Slaving from NS1

You can use NS1 as a primary DNS provider, with another provider or DNS server configured as a slave, pulling your zones from NS1.

To configure primary DNS in NS1, you need to know the IP addresses of your slave servers.

Then, in the NS1 Portal, navigate to the zone you want to slave and click on the "Zone Transfers" tab.   


Ensure the "Enable Zone Transfer" option is checked.  Then, add each of your slave servers to the list of allowed hosts.  You may specify:

  • IP address of the host (required).  We will only allow zone transfers (SOA and AXFR queries) from hosts in the list.
  • Port on the host to send NOTIFY messages (optional) -- usually this is port 53.
  • Whether or not we should send NOTIFY messages to the host when your zone changes.

Save the settings, and all the NS1-side configuration is done!

Now, you need to configure your slave servers.  Your slaves should talk to xfr01.nsone.net (192.135.223.10 ) to do zone transfers.  If you're using BIND, you might add a snippet like this to your configuration file:

zone "myzone.com" IN {
    // slaved from xfr01.nsone.net
    type slave;
    file "/var/lib/bind/myzone.com.db";
    masters { 192.135.223.10; };
};

You can also confirm (from your slave server) that AXFR requests are working using dig:

$ dig +tcp @xfr01.nsone.net myzone.com axfr
 
; <<>> DiG 9.8.1-P1 <<>> +tcp @xfr01.nsone.net myzone.com axfr
; (1 server found)
;; global options: +cmd
myzone.com.           60      IN      SOA     dns1.p01.nsone.net. hostmaster.myzone.com. 1408116477 43200 7200 1209600 3600
irc.myzone.com.       60      IN      A       2.20.29.16
mail.myzone.com.      60      IN      CNAME   ghs.googlehosted.com.
myzone.com.           60      IN      MX      10 ASPMX.L.GOOGLE.COM.
myzone.com.           60      IN      MX      20 ALT1.ASPMX.L.GOOGLE.COM.
myzone.com.           60      IN      MX      20 ALT2.ASPMX.L.GOOGLE.COM.
myzone.com.           60      IN      MX      30 ASPMX2.GOOGLEMAIL.COM.
myzone.com.           60      IN      MX      30 ASPMX3.GOOGLEMAIL.COM.
*.myzone.com.         60      IN      CNAME   myzone.com.
myzone.com.           3600    IN      A       17.6.14.25
myzone.com.           60      IN      SOA     dns1.p01.nsone.net. hostmaster.myzone.com. 1408116477 43200 7200 1209600 3600
;; Query time: 62 msec
;; SERVER: 192.135.223.10#53(192.135.223.10)
;; WHEN: Fri Aug 15 19:24:55 2014
;; XFR size: 11 records (messages 1, bytes 453)

One important consideration when slaving from NS1 is that AXFR does not support slaving any of NS1's advanced functionality and configuration information, including ALIAS records, Filter Chain configurations, answer metadata, and other details.  NS1 records that have multiple answers will be "unrolled" for zone transfer: each answer will be transferred as an individual record in a round-robin set for the domain and record type of the NSONE record.  ALIAS records will not currently be transferred, as they are an NS1-specific record type.