Secondary DNS Services
Essential for Reliability

No More Downtime

Instant recovery from provider outages.

Instant Record Updates

Receive or send updates to your secondary provider instantly.

Faster Load Times

Improve performance when you choose DNSME as your secondary provider.

What is Secondary DNS?

While it may sound like a secondary DNS provider is a backup to your primary DNS provider… It’s actually when you have two providers that are authoritative for answering your queries.


Think of it as an extra set of name servers that are authoritative for your domain(s). Whenever you query a domain with Secondary DNS enabled, you will have a 50/50 chance of seeing the nameservers for each provider.


How It Works

Single DNS Provider

In a basic, single provider DNS configuration all users will be answered by the provider’s nameserver set. History has shown us that this is not a reliable practice, as this leaves domains vulnerable to provider outages.

$ dig ns example.com +short ns1.dnsmadeeasy.com. ns3.dnsmadeeasy.com. ns2.dnsmadeeasy.com. ns0.dnsmadeeasy.com. ns4.dnsmadeeasy.com. ns8.dnsmadeeasy.com. $
$ dig ns example.com +short ns1.dnsmadeeasy.com. ns3.dnsmadeeasy.com. ns2.dnsmadeeasy.com. ns01.provider.com.
ns02.provider.com.
ns04.provider.com. $

Dual DNS Providers

When you use more than one provider, you actually double the number of nameserver sets authoritative for your domains.

If one of the providers were to be unavailable, resolving nameservers would only send query traffic to the available nameserver set. All of this happens automatically with no appreciable effects to end users.

Benefits of Secondary DNS

Speed Boost

Secondary DNS can actually improve page load times. Resolving nameservers will start to prefer the provider that responds the fastest.

That means queries will more often be served to the better performing provider and over time improve resolution times.

Resiliency

Even if you are using on-premises DNS architecture you can still enjoy the benefits of Secondary DNS. Add a cloud-based provider, like DNS Made Easy, as a primary or secondary provider to your existing infrastructure.

For extra security, you can configure your in-house name servers as hidden masters. Queries will appear to be answered by your in-house nameservers but really the cloud provider is authoritative.

Reliability

Think of all the parts of your business that have redundancies. Secondary DNS is simply a safeguard that all Internet-dependant businesses should use.

Over the past year, there has been a 5% growth in enterprise adoption of multi-vendor DNS configurations.

Top 3 Secondary DNS Strategies

Primary (Master / Slave)

This is the most common kind of secondary DNS configuration and is widely supported by most providers. The primary provider is where you update your record configurations, whereas the secondary receives record updates via AXFR/IXFR transfers automatically. DNS Made Easy then will instantly replicate this data to 2,000+ name servers over our IP Anycast+ network.

You will need to add both providers’ nameserver sets to your registrar.

Primary / Primary

Also called a Master/Master, this is actually not a type of secondary DNS since both providers are considered primaries. Instead, you would use DNS Made Easy’s Managed DNS services.

Both providers will need to maintain the same records configurations. Most organizations use a third-party service to maintain record updates such as OctoDNS. This allows you to make changes to either DNS provider should one provider have an outage.

Hidden Primary

A hidden primary configuration is very similar to a primary secondary. However, the difference is you will only list DNS Made Easy nameservers at your registrar. This way the real primary provider is “hidden”. You will then need to configure updates so that when you update your primary provider’s records, they are sent to your secondary (DNS Made Easy).

Basically, your primary is the real set of nameservers that are authoritative for your DNS information, but you would use a secondary provider to propagate those changes across a global network. That way you can continue to use your custom configurations but support them with a reliable and fast global IP Anycast+ network. It also adds an extra layer of security, protecting your nameservers from attacks and the public eye.

We recommend this configuration for organizations that use on-premises DNS solutions, but don’t want them to be visible to the world. You can also use a hidden primary if you have unique configurations, provisioning, or automation for your DNS changes that can’t be configured with a traditional DNS service.

It's as Easy as 1-2-3-4

View the full tutorial on our Knowledge Base

Finger one

Transfer

First, you need to configure your primary provider to allow zone transfers to DNS Made Easy systems. This is configured through your primary provider, please refer to their documentation.

Then create a Secondary IP set for your domain(s) in DNS Made Easy. You must complete this step before you add your domain(s).

Create IP Sets

Now you can add your domain(s) to DNS Made Easy.

Add Domain(s)
Finger two

Notify Registrar

Update your domain through your registrar (where you bought your domain) to use the DNS Made Easy nameservers. If you are using a Primary/Secondary or Hidden Primary configuration, you may only need to list DNS Made Easy nameservers or both providers’ nameservers.

Finger three

NS Records

Update your authoritative providers’ NS records for your domain (should match the registrar in step 2).

Learn how
Finger four

Setup Updates

Configure your primary name server / provider to NOTIFY DNS Made Easy should any update be made. If a traditional NOTIFY is not possible then DNS Made Easy will revert to the serial number check found in the SOA record.

Related Articles

Tutorial

Tutorial: Learn how to setup Secondary DNS in the DNS Made Easy Control panel.

Learn how
Analytics

New Study: 65% of top retail domains are vulnerable to single DNS provider outages.

Read more
On off graphic

More domains are using multiple DNS providers after recent devastating outages.

Read more
Webinar

Webinar: Secondary DNS is no longer just a backup plan. Four strategies to try and exclusive Q&A with Founder Steven Job.

Watch now

Like what you see?

Start your free (no credit card required) 30 day trial and you can have fast DNS in a matter of minutes.
Yep, it really is that easy.


Sign up