You probably came to this article because you want to improve your DNS’s reliability, and you heard about Secondary DNS. Yes, Secondary DNS definitely useful to provide redundancy, and peace of mind, especially in this world, constantly full of DDoS attacks and other DNS problems.
Secondary DNS explained?
Secondary DNS, also known as Slave DNS or Backup DNS, is a service that provides a network of DNS servers that are secondary to the Primary DNS server. They can automatically copy the Primary DNS zone file and provide more points in the world where your DNS records are available even in case of downtime with your Primary DNS.
Your DNS is managed inside the Primary DNS. There you can add, remove or edit DNS records. The Secondary DNS could be a service that the same DNS provider offers, or it could be with another DNS provider. Even multiple Secondary providers, if you really want to back up that Primary DNS.
There is a mechanism for copying the zone data, usually through an API.
That way, the Secondary DNS receives the changes that happen in the Primary DNS.
Why should you consider a Secondary DNS service?
- The main point why you would like a Secondary DNS service is redundancy. If, or most likely when your Primary DNS goes down, your Secondary DNS will continue to answer queries. No problems! It will reduce the risk of downtime significantly. Your customers will be able to reach your site or use your app undisturbed.
- Lower the weight of your Primary DNS. You can use the Secondary to reduce the stress on the Primary. It can load balance and answer queries, too, so not all queries must be answers straight from the Primary DNS. It will reduce the stress and lower the chance of single-point failure.
- Hide the Primary DNS. You can also completely hide the Primary and make it look like your Secondary DNS is your primary. This way, the most valuable for you server will be hidden from the eyes of your attackers. You can bullet-prove your Primary DNS with a firewall too.
- Have a backup. If something bad happens to your Primary DNS, you still will have a complete backup of the zone file. All your DNS records will be available, and you can save them and later use them again for the Primary. It is not often that you lose all your data from the Primary, but it is nice to be relaxed knowing you have a complete backup.
- It is easy to use. You won’t need to tweak many settings. Just find the mechanism for the zone transfer, probably through an API, and set it up. It usually takes very little time, and little to no knowledge is needed to connect the Secondary.
- Easy migration. If you are going from one DNS provider to another, the Secondary DNS could be a good first step. You can see how well the new provider’s service works and how to use their control panel. When your DNS records are there already, it will be an easy step to go to any of their other plans.
The Secondary DNS is an easy way of backing up your Primary DNS and provide redundancy. It is easy to set up and deploy. It has one big flaw. It can’t work with DNSSEC. If the fast and easy way it works attracts you more than the problem, go for it. If no, don’t worry. There are other methods to provide excellent DNS, like Anycast or GeoDNS loading balance.