Secondary DNS with hidden master server

The Secondary DNS serves as a backup, combining multiple servers to work together. It acts as a hidden master server, where all DNS zones, records, and settings are managed, and updates are automatically propagated to a public server that handles all DNS traffic. This setup protects the backend hidden server from DDoS attacks and ensures that domain names are served from a fast anycast network, avoiding a slow unicast network connection on the hidden master server affecting the global speed of the domain name.

What is the Hidden Master DNS server?

The Hidden Master setup provides protection for the primary DNS server by concealing its existence. The registrar and NS records do not list the Master DNS server, rendering it inaccessible to potential attackers. In case of issues with the secondary DNS server, the Master DNS server remains unscathed. Additionally, a firewall may be utilized for added security.

How to use Hidden Master with Downly?

To set up a Hidden Master DNS server with Downly, follow these steps:

Create NS records in your Master DNS zone for the Downly name servers listed in the "available name servers" pop-up window.
Ensure that there are no NS records for your Master DNS server in your DNS zone.
Add all other records in your Master DNS zone.
Log in to your profile and create a Slave DNS zone.
Enter the IP address of your Master DNS server in the Slave DNS zone and enable zone transfer and notify on your Master DNS server.
If using BIND, add the suggested configuration in your zone file.
Check the SOA serial on your Master DNS server, and compare it to the SOA serial in your Dashboard.
If the serials match, your DNS zone is synced and you have a Hidden Master DNS configuration.
If your Master DNS server is behind a firewall, allow connections from Downly name server IP addresses.

on Saturday 4 February 2023 | | A comment?
0 responses to “Secondary DNS with hidden master server”

Leave a Reply