Secondary DNS is when you declare a second set of nameservers as being authoritative for managing your DNS configurations. It is also called a Dual Provider configuration since it requires the use of two DNS providers’ services.
Secondary DNS services (offered by a managed DNS provider) allow you to manage how record updates are maintained between providers. DNS Made Easy secondary DNS services perform updates automatically using Zone Transfers and “notifies” (more on this later). Whenever a record is updated those changes are instantly sent to the other provider and propagated throughout their network.
Since there are two sets of nameservers responding to queries, if one nameserver (or even a set of nameservers) is unavailable; then the remaining nameservers will answer incoming queries.
Why Use Secondary DNS?
Secondary DNS provides redundancy and resiliency in the event of an outage or service disruption. Provider outages and upstream disruptions are very common, making redundant services a requirement for web-facing businesses.
Many large organizations depend on DNS Made Easy’s secondary DNS services since our secondary DNS solutions are consistently ranked highest in the industry for performance, uptime, and record propagation. You can read more about how we engineered instant record propagation here.
Faster Resolution Times
It has been shown that using more than one provider can actually improve resolution speed. Resolving nameservers (the middlemen between clients and authoritative nameservers) can develop affinities for faster-responding nameservers and will serve those nameservers more traffic.
It is very typical for DNS Made Easy secondary DNS clients to notice that an uneven proportion of queries to go to our nameservers since we consistently perform faster than most providers.
How does Secondary DNS work?
Defined by RFC 1035 the information of each zone is automatically copied to the new DNS provider/nameserver using zone transfers. The initial record copy is done through a full zone transfer (AXFR).
When records on the primary are updated, the primary will use a NOTIFY to alert the secondary of a record change. They will both check each other’s serial number and then the secondary will request an IXFR transfer (incremental zone transfer).
Misconceptions
Is Secondary DNS only used when the Primary DNS is down?
No. This is probably one of the largest misconceptions of secondary DNS solutions. The first step when setting up secondary DNS is to add the second set of nameservers to your registrar (the company that you purchased/registered your domain from). This tells the registrar to direct query traffic to both sets of nameservers since both sets are authoritative for hosting your DNS.
If the first nameserver requested is unreachable, then the resolving nameserver will try another name server in the list until it either gets a response or times out.
Types of Secondary DNS Configurations
Primary / Secondary
This is the most common kind of secondary DNS configuration and is widely supported by most providers. The primary provider is where you update your record configurations, whereas the secondary receives record updates via AXFR/IXFR transfers automatically. DNS Made Easy then will instantly replicate this data to 2,000+ name servers over our IP Anycast+ network.
You will need to add both providers’ nameserver sets to your registrar.
Hidden Primary
A hidden primary configuration is very similar to a primary secondary. However, the difference is you will only list DNS Made Easy nameservers at your registrar. This way the real primary provider is “hidden”. You will then need to configure updates so that when you update your primary provider’s records, they are sent to your secondary (DNS Made Easy).
Basically, your primary is the real set of nameservers that are authoritative for your DNS information, but you would use a secondary provider to propagate those changes across a global network. That way you can continue to use your custom configurations but support them with a reliable and fast global IP Anycast+ network. It also adds an extra layer of security, protecting your nameservers from attacks and the public eye.
We recommend this configuration for organizations that use on-premises DNS solutions, but don’t want them to be visible to the world. You can also use a hidden primary if you have unique configurations, provisioning, or automation for your DNS changes that can’t be configured with a traditional DNS service.
Primary / Primary
Also called a Master/Master, this is actually not a type of secondary DNS since both providers are considered primaries. Instead, you would use DNS Made Easy’s Managed DNS services.
Both providers will need to maintain the same records configurations. Most organizations use a third-party service to maintain record updates such as OctoDNS. This allows you to make changes to either DNS provider should one provider have an outage.