Top-tier managed DNS provider networks are built to be resilient, but no provider is immune to network outages. To mitigate this risk, many enterprises seek to diversify their DNS using a separate infrastructure. NS1 Dedicated DNS ensures the availability of a dual-DNS delivery system without sacrificing the performance benefits of advanced traffic management or introducing any additional complexity to DNS record management.
Like NS1 Managed DNS, Dedicated DNS is a fully managed solution. Instead of pooling zones across multiple customers, Dedicated DNS networks are deployed on a custom infrastructure. Dedicated DNS servers run the same software that powers NS1’s industry-leading Managed DNS platform, and both networks are managed from NS1's unified, cloud-based platform, NS1 Connect. NS1 engineers conduct all Dedicated DNS network implementations and provide ongoing support and maintenance with SLA commitments.
An NS1 Solutions Engineer (SE) will work with you directly to design a solution that meets your redundancy and performance goals. Based on the average and peak query volumes (queries per second, QPS) and the geographic distribution of DNS traffic across your network, the SE determines where the DNS servers should be located geographically, as well as the capacity required at each site. Primarily, NS1 partners with Host Virtual for Dedicated DNS delivery as both providers offer a globally-distributed service with anycasting. The solution design is reviewed by the NS1 Customer Success and Engineering teams.
A kick-off call serves to review the design and deployment plans and to set dates for deployment milestones and service activation. Once design specifications are approved by both parties, NS1 begins the setup process — typically, requiring about ten business days to complete.
NS1 leverages well-established relationships with hosting and networking providers to deliver a regionally- or globally anycast DNS network customized to fit your needs. You will receive a consolidated invoice from NS1 covering Managed DNS, Dedicated DNS, and third-party provider fees. During initial implementation, NS1 will add the Dedicated nameservers. You will need to register a unique domain for your new Dedicated nameservers with your domain registrar.
NS1 requires a unique domain — different from any of your existing production domain names — to be used for your Dedicated DNS nameservers. This is an important best practice as it helps simplify troubleshooting issues involving DNS and provides a level of security isolation in that attacks directed at records in the company domain will not include nameserver resources. Contact your domain registrar to register a new domain name.
Warning
The domain names must be used only for the Dedicated DNS servers.
Share the new, registered domain with the NS1 team. Once we have your Dedicated domain, we will stage the server and networking resources with our partner provider. Then, we load and verify the DNS software, adding the new network to your account. This process typically takes 5-10 business days.
Once complete, we will share with you the hostnames and IP addresses for your Dedicated DNS nameservers.
Note
Each deployment results in four new nameservers for your Dedicated DNS service.
Create a new DNS zone on the NS1 platform for the unique Dedicated DNS domain you registered in step 1.
Publish the domain to both the NS1 Managed DNS and Dedicated DNS network by selecting the options under "DNS Networks" before saving the zone.
Note
If your Dedicated DNS network isn't set up yet, you can publish to Managed DNS only or leave the zone unpublished (as in, deselect all zones) for now and edit the zone later to publish to both networks.
After saving the published zone, an NS record is automatically generated containing the Managed and Dedicated DNS nameservers. It also pushes this zone’s data to both networks.
Note
Linked zones cannot be resolved across networks. When publishing your zone to the Dedicated network, you must ensure that any link targets exist on both networks. The target zone (that to which the linked zone points) must also have the Dedicated network enabled. Similarly, if the zone contains any linked records, then the zones containing the target records must also have the Dedicated network enabled.
Within the zone you just created, create four A records — one for each nameserver. This maps each nameserver to its anycast address.
For example, if NS1 provides you with the following nameserver data:
-
ns01.dedicatednet.com 198.0.2.0
-
ns02.dedicatednet.com 198.0.2.1
-
ns03.dedicatednet.com 198.0.2.2
-
ns04.dedicatednet.com 198.0.2.3
Then, create an A record indicating the subdomain prefix (e.g., ns01) in the "name" field and enter the corresponding IP address as the "answer". Repeat this step for each Dedicated DNS nameserver.
Within your domain registrar, create the glue records for the Dedicated DNS domain you registered in step one, associating each nameserver with its anycast address. Refer to your registrar's documentation for specific instructions.
Within your domain registrar, delegate the Dedicated DNS domain you registered in step 1 to the NS1 Managed DNS and Dedicated DNS nameservers. Once complete, there should be a total of eight nameservers associated with the domain at the registrar.
Warning
Sometimes, delegation to the registrar can take more than two hours. Delays as long as 24 hours have been reported, but are uncommon.
Test the Dedicated DNS domain configuration to ensure the new nameservers are answering queries as expected.
After verifying the configuration, you can begin publishing your existing zones to the Dedicated DNS network.
Note
NS1 recommends starting with your lowest traffic domains and testing the configuration before updating your higher traffic domains.
To do this, edit the zone settings, enabling the Dedicated DNS network option under "Networks." Feel free to contact NS1 customer support for assistance.
Warning
After publishing the zone to the Dedicated DNS network via the NS1 platform, you must also update the domain configuration at the registrar to include the new nameservers.
Warning
If a zone is sub-delegated from a different provider, you must add the new NS records to the existing sub-delegation at the DNS provider for the parent zone.