If you have multiple DNS providers, you have the option to configure NS1 to be your secondary provider—acting as a "child" to your primary DNS server.
Some important considerations before configuring NS1 as secondary provider:
You must have an existing primary DNS provider or server.
Your primary server must allow AXFR queries over TCP for NS1 server IPs.
With NS1 configured as a secondary provider, you will not be able to use the advanced features & functionality, such as Filter Chains, for record management. You must use your primary DNS provider's tools to manage zone records.
Step 1: Create the secondary zone.
Configure your primary DNS server to allow AXFR queries over TCP (and SOA queries over UDP) from 126.96.36.199.
In the NS1 portal, navigate to the Zones section, and click Add Zone.
Select Secondary Zone.
Enter the domain name and the IPv4 address (not the hostname) of your primary DNS server. If necessary, adjust the primary port setting (if not running on port 53).
Note: See below for details on enabling TSIG.
Click Save Zone.
The secondary zone is created, but in a "pending" state. It may take a few minutes for the first synchronization against your primary server. You can monitor the status of the server under the Zone Settings tab. Note: This is also where you can also update the primary IP or port, if necessary.
Once all zones are sync'd, all the records you configured on your primary server will appear in the NS1 portal.
Note about enabling TSIG
NS1 offers authentication using TSIG (Transaction Signature) when being used as a secondary zone. To do this, you must select Enable TSIG during configuration. The next step is to supply a type of hash, a name for the key being created, and the key itself. The key works as a password to authenticate communication between the two DNS servers (AXFR) to securely transfer changes for zone records. The hash type and key will need to match between the primary and secondary DNS providers.
Step 2: Point DNS traffic to the NS1 servers.
Next, you'll need to direct DNS traffic for the secondary zone to the NS1 servers.
- From the zones list, double-click the secondary zone you just created.
- Click the Nameservers tab, and record the URLs for the NS1 servers.
- Using the configuration tools provided by your primary DNS provider, add NS records to the zone for each NS1 nameserver.
- Using the configuration tools provided by your domain registrar, modify the nameserver for your domain.
Note: The zone is re-synchronized according to the refresh interval specified in the zone's SOA record. If a zone transfer fails, the zone enters a "warning" state. NS1 will continue attempts to complete the zone transfer based on the re-try interval defined in your SOA record until it succeeds or the expiry timeout is exceeded. If the process exceeds the expiry timeout before NS1 is able to to re-synchronize your zone, the zone enters an "error" state and the NS1 server will no longer answer queries for the zone.