DNS resources (zones, records, and answers) contain critical information about your domains that must be accessible to requesting clients in order for your audiences to access your domains. Zones are published to one or more DNS networks where the corresponding record data is stored and served from a set of NS1 authoritative DNS nameservers.
On the NS1 platform, resource management refers to the tasks involved in the creation, configuration, and maintenance of zone data across all of our NS1 DNS networks. During initial configuration, you will create or import zone data, add records with one or more answers, and apply additional configurations like DNSSEC online signing or outgoing zone transfers.
This article overviews the key objects, concepts, and activities involved in managing your DNS resources.
By default, all accounts can publish zones to NS1’s anycast Managed DNS network. Zones published to this shared network are served by 26 authoritative DNS servers worldwide. Organizations looking to establish redundancy can add the NS1 Dedicated DNS network to their account. This is a physically and logically separate, single-tenant network allowing for complete redundancy without having to manage resources across multiple providers or lose support for NS1's advanced features. Finally, the NS1 Managed DNS for China network enables you to make your domains available to audiences in mainland China without having to traverse the "Great Firewall of China" which refers to combination of legislative actions and technologies enforced by the People's Republic of China to regulate the Internet domestically.
A zone is a collection of DNS records corresponding to a fully qualified domain name (FQDN). You can create zones on the NS1 platform manually, or you can import a zone file from your previous provider.
There are different types of zones you can create on the NS1 platform:
-
A primary zone (or non-secondary zone) indicates the zone data contained on the NS1 platform is the source of truth. In other words, for this domain, NS1 is the primary DNS provider. Optionally, you can configure outgoing zone transfers to secondary providers for this domain, but some NS1 functionality, such as Filter Chains and certain record types, is not supported by other providers and will not be included in the outgoing data.
-
A secondary zone indicates one that pulls zone data from the primary DNS provider to ensure your domains are available in the event that the primary provider network goes down. If you create a secondary zone on the NS1 platform it is essentially a read-only copy of the primary zone data that is updated periodically. Secondary zone configuration options are limited.
-
A linked zone refers to a vanity domain that forwards queries to a target zone with which it shares record data. For example, suppose you have an existing zone configured with all records related to example.com, and then your organization purchases the domain example.site for marketing purposes, but all traffic needs to point to the same location. In this case, you can create a linked zone for the second domain which points to the original. This avoids you having to manually duplicate and maintain two sets of the identical records.
Supported configuration options vary depending on the zone type. Linked zones inherit the configuration applied to the target zone. Refer to the table below for the supported configuration options on primary versus secondary zones.
|
Feature |
Primary zone |
Secondary zone |
|---|---|---|
|
DNSSEC online signing |
Yes |
No |
|
Outgoing zone transfers |
Yes |
Yes |
|
URL forwarding |
Yes |
No |
|
Add or modify records |
Yes |
ALIAS records only |
|
TSIG authentication for incoming zone transfers |
n/a |
Yes |
|
Convert to primary zone |
n/a |
Yes (secondary to primary) |
On the NS1 platform, a record contains one or more units of information (called answers) corresponding to a domain or subdomain within a zone. The nature of the information contained within a DNS record depends on the record type. For example, address records (A or AAAA) contain the IP addresses (IPv4 or IPv6, respectively) corresponding to a domain or subdomain, whereas MX records contain information about the email server(s) responsible for it.
Note
Records on the NS1 platform differ from the traditional "resource records" used by other DNS providers. Whereas traditional resource records contain one unit of information (i.e., one answer), NS1 records may contain multiple answers. In other words, instead of creating multiple A records for each host server, you would create one A record on the NS1 platform with multiple answers for each of the host servers. This configuration allows you to define a traffic steering policy (Filter Chain) to the record which is used to process incoming requests to that record and determine the best answer (endpoint or server) to return based on certain conditions or processing rules.
The NS1 platform supports many different types of records that are also recognized and supported by most DNS providers, but there are also some record types that are unique to the NS1 platform. Learn more about supported DNS record types.
When you create a zone and publish it to the Managed DNS network, the NS1 platform automatically generates an NS record (or nameserver record) with multiple answers — one for each of the assigned nameservers. These are NS1's authoritative DNS nameservers that serve your zone data to requesting clients. Learn more about nameserver assignments and variability.
An answer is an individual unit of information contained within a DNS record. The format of an answer depends on the type of record its contained within. For example, each answer within an A record is a single IPv4 address, whereas each answer within an SRV record contains four fields (priority of target host, relative weight, TCP/UDP port, and the host providing service).
If a record contains multiple answers, configuring a Filter Chain allows you to tell the NS1 platform how to handle incoming requests to that record. NS1 offers a variety of traffic steering filters you can choose from and combine to form a custom routing logic. Each filter uses a unique processing method to rearrange answers or eliminate them from the answer pool — ultimately, to determine the best answer to return to the requester.
For example, the Up filter eliminates answers marked as "down" from the list to prevent directing traffic to an unavailable endpoint. It does this by referencing the "Up" status in the answer metadata, specifically the Up/down metadata value, for each answer. A set of metadata associated with each answer provides information about the endpoint represented by that answer. This can be used for traffic steering, operational purposes, or for internal reference.
Some answer metadata fields can be connected to a data feed to receive automatic updates from an NS1 or third-party monitor. The most common example is attaching a monitor (via the corresponding data feed) to the Up/down metadata field for the corresponding answer(s). If the monitor detects the endpoint has gone down, it automatically changes the Up/down metadata for each answer and the Up filter will eliminate that answer from the answer pool.