Configuring NS1 Connect as a secondary DNS provider

You can configure IBM® NS1 Connect® to be secondary to alternative DNS providers by creating a secondary zone and specifying one or more IP addresses of the primary name servers.

A copy of the zone file is stored on NS1 Connect name servers, making it available if the primary name servers cannot be reached.

The following steps outline the process for configuring NS1 Connect to be the secondary DNS provider for your domain.

Step 1 - Configure your primary name servers to allow AXFR queries from the NS1 Connect XFR server

Refer to the instructions provided by your primary DNS provider to enable the primary name servers to receive incoming authoritative transfer (AXFR) queries over TCP and SOA queries over UDP from the NS1 Connect XFR server. For reference, if your primary were on the NS1 Connect platform, complete this step by configuring an outgoing zone transfer in the primary zone settings.

  • For secondary zones published to the shared Managed DNS network (network 0), the XFR server IP address is 192.135.223.10. Make sure that you add this IP address to your primary DNS provider's allow list to receive SOA lookups from the NS1 Connect XFR server.
  • For secondary zones published to any other network, the correct IP address is provided to you during the initial setup.

Step 2 - Create a secondary zone on the NS1 Connect platform

Refer to Creating a secondary zone for detailed instructions.

Step 3 - Add NS1 Connect name servers as NS records within the primary zone

To enable traffic flow through NS1 Connect name servers, you must add the NS1 Connect name servers to the NS record within the primary zone.

  1. Locate the NS1 Connect name servers assigned to the secondary zone. You can do this using the portal or API.
  2. Using the configuration tools provided by your primary DNS provider, add NS records to the primary zone for each NS1 Connect name server.

Once complete, the zone is re-synchronized based on the SOA refresh. If the zone transfer fails, the secondary zone enters a warning state and NS1 Connect attempts to complete the zone transfer based on the retry interval until it is successful or until it reaches the expiry timeout. If the process exceeds the expiry timeout before NS1 Connect can synchronize successfully, then the secondary zone enters an error state and the NS1 Connect name server responds to queries with zone data based on the last successful transfer.

To stay informed of any issues with zone transfers from the primary name server to NS1 Connect, you can configure alerts. You can set alerts to notify you if a zone transfer fails to complete or if NS1 Connect has issues connecting with one of the primary servers.