DNS is a mission-critical service. Without it, an enterprise and all of its internet-facing services are effectively off-line. Many enterprises turn to managed DNS providers to ensure the reliability and performance of a well-provisioned network, as well as the expertise of a specialized team for support. Top-tier managed DNS provider networks are built to be resilient — however, no provider is immune to network outages. To mitigate this risk, many enterprises seek to diversify their DNS using a separate infrastructure. There are several approaches to doing this — each with advantages and disadvantages. NS1’s Dedicated DNS ensures the availability of a dual-DNS delivery system, without sacrificing the performance benefits of advanced DNS traffic management or introducing any additional complexity to DNS record management.
Like NS1’s Managed DNS, Dedicated DNS is a DNS-as-a-service, fully managed solution. Instead of pooling zones across multiple customers, NS1 Dedicated DNS networks are deployed on a custom infrastructure. Dedicated DNS servers run the same software that powers NS1’s industry-leading Managed DNS platform. Record management, statistics, and reporting are delivered via the NS1 customer portal — providing a centralized management platform for the multi-network system. NS1 engineers conduct all Dedicated DNS network implementations, along with ongoing support and maintenance with SLA commitments.
NS1 leverages well-established relationships with hosting and networking providers to deliver a regionally- or globally anycast DNS network customized to fit your needs. After purchase, you will receive a consolidated invoice from NS1 covering Managed DNS, Dedicated DNS, and third-party provider fees. Note that all customer support is provided by NS1. During initial implementation, NS1 will add the Dedicated nameservers. You must register a unique domain for your Dedicated nameservers with your domain registrar.
An NS1 Solutions Engineer (SE) will work with you directly to design a solution that meets your redundancy and performance goals. Based on the average and peak query volumes (queries per second, QPS) and the geographic distribution of DNS traffic across your network, the SE determines where the DNS servers should be located geographically, as well as the capacity required at each site. Primarily, NS1 partners with Host Virtual for Dedicated DNS delivery as both providers offer a globally-distributed service with anycasting. The solution design is reviewed by the NS1 Customer Success and Engineering teams.
A kick-off call with NS1 serves to review the design and deployment plans as well as to set dates for deployment milestones and service activation. Once design specifications are approved by both parties, NS1 begins the setup process — typically, requiring about 10 business days to complete.
Once the setup process is completed by the NS1 team, complete the checklist below to ensure the proper implementation of your Dedicated DNS network.
Register a unique domain for your Dedicated DNS nameservers. NS1 requires a unique domain — different from any of your existing production domain names — to be used for your Dedicated DNS nameservers. For example, if your domain name is example.com, you can register exampledns.com for your nameservers. This is an important best practice as it helps simplify troubleshooting issues involving DNS and provides a level of security isolation in that attacks directed at records in the company domain will not include nameserver resources. Contact your domain registrar to register a new domain name. It’s important that you only use this domain name for the Dedicated DNS servers.
-
Provide NS1 with the new domain names for the Dedicated network. Once we have your Dedicated domain, NS1 stages the server and networking resources with our partner provider and notifies you once complete. We then load and verify the DNS software, adding the new network to your account. This process typically takes 5-10 business days.
Note
Each deployment results in four nameserver answers for the Dedicated service. -
Generate an A record for each nameserver answer. Create an A record in the zone for the Dedicated network for each nameserver answer — mapping each nameserver to its anycast address.
-
Example A record data:
a. ns01.exampledns.com 1.1.1.1
b. ns02.exampledns.com 2.2.2.2
c. ns03.exampledns.com 3.3.3.3
d. ns04.exampledns.com 4.4.4.4
-
-
Activate your Dedicated DNS network in the NS1 portal. Log into the NS1 portal (https://my.nsone.com), and click the zone for your Dedicated DNS setup. On the Zone Settings tab, find NS1’s Managed DNS and your Dedicated DNS networks. Under Networks, check the box next to Dedicated. Note that NS1 customers using the Dedicated DNS solution can serve zones by NS1’s Managed DNS network or their Dedicated network — or both.
Note
This step adds the four new Dedicated nameservers to the zone and pushes this zone’s data to your Dedicated network.
Note
Linked zones cannot be resolved across networks, so when enabling your Dedicated network for a zone, you must ensure that any link targets exist on both networks. The target zone (that to which the linked zone points) must also have the Dedicated network enabled. Likewise, if the zone contains any linked records, the zones containing the target records must also have the Dedicated network enabled.Note
Note
Create glue records. At your registrar, create the glue records that associate the nameservers with their respective anycast addresses.
-
Delegate your name servers. Delegate the zone to the now glued nameservers to the NS1 Managed DNS nameservers. There should be a total of eight nameservers associated with the DNS zone at the registrar when this step is complete.
Warning
In some cases, the delegation to the registrar can take longer than two hours. Delays as long as 24 hours have been reported, but are uncommon. -
Verify the new nameservers are answering queries and set up the remaining zones. NS1 monitors the new nameservers and confirms they are answering queries as expected. Coordinate with NS1 to assign new nameservers to all the remaining zones in your DNS network.
Note
NS1 recommends completing this step for your lowest traffic domains first before working up to your largest traffic domains.Warning
If a zone is sub-delegated from a different provider, you must add the new NS records to the existing sub-delegation at the DNS provider for the parent zone.