Getting started with Dedicated DNS

Dedicated DNS is a fully managed solution deployed on a custom infrastructure that is physically and logically separate from the shared Managed DNS network or any other customer's Dedicated DNS network. IBM® NS1 Connect® customers can manage one set of resources using the web interface or the API, simultaneously publishing zones to both networks.

Top-tier managed DNS provider networks are built to be resilient, but no provider is immune to network outages. Many enterprises seek to diversify their DNS using a separate infrastructure to mitigate this risk. The Dedicated DNSS solution on NS1 Connect provides a dual DNS delivery system without sacrificing the performance benefits of advanced traffic management or managing resources across multiple provider platforms.

Implementation overview

An experienced IBM support Solutions Engineer (SE) will guide you through the Dedicated DNS implementation process to configure a solution that meets your redundancy and performance goals. Referencing the average and peak query volumes (queries per second; QPS) and the geographic distribution of DNS traffic to your domains, the SE determines where the Dedicated DNS nameservers should be located geographically and the capacity specifications for each point of presence.

A kick-off call serves to review the design and deployment plans and to set dates for deployment milestones and service activation. Once design specifications are approved by both parties, the IBM support team begins the setup process. Typically, this requires about 10 business days to complete. You must register a unique domain for your new Dedicated

Draft comment: nadine.mootoo@ibm.com
should this be lowercase"d" or Dedicated DNS?
nameservers with your domain registrar.

The team leverages well-established relationships with hosting and networking providers to deliver a regionally or globally anycast DNS network customized to fit your needs. You will receive a consolidated invoice covering Managed DNS, Dedicated DNS, and third-party provider fees.

1. Register a unique domain for the Dedicated DNS network

The domain name you establish for your Dedicated DNS network must be different from any of your existing production domain names. This helps simplify troubleshooting DNS issues and provides security isolation for your nameserver resources if your organization's domains are attacked.

After establishing the new domain name at the registrar, inform your dedicated IBM support Solutions Engineer and provide them with the domain name. The Solutions Engineer will stage the nameserver and network resources with a partner provider, load and verify the DNS software, and add the new network to your NS1 Connect account. Typically, this process takes about 5-10 business days.

Once complete, you will receive the hostnames and IP addresses for your NS1 Connect Dedicated DNS nameservers. Each deployment consists of four new nameservers for your Dedicated DNS service to which you can begin publishing zones.

Note: Each deployment results in four new nameservers for your Dedicated DNS service.

2. Create a zone for the new domain

Once enabled on your NS1 Connect account, create a new DNS zone, specifying the FQDN you just registered for the Dedicated DNS nameservers and publishing the zone to both the Managed DNS and Dedicated DNS networks.

Note: If your Dedicated DNS network is not yet listed, you can publish to Managed DNS only or leave the zone unpublished (deselect all zones) for now and edit the zone later to publish to both networks.

After saving the published zone, a name server (NS) record is generated automatically. The record contains multiple answers, one for each Managed DNS and Dedicated DNS nameserver to which the zone is published.

Note: Linked zones cannot be resolved across DNS records networks. When publishing linked zones to the Dedicated DNS network, ensure their respective target zones are also published to both networks.

3. Create an A record for each nameserver

Within the zone you just created, create an A record with four answers specifying the IP addresses for each Dedicated DNS nameserver.

For example, suppose your dedicated Solutions Engineer provides you with the following nameserver data:

  • ns01.dedicatednet.com 198.0.2.0
  • ns02.dedicatednet.com 198.0.2.1
  • ns03.dedicatednet.com 198.0.2.2
  • ns04.dedicatednet.com 198.0.2.3

In this case, you must create an A record indicating the subdomain prefix (ns01) in the name field. Then, under Answers, enter the IP address associated with the first nameserver (198.0.2.0).

Click Add answer, and enter the next IP address corresponding to another nameserver. Repeat this for each Dedicated DNS nameserver provided.

4. Create the glue records for the Dedicated DNS domain

Within your domain registrar, create the glue records for the Dedicated DNS domain you registered in step one, associating each nameserver with its anycast address. Refer to your registrar's documentation for specific instructions.

5. Delegate your domains to Managed DNS and Dedicated DNS nameservers

Within your domain registrar, delegate the Dedicated DNS domain you registered in Step 1 to the Managed DNS and Dedicated DNS nameservers. Once complete, there should be eight nameservers associated with the domain at the registrar.

Note: Sometimes, delegation to the registrar can take more than two hours. Delays as long as 24 hours have been reported but are uncommon.

6. Verify the configuration

Test theDedicated DNS domain configuration to ensure the new nameservers answer queries as expected.

7. Publish your remaining zones to your Dedicated DNS network

After verifying the configuration, you can publish your zones to the Dedicated DNS network starting with your lowest traffic domains and testing the configuration before updating your higher traffic domains.

To do this, edit the zone settings, enabling the Dedicated DNS network option under Networks.

Note: After publishing the zone to the Dedicated DNS network in NS1 Connect, you must also update the domain configuration at the registrar to include the new nameservers. If a zone is sub-delegated from a different provider, you must add the new NS records to the existing sub-delegation at the DNS provider for the parent zone.