Set Up a Secondary Zone
This tutorial explains how to set up a secondary zone in IONOS Cloud by running a BIND9 server on an Ubuntu operating system.
Target audience
This tutorial is intended to help both developers and technical decision-makers.
What will you learn
By the end of the tutorial, you will learn how to set up the following:
Set up a Dedicated Core server in IONOS Cloud.
Configure a primary nameserver on a Dedicated Core Server in IONOS Cloud running a BIND9 server on an Ubuntu operating system.
Create a secondary zone using IONOS Cloud DNS API.
Establish and verify the zone transfer between primary and secondary zones.
Procedure
Set up a Dedicated Core Server in IONOS Cloud
To set up a Dedicated Core server in IONOS Cloud, follow these steps:
1. Create a Dedicated Core server
Create a Dedicated Core server and configure the server in the Settings tab by following the steps in Create a Dedicated Core Server.
2. Dedicated Core Server network settings
In the DCD > Inspector pane on the right, configure the following network details in the Network tab.
1. Name: Choose a name unique to this Virtual Data Center (VDC).
2. MAC: Assigned on VM creation.
3. LAN: Select the LAN connection that is connected to the internet, by default LAN 1.
4. Firewall: By default, the firewall is disabled. To enable firewall rules, make sure that incoming and outgoing traffic is allowed on port 53 for UDP and TCP.
5. IPv4 Configuration: Leave to default values.
Expected result: The Network settings for a Dedicated Core server are configured.
3. Dedicated Core Server storage settings
Warning: The storage type cannot be changed after provisioning.
In the DCD > Inspector pane on the right, configure the following storage details in the Storage tab.
1. Click SSD and a new pop-up window Create New Attached Storage appears.
2. Configure the following storage details:
Name: Enter a name that is unique within your VDC.
Availability Zone: Leave on "Auto".
Size in GB: Enter "30" which is sufficient for this tutorial.
Performance: Select "Standard".
Image: You can select one of IONOS images or snapshots, or use your own. For this tutorial, select
ubuntu-24.04-server-cloudimg-amd64under IONOS Images.Password: Create a password for the "root" user of the server. You will need this password to SSH and make changes.
SSH Keys: Select an SSH key stored in the SSH Key Manager.
Ad-hoc SSH Key: If you have not created an SSH key, copy and paste the public part of your SSH key into this field.
Cloud-Init user data: Leave on "No configuration".
Boot from Device: Select this checkbox to make the SSD drive bootable.
3. Click Create SSD Storage to create the SSD storage.
Expected result: The Storage settings for a Dedicated Core server are configured.
4. Provision changes and start the Dedicated Core Server
1. Select the newly created Dedicated Core server.
2. From the Settings tab in the Inspector pane, select Power > Start.
3. Click Provision Changes in the lower right corner and then click Provision Now.
Expected result: The Dedicated Core server is provisioned and started.
Next steps: After your changes are provisioned and the server is started, select your Dedicated Core server, click the Network tab in the Inspector pane and copy the IPv4 address.
Expected result: A Dedicated Core Server is set up and started along with the configuration of Settings, Network, and Storage setup.
Configure a Dedicated Core Server as a primary nameserver
To configure a Dedicated Core server and enable it to act as the primary nameserver, follow these steps:
1. SSH into the newly created Dedicated Core server.
ssh root@<IP-ADDRESS>2. Connect to the newly created server via SSH.
sudo -i
apt update -y
[...]
apt install -y bind9 bind9utils
[...]3. Proceed with configuring bind9 and your primary zone.
vi /etc/bind/named.conf.local4. Configure notify to the IONOS Cloud DNS anycast nameserver and allow zone update from localhost.
logging {
category xfer-out { default_syslog; };
category xfer-in { default_syslog; };
category notify { default_syslog; };
category lame-servers { default_syslog; };
category general { default_syslog; };
category default { default_syslog; };
};
zone "primary-zone.de" IN {
type master;
file "/var/cache/bind/primary-zone.de.db";
notify explicit;
also-notify { 212.227.123.25; };
allow-update { 127.0.0.1; };
};5. Create your primary zone.
vi /var/cache/bind/primary-zone.de.db6. Edit the zone file.
; Zone: primary-zone.de
; Exported: Mon Aug 17 22:36:11 UTC 2023
$ORIGIN primary-zone.de.
$TTL 3600
@ 3600 IN SOA primary-zone.de. hostmaster.primary-zone.de. (
2017060104 ; serial
28800 ; refresh
7200 ; retry
604800 ; expire
600 ) ; minimum
@ 3600 IN NS ns.ui-global-dns.com.
@ 3600 IN NS ns.ui-global-dns.de.
@ 3600 IN NS ns.ui-global-dns.org.
@ 3600 IN NS ns.ui-global-dns.biz.
www 60 IN A 127.0.0.1
www 60 IN AAAA ::17. Save your changes and quit the Vim editor.
8. Check the configuration, reload bind, and verify that the configured primary zone is working.
named-checkconf
systemctl reload named
dig +short primary-zone.deExpected result: The Dedicated Core server is configured as the primary nameserver in IONOS Cloud running a bind9 server on an Ubuntu operating system.
