Step 1: Adding Dyn Managed DNS servers to your zone

For the Managed DNS activation process to work properly, the Dyn nameservers need to be listed with your current DNS servers. Add the appropriate NS records to your zone file:

Dyn Nameservers

Server IP Address
ns1.pXX.dynect.net 208.78.70.XX
ns2.pXX.dynect.net 204.13.250.XX
ns3.pXX.dynect.net 208.78.71.XX
ns4.pXX.dynect.net 204.13.251.XX

Where XX is a pool number (01-30), that the Managed DNS application will assign to you.

NOTE: Do not use the leading zero when replacing the XX in the IP address with your pool number (e.g., use ‘3’ instead of ’03’ in the IP address).

You will also need to configure your primary DNS server to:

  • Allow zone transfers from the Dyn Ingress servers (see the table below)
  • Send notifications of zone updates to the Dyn Ingress servers
  • Perform explicit DNS notifications
Secondary DNS Ingress Servers

Server IP Address xfrin1.dynect.net 208.78.68.65 xfrin2.dynect.net* 204.13.248.65

*Currently not active, please add into your DNS configuration for later use.

Configuration Example

This example assumes you are using BIND for your primary nameserver. Please note that IP addresses here are used for example purposes ONLY: you must use the IP addresses listed above for the appropriate nameservers.

Change your notification method to ‘explicit’ and enable the Dyn ingress servers to transfer zone data and receive change notifications, adding the following in named.conf:

zone "mydomain.com" { type master; file "db.mydomain.com"; notify explicit; allow-transfter { 1.2.3.4; 2.3.4.5; 208.78.68.65; 208.78.68.67; }; also-notify { 1.2.3.4; 2.3.4.5; 208.78.68.65; 204.13.248.65; }; };

IP addresses ‘1.2.3.4’ and ‘2.3.4.5’ represent the IP addresses of your current nameservers.

Add the Managed DNS nameservers to your zone. For the best performance you want to be sure to add all four of the Dyn servers to your zone file. Remember to substitute the real IPs of the Dyn nameservers (as provided to you) for the ones below.

In your zone file:

mydomain.com. IN NS 1.2.3.4 mydomain.com. IN NS 2.3.4.5 mydomain.com. IN NS 208.78.70.XX mydomain.com. IN NS 204.13.250.XX mydomain.com. IN NS 208.78.71.XX mydomain.com. IN NS 204.13.251.XX 

Where XX is a pool number (01-30), that the Managed DNS application will assign to you.

NOTE: Do not use the leading zero when replacing the XX in the IP address with your pool number (e.g., use ‘3’ instead of ’03’ in the IP address).

Step 2: Creating and activating your zone in Dyn

After those files have been updated, you can create and activate your Secondary DNS zone in your Dyn account.

Create Secondary DNS Zone
Activate Secondary DNS Zone

Once our system is able to transfer your zone’s DNS data to our servers, we will begin serving Secondary DNS for your zone. At that point, you should be able to change your zone delegation to include the Managed DNS nameservers.

Step 3: Delegating your zone

In order for Dyn to provide Secondary DNS for your zone, the Managed DNS nameservers need to be added to the list of DNS servers to which your domain is delegated. This is done by making a change to your zone’s Whois information with your registrar.

Some registrars check to make sure that the nameservers listed in the delegation are actually serving data for the zone, so it is important to complete the previous steps before trying to delegate your zone to Dyn. These are the same servers that you added to your zone file.

For best performance you want to be sure to add all four of the Managed DNS nameservers to your delegation. Remember to substitute the real IPs of the nameservers (as provided to you) for the ones below.

Secondary DNS Nameservers

Server IP Address
ns1.pXX.dynect.net 208.78.70.XX
ns2.pXX.dynect.net 204.13.250.XX
ns3.pXX.dynect.net 208.78.71.XX
ns4.pXX.dynect.net 204.13.251.XX

Where XX is a pool number (01-30), that the Managed DNS application will assign to you.

NOTE: Do not use the leading zero when replacing the XX in the IP address with your pool number (e.g., use ‘3’ instead of ’03’ in the IP address).

Troubleshooting

If you have activated our Secondary DNS service and properly delegated your zone to our servers, but our system shows the zone as ‘Disabled’, our nameservers are still not answering queries for the zone, or changes are not propagating to our servers, here are some things to check.

  • Have you configured your server to allow zone transfers from our servers?
    All Secondary zone data is transferred through our Ingress servers, xfrin1.dynect.net. and xfrin2.dynect.net. Check your nameserver’s logs to see if it is rejecting transfers from our server, as this is a sure sign of a problem.
  • Have you configured your server to send us notify messages?
    All Secondary data is transferred through our Ingress servers, xfrin1.dynect.net. and xfrin2.dynect.net. Check your nameserver’s logs to see if it is sending notify messages to our server whenever there is a change to your zone.
  • Is your firewall allowing TCP and UDP port 53 through to your server?
    Our server must be able to contact your server on port 53, both TCP and UDP, to be able to transfer your zone.
  • Have you incremented the serial number for your zone?
    The serial number (in the SOA record for the zone) is what tells our servers when you have made changes to the zone. It must be incremented with each change, or we will be unable to pick up the change.

Notifications

We will monitor your master server(s), and if for any reason we are unable to reach the servers for an update, we will send you a notification.

The contact nickname of the person to receive these notifications is an optional argument when creating or updating the Secondary zone using the API.

Create Secondary DNS Zone
Update Secondary DNS Zone

TSIG

The ability to upload a Transaction Signature (TSIG) key to sign transfer requests to your zone’s master DNS server. The TSIG Key Name is an optional argument when creating or updating the Secondary zone using the API.

Create Secondary DNS Zone
Update Secondary DNS Zone

Use the following commands to create and update TSIG keys using the API.

Create a TSIG Key
Update a TSIG Key