps
1- Install BIND on the server
2- Configure BIND for managing the altdns.com zone (see below)
3- Replicate your example.com's DNS configuration in the example.com zone (see below)
4- Create dns.altdns.com, pointing to your own DNS server, in your current altdns.com's DNS configuration
5- Delegate altdns.com to dns.altdns.com
6- Add dns.altdns.com to example.com delegation

named.conf:

altdns.com.dns:

example.com.dns:

The downside with this solution is that whenever you modify the DNS configuration for example.com, you have to modify it in your BIND configuration on altdns.com.

For more safety, you could register a DynDNS Secondary DNS service for altdns.com and add ns[2-5].mydyndns.org to altdns.com's delegation (and the proper NS records in the BIND configuration for altdns.com).

With this solution, your domain will look like this (with nslookup):


4 - Solution 2 - Use DynDNS Secondary DNS service

If you're lucky, your domain's DNS servers allows you to enable zone transfers and all you have to do is to register a DynDNS Secondary DNS service.

To do so, go here and follow the instructions. Basically, all you have to do is to register the service for example.com, specify the IP address of the primary DNS server and add ns[2-5].mydyndns.org to your domain's delegation.

With this solution, your domain will look like this (with nslookup):


5 - Solution 3 - Use my own DNS server AND use DynDNS Secondary DNS service

For this solution, as for solution 1, you need a dedicated server with a static IP address.

Steps
1- Install BIND on the server
2- Configure BIND for managing the example.com zone (see below)
3- Register your DynDNS Secondary DNS service for example.com (see step 4 above)
4- Create dns.example.com, pointing to your own DNS server, in your current example.com's DNS configuration
5- Delegate example.com to dns.example.com
6- Add ns[2-5].mydyndns.org to example.com delegation

named.conf:

example.com.dns:

With this solution, your domain will look like this (with nslookup):


Conclusion

There are many ways to achieve the goal of having a reliable secondary DNS server for your domains. I know that it's not super easy for everyone to set up their own DNS server but once everything is set, your domain is safe (at least for DNS resolution).

Other solution
After writing this post, I've found another solution: it's free and you don't need to set up your own DNS server. Basically it's the same solution... just easier to achieve. See the solution here. This solution is using 2 free services, EditDNS and EveryDNS, to setup redundant DNS servers for a domain name.

Sample Zone config file:

$TTL 60

alwaysupdns.com. IN SOA alwaysupdns.com. alwaysupdns.com. (
20090220 ; Serial number
60 ; Refresh
900 ; Retry
864000 ; Expire
60 ; Min TTL
)

; Host records
alwaysupdns.com. IN A 67.228.124.168
www.alwaysupdns.com. IN A 67.228.124.168

; Mail servers
alwaysupdns.com. MX 10 mx1.softwareprojects.com.
mail.alwaysupdns.com. IN A 204.200.197.196

; DNS Servers
alwaysupdns.com. IN NS dns1.alwaysupdns.com.
alwaysupdns.com. IN NS dns2.alwaysupdns.com.
dns1.alwaysupdns.com. IN A 67.228.124.168
dns2.alwaysupdns.com. IN A 67.228.191.123

; Alternate DNS Servers
alwaysupdns.com. IN NS ns2.mydyndns.org.
alwaysupdns.com. IN NS ns3.mydyndns.org.
alwaysupdns.com. IN NS ns4.mydyndns.org.
alwaysupdns.com. IN NS ns5.mydyndns.org.

thanks for such nice post
regards
Anuj