There are two main types of DNS zones you can create on the IBM NS1 Connect platform, primary (or non-secondary) and secondary. The type of zone you create depends on whether or not you are using multiple DNS providers and, if so, the relationship between them.
A primary zone (or non-secondary zone) contains the original zone file, including all of the DNS records corresponding to the fully qualified domain name (FQDN) and any subdomains contained within the zone. When you create a primary zone on the NS1 Connect platform, you can leverage NS1's advanced traffic steering capabilities, including the Filter Chain, and take full advantage of resource management tools, like zone versioning and monitoring.
If NS1 is your only DNS provider, you will likely only need to create primary (or non-secondary) zones. If you are using multiple DNS providers, you can create a primary zone and configure outgoing zone transfers from the primary zone hosted on the NS1 Connect platform to your secondary DNS nameserver(s). Note that certain features that are unique to the NS1 Connect platform are not included in outgoing zone transfers as they are not supported by third-party providers. Refer to Configuring NS1 as a primary DNS provider for details and instructions.
Note: If your organization is looking to establish redundancy while retaining NS1's advanced traffic steering capabilities, consider upgrading your account to include access to the Dedicated DNS network. Dedicated DNS is a single-tenant network that is both physically and logically separate from other NS1 networks. Contact the customer support team to learn more or request an upgrade.
A secondary zone stores a read-only copy of the zone file which is transferred from the primary nameservers on a regular basis or, in some cases, immediately upon changes to the primary zone data. When you create a secondary zone on the NS1 Connect platform, you specify one or more primary nameservers from which the NS1 Connect platform will request periodic updates at a rate determined by the zone's start of authority (SOA) refresh value. Refer to Configuring NS1 as a secondary DNS provider for details and instructions.
The SOA refresh value determines the time between each request from the secondary to primary nameservers for updated zone data. If the SOA refresh is set to 43200 (seconds), then the NS1 nameservers will send an AXFR request to the primary nameserver(s) every 12 hours. Typically, you can configure DNS notifications (NOTIFYs) from the primary servers to the secondary servers upon changes to zone data. In response to the NOTIFY message, the NS1 nameservers send an AXFR request immediately instead of waiting for the current SOA refresh interval to expire.