Configuring NS1 as a primary DNS provider

Customers with multiple DNS providers can use NS1 as the primary provider—configuring other DNS servers as secondaries that update regularly with zone data from NS1.

To configure NS1 as a primary provider:

  1. Determine the IP addresses of your secondary servers.
  2. In the NS1 portal, navigate to and click the name of the zone you want to enable for outgoing zone transfers. Select the “Zone Transfers” tab.

  3. Ensure the “Allow Outgoing Transfers” option is enabled (checked), and then click “Add IP Address” to add a new secondary server to the list of allowed hosts, specifying:

    - (Required) The IP address of the host.
    Note: We will only allow zone transfers (SOA and AXFR queries) from hosts in the list.

    - (Optional) The port on the host to send NOTIFY messages.
    Note: Usually, this is port 53.

    - Whether or not we should send DNS notify messages to the host when your zone changes. Note: See below for more information about allowing transfers to servers within an IP subnet.

  4. Repeat step 3 for each of the secondary servers you’d like to associate with the zone.
  5. Click “Save zone settings” to confirm the changes.
  6. (Optional)To validate that the transfers are enabled correctly, try performing zone transfer from the secondary server using the dig command:
$ dig +tcp @xfr01.nsone.net myzone.com axfr
 
; <<>> DiG 9.8.1-P1 <<>> +tcp @xfr01.nsone.net myzone.com axfr
; (1 server found)
;; global options: +cmd
myzone.com.           60      IN      SOA     dns1.p01.nsone.net. hostmaster.myzone.com. 1408116477 43200 7200 1209600 3600
irc.myzone.com.       60      IN      A       2.20.29.16
mail.myzone.com.      60      IN      CNAME   ghs.googlehosted.com.
myzone.com.           60      IN      MX      10 ASPMX.L.GOOGLE.COM.
myzone.com.           60      IN      MX      20 ALT1.ASPMX.L.GOOGLE.COM.
myzone.com.           60      IN      MX      20 ALT2.ASPMX.L.GOOGLE.COM.
myzone.com.           60      IN      MX      30 ASPMX2.GOOGLEMAIL.COM.
myzone.com.           60      IN      MX      30 ASPMX3.GOOGLEMAIL.COM.
*.myzone.com.         60      IN      CNAME   myzone.com.
myzone.com.           3600    IN      A       17.6.14.25
myzone.com.           60      IN      SOA     dns1.p01.nsone.net. hostmaster.myzone.com. 1408116477 43200 7200 1209600 3600
;; Query time: 62 msec
;; SERVER: 192.135.223.10#53(192.135.223.10)
;; WHEN: Fri Aug 15 19:24:55 2014
;; XFR size: 11 records (messages 1, bytes 453)


Once configuration within the NS1 portal is complete, you must configure the secondary servers to use xfr01.nsone.net (192.135.223.10) as the primary server for the zone. If using BIND, you can add the following snippet to the configuration file:

zone "myzone.com" IN {     type slave;     file "/var/lib/bind/myzone.com.db";     masters { 192.135.223.10; }; };

One important consideration when transferring zones from NS1 is that AXFR protocol does not support any of NS1's advanced functionality and configuration information—including ALIAS records, Filter Chain configurations, answer metadata, and other details.

Zone transfers to IP subnets

NS1 now allows you to configure inbound zone transfer requests from a subnet if you enter a CIDR notation (ex. 192.0.2.0/24) instead of a single IP address in the address field. Note that doing so automatically disables notification options. In order to notify individual servers within the subnet, enter their IP addresses as additional secondary servers explicitly.



Request a Demo

Contact Us

Get Pricing