Secondary DNS Services

Essential for reliability

Secondary DNS is one way to safeguard your Internet-dependent organization. When other providers have outages, DNS Made Easy is there with 100% consistency to answer queries.

Essential for reliability

Secondary DNS Image

What is Secondary DNS?

While it may sound like a secondary DNS provider is a backup to your primary DNS provider, with secondary DNS you actually have two authoritative providers  for answering your queries.

Think of it as an extra set of nameservers that are authoritative for your domain(s). Whenever you query a domain with Secondary DNS enabled, you will have a 50/50 chance of seeing the nameservers for each provider.

How DNS Providers Work

In a basic, single provider DNS configuration all queries will be answered by the provider’s nameserver set. History has shown that this is not a reliable practice, as this leaves domains vulnerable to provider outages.

When you use more than one provider, you actually double the number of authoritative nameserver sets for your domains. If one of the providers become unavailable, resolving nameservers would only send query traffic to the available nameserver set. All of this happens automatically with no appreciable effects to end users.

Benefits of Secondary DNS

Handshake Icon
Reliability

Think of all the parts of your business that have redundancies. Secondary DNS is simply a safeguard that all Internet-dependent businesses should use. Over the past year, there has been a 5% growth in enterprise adoption of multi-vendor DNS configurations.

Wheel Icon
Resiliency

Even when using on-premises DNS architecture you can enjoy the benefits of Secondary DNS. Add a cloud-based provider, like DNS Made Easy, as a primary or secondary provider to your infrastructure. For extra security, configure your in-house nameservers as hidden masters. Queries will appear to be answered by your in-house nameservers but really, the cloud provider is authoritative.

Speed Icon
Speed Boost

Secondary DNS can improve page load times. Resolving nameservers will start to prefer the provider that responds the fastest. That means queries will more often be served to the better performing provider which, over time, improves resolution times.

Top Secondary DNS Strategies

This is the most common kind of secondary DNS configuration and is widely supported by most providers. The primary provider is where you update your record configurations, whereas the secondary receives automatic record updates via AXFR/IXFR transfers. If DNS Made Easy is the secondary provider, we instantly replicate this data to more than 2,000 nameservers over our Triple IP Anycast network. In this scenario, you would need to add both providers’ nameserver sets to your registrar.

Also called a Master/Master, this is actually not a type of secondary DNS as both providers are considered primaries. Instead, you would use DNS Made Easy’s Managed DNS services.

Both providers will need to maintain the same records configurations. Most organizations use a third-party service such as OctoDNS to maintain record updates for Primary/Primary setups. This allows you to make changes to either DNS provider should one provider have an outage.

A hidden primary configuration is very similar to primary/secondary. The difference is that you would only list DNS Made Easy nameservers at your registrar. This way, the real primary provider is “hidden." You would also need to configure updates so that when you update your primary provider’s records, they are sent to your secondary (DNS Made Easy).

Basically, your primary is the real set of nameservers that are authoritative for your DNS information, but you would use a secondary provider to propagate those changes across a global network. This lets you can continue to use your custom configurations while supporting them with a reliable and fast global IP Anycast+ network. It also adds an extra layer of security, protecting your nameservers from attacks and the public eye.

We recommend this configuration for organizations that use on-premises DNS solutions, but don’t want them to be visible to the public. You can also use a hidden primary if you have unique configurations, provisioning, or automation for your DNS changes that can’t be configured with a traditional DNS service.

Easy DNS Transfer and Configuration

First, you need to configure your primary provider to allow zone transfers to DNS Made Easy systems. This is configured through your primary provider (please refer to their documentation). Next, create a Secondary IP set for your domain(s) in DNS Made Easy. You must complete this step before you add your domain(s).

Update your domain through your registrar (where you bought your domain) to use the DNS Made Easy nameservers. Depending on if you are using a Primary/Secondary or a Hidden Primary configuration, you may only need to list DNS Made Easy nameservers or both providers’ nameservers.

Update authoritative providers’ NS records for your domain (should match the registrar in step 2).

Configure your primary name server / provider to NOTIFY DNS Made Easy should any update be made. If a traditional NOTIFY is not possible then DNS Made Easy will revert to the serial number check found in your SOA record.

Want a Proof of Concept?

Start Free Trial