How to Make Your DNS Infrastructure More Redundant

No-IP Squared (Backup DNS) offers a great way to beef up your DNS infrastructure. As of this writing, we have points of presence in over 100 locations across the globe.

If you maintain your own DNS server it’s pretty easy to setup. Follow these simple steps:

Follow these simple steps:

1. Edit your DNS server to allow zone transfers to our distribution server. You want to make sure that when you make updates to your zone file that our system knows about it.
Slave name servers check for zone transfers based on the REFRESH SOA (Start of Authority) value for your zone. A secure name server will disallow zone transfers to the public. You’ll need to allow zone transfers to our system 8.23.224.170.

This is what it will look like in BIND:

zone "dansfishtanks.com" {
....
allow-transfer { 8.23.224.170; };
}

Since the address 8.23.224.170 is not on a public facing name server, you should also enable notifies. Notify short circuits waiting for the refresh timer to expire and tells all of the slaves to go grab
a new copy of the zone right away.  But since our distribution server is not listed in the zone file, you’ll need to use also-notify

Your BIND configuration will now look like this:

zone "dansfishtanks.com" {
....
allow-transfer { 8.23.224.170; };
notify yes;
also-notify { 8.23.224.170; };
}

2. Configure your master IP in the No-IP Interface: Go to Manage Domains. Select your domain, then click edit. Here, you will enter the IP address of your master server.

3. Behind a Firewall? Make sure you don’t have any firewall rules that would prevent our servers from talking to yours. You’ll need port 53 UDP and TCP open for 8.23.224.170

4. Verify the zone transfers work properly. You can make a test change to your zone file by just incrementing the zones serial number and applying the update. Then, verify that we have the new ip address.

Using Dig you should see the following:

dig @yournamserver.com mydomain.com SOA +short
Apply serial number update

dig @yournameserver.com mydoimain.com SOA +short
Should see new serial number

Then check us
dig @8.23.224.170 mydomain.com SOA +short
This should match the new serial number, if it doesn’t match then something is not quite right. Try reviewing the steps above for an error, or if you still cant quite get it, give our support team a buzz, that’s what they’re here for.

5. Update your zone file to include our name server (NS) records. So, if you’ve made a successful update to our system, now its time to add our
NS records to your zone.

Your BIND zone file might look like this:

$TTL 2d ; default TTL is 2 days
$ORIGIN example.com.
@ IN SOA ns1.dansfishtanks.com. hostmaster.dansfishtanks.com. (
2003080800 ; serial number
2h ; refresh = 2 hours
15M ; update retry = 15 minutes
3W12h ; expiry = 3 weeks + 12 hours
2h20M ; minimum = 2 hours + 20 minutes
)
; main domain name servers
IN NS ns1.dansfishtanks.com.
IN NS ns2.dansfishtanks.com.
; mail domain mail servers
IN MX mail.danfishtanks.com.com.
; A records for name servers above
ns1 IN A 1.2.3.4
ns2 IN A 1.2.3.5
; A record for mail server above
mail IN A 192.168.0.5

Now add our name servers records:
IN NS ns1.no-ip.com.
IN NS ns2.no-ip.com.
IN NS ns3.no-ip.com.
IN NS ns4.no-ip.com.
IN NS ns5.no-ip.com.

Your zone file will look like this: (don’t forget to update the serial number!)

$TTL 2d ; default TTL is 2 days
$ORIGIN example.com.
@ IN SOA ns1.dansfishtanks.com. hostmaster.dansfishtanks.com. (
2003080801 ; serial number
2h ; refresh = 2 hours
15M ; update retry = 15 minutes
3W12h ; expiry = 3 weeks + 12 hours
2h20M ; minimum = 2 hours + 20 minutes
)
; main domain name servers
IN NS ns1.dansfishtanks.com.
IN NS ns2.dansfishtanks.com.
IN NS ns1.no-ip.com.
IN NS ns2.no-ip.com.
IN NS ns3.no-ip.com.
IN NS ns4.no-ip.com.
IN NS ns5.no-ip.com.

; mail domain mail servers
IN MX mail.danfishtanks.com.
; A records for name servers above
ns1 IN A 1.2.3.4
ns2 IN A 1.2.3.5
; A record for mail server above
mail IN A 192.168.0.5

4. Don’t forget the glue! Last step is to tell the root servers where to look. This is done at your registrar. If your domain registration is with No-IP, (Your domain isn’t registered with us?! Transfer it today!)

5. Enjoy Peace of Mind! You’ve just increased your DNS presence 10 fold. Just make sure you keep your email address current with No-IP so that you can get important
maintenance notifications of changes on our end that may require action on your part (in the rare event of IP address changes)

This example uses BIND. Very similar actions are needed for other servers such as NSD or Microsoft DNS server.

Any questions? Please do not hesitate to ask for help. Give us a call or open a Support Ticket.

Leave a Comment.