Configuring NS1 as the primary DNS provider

Customers with multiple DNS providers can use NS1 as the primary provider—configuring other DNS servers as secondaries that update regularly with zone data from NS1.

To configure NS1 as a primary provider:

1. Determine the IP addresses of your secondary DNS servers.
2. Log into the NS1 portal, and navigate to the Zones page.
3. Double-click the desired zone to view zone details.
4. Click the Zone Transfers tab.
   
   
   
   
5. Ensure the “Allow Outgoing Transfers” option is enabled (checked), and then click Add IP Address to add a new secondary server to the list of allowed hosts, specifying: 
   
   - (Required) The IP address of the host. 
   Note: We will only allow zone transfers (SOA and AXFR queries) from hosts in the list.
   
   - (Optional) The port on the host to send NOTIFY messages. 
   Note: Usually, this is port 53.
   
   - Whether or not we should send DNS notify messages to the host when your zone changes. Note: See below for more information about allowing transfers to servers within an IP subnet.
   
   
6. Repeat step 3 for each of the secondary servers you’d like to associate with the zone.
7. Click Save Zone Settings to confirm the changes.
8. (Optional)To validate that the transfers are enabled correctly, try performing zone transfer from the secondary server using the dig command:

$ dig +tcp @xfr01.nsone.net myzone.com axfr
 
; <<>> DiG 9.8.1-P1 <<>> +tcp @xfr01.nsone.net myzone.com axfr
; (1 server found)
;; global options: +cmd
myzone.com.           60      IN      SOA     dns1.p01.nsone.net. hostmaster.myzone.com. 1408116477 43200 7200 1209600 3600
irc.myzone.com.       60      IN      A       2.20.29.16
mail.myzone.com.      60      IN      CNAME   ghs.googlehosted.com.
myzone.com.           60      IN      MX      10 ASPMX.L.GOOGLE.COM.
myzone.com.           60      IN      MX      20 ALT1.ASPMX.L.GOOGLE.COM.
myzone.com.           60      IN      MX      20 ALT2.ASPMX.L.GOOGLE.COM.
myzone.com.           60      IN      MX      30 ASPMX2.GOOGLEMAIL.COM.
myzone.com.           60      IN      MX      30 ASPMX3.GOOGLEMAIL.COM.
*.myzone.com.         60      IN      CNAME   myzone.com.
myzone.com.           3600    IN      A       17.6.14.25
myzone.com.           60      IN      SOA     dns1.p01.nsone.net. hostmaster.myzone.com. 1408116477 43200 7200 1209600 3600
;; Query time: 62 msec
;; SERVER: 192.135.223.10#53(192.135.223.10)
;; WHEN: Fri Aug 15 19:24:55 2014
;; XFR size: 11 records (messages 1, bytes 453)

Once configuration within the NS1 portal is complete, you must configure the secondary servers to use xfr01.nsone.net (192.135.223.10) as the primary server for the zone. If using BIND, you can add the following snippet to the configuration file:

zone "myzone.com" IN {     type slave;     file "/var/lib/bind/myzone.com.db";     masters { 192.135.223.10; }; };

One important consideration when transferring zones from NS1 is that AXFR protocol does not support any of NS1's advanced functionality and configuration information—including ALIAS records, Filter Chain configurations, answer metadata, and other details.

Zone transfers to IP subnets

NS1 now allows you to configure inbound zone transfer requests from a subnet if you enter a CIDR notation (ex. 192.0.2.0/24) instead of a single IP address in the address field. Note that doing so automatically disables notification options. In order to notify individual servers within the subnet, enter their IP addresses as additional secondary servers explicitly.