Create a secondary zone in IONOS Cloud DNS
To create a secondary zone in the IONOS Cloud DNS by using the REST API, follow this step:
Send a POST request to the
/secondaryzonesendpoint.
curl --location 'https://dns.de-fra.ionos.com/secondaryzones' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO' \
--data '{
"properties": {
"zoneName": "primary-zone.de",
"description": "This is a secondary zone for primary-zone.de in IONOS Cloud DNS",
"primaryIps": [
"<IP-ADDRESS>"
]
}
}'{
"id": "bdae7da0-0363-49d7-929d-92992786efe1",
"type": "secondaryzone",
"href": "/secondaryzones/bdae7da0-0363-49d7-929d-92992786efe1",
"metadata": {
"createdDate": "2023-08-06T19:36:58+00:00",
"lastModifiedDate": "2023-08-06T19:36:59+00:00",
"nameservers": [
"nscs.ui-dns.com",
"nscs.ui-dns.de",
"nscs.ui-dns.org",
"nscs.ui-dns.biz"
],
"state": "AVAILABLE"
},
"properties": {
"description": "This is a secondary zone for test-dns-public.info in IONOS Cloud DNS",
"primaryIps": [
"<IP-ADDRESS>"
],
"zoneName": "test-dns-public.info"
}
}Expected result: A secondary zone in IONOS Cloud DNS is successfully created By using a POST request.
Verify zone transfer
On the primary nameserver, you can verify the zone transfer in the logs by executing the following command:
journalctl --unit named --follow
Aug 07 14:43:39 ubuntu named[2666]: client @0x7f467825b958 212.227.123.26#33308 (primary-zone.de): transfer of 'primary-zone.de/IN': AXFR started (serial 2017060104)
Aug 07 14:43:39 ubuntu named[2666]: client @0x7f467825b958 212.227.123.26#33308 (primary-zone.de): transfer of 'primary-zone.de/IN': AXFR ended: 1 messages, 8 records, 299 bytes, 0.001 secs (299000 bytes/sec) (serial 2017060104)
You can also verify zone transfer status using IONOS Cloud DNS API:
curl --location 'https://dns.de-fra.ionos.com/secondaryzones/bdae7da0-0363-49d7-929d-92992786efe1/axfr' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO'On success response: 200 OK
{
"items": [
{
"errorMessage": "",
"primaryIp": "<IP-ADDRESS>",
"status": "OK"
}
],
"type": "collection"
}Expected result: The zone transfer between primary and secondary zones is successfully verified.
Add a record
To add a record, follow these steps:
1. On the primary nameserver, update the zone with a new record setting—A record to a TEST-NET-3 IP address:
dig +short www. primary-zone.de @ns.ui-global-dns.com
217.160.0.148
nsupdate
> server 127.0.0.1
> zone primary-zone.de
> update add www2.primary-zone.de. 600 IN A 203.0.113.1
> send
> quit2. Resolve the new record locally.
dig +short www2.primary-zone.de @127.0.0.1
203.0.113.13. View the logs which show that a notification is sent to the secondary zone for the new record.
Aug 07 16:00:22 ubuntu named[2666]: client @0x7f467000d0a8 127.0.0.1#34056: updating zone 'primary-zone.de/IN': adding an RR at 'www2.primary-zone.de' A 203.0.113.1
Aug 07 16:00:22 ubuntu named[2666]: zone primary-zone.de/IN: sending notifies (serial 2017060105)4. Using Cloud DNS API, verify that the newly added record is transferred to the secondary zone.
curl --location 'https://dns.de-fra.ionos.com/secondaryzones/bdae7da0-0363-49d7-929d-92992786efe1/records' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO'{
"id": "bdae7da0-0363-49d7-929d-92992786efe1",
"type": "collection",
"href": "/secondaryzones/bdae7da0-0363-49d7-929d-92992786efe1/records?limit=100&offset=0",
"metadata": {
"primaryIps": [
"<IP-ADDRESS>"
]
},
"items": [
{
"type": "record",
"metadata": {
"fqdn": "primary-zone.de",
"zoneId": "bdae7da0-0363-49d7-929d-92992786efe1",
"rootName": "primary-zone.de"
},
"properties": {
"content": "primary-zone.de hostmaster.primary-zone.de 2017060105 28800 7200 604800 600",
"enabled": true,
"name": "",
"priority": 0,
"ttl": 3600,
"type": "SOA"
}
},
{
"type": "record",
"metadata": {
"fqdn": "primary-zone.de",
"zoneId": "bdae7da0-0363-49d7-929d-92992786efe1",
"rootName": "primary-zone.de"
},
"properties": {
"content": "ns.ui-global-dns.de",
"enabled": true,
"name": "",
"priority": 0,
"ttl": 3600,
"type": "NS"
}
},
{
"type": "record",
"metadata": {
"fqdn": "primary-zone.de",
"zoneId": "bdae7da0-0363-49d7-929d-92992786efe1",
"rootName": "primary-zone.de"
},
"properties": {
"content": "ns.ui-global-dns.biz",
"enabled": true,
"name": "",
"priority": 0,
"ttl": 3600,
"type": "NS"
}
},
{
"type": "record",
"metadata": {
"fqdn": "primary-zone.de",
"zoneId": "bdae7da0-0363-49d7-929d-92992786efe1",
"rootName": "primary-zone.de"
},
"properties": {
"content": "ns.ui-global-dns.com",
"enabled": true,
"name": "",
"priority": 0,
"ttl": 3600,
"type": "NS"
}
},
{
"type": "record",
"metadata": {
"fqdn": "primary-zone.de",
"zoneId": "bdae7da0-0363-49d7-929d-92992786efe1",
"rootName": "primary-zone.de"
},
"properties": {
"content": "ns.ui-global-dns.org",
"enabled": true,
"name": "",
"priority": 0,
"ttl": 3600,
"type": "NS"
}
},
{
"type": "record",
"metadata": {
"fqdn": "www.primary-zone.de",
"zoneId": "bdae7da0-0363-49d7-929d-92992786efe1",
"rootName": "primary-zone.de"
},
"properties": {
"content": "127.0.0.1",
"enabled": true,
"name": "www",
"priority": 0,
"ttl": 3600,
"type": "A"
}
},
{
"type": "record",
"metadata": {
"fqdn": "www.primary-zone.de",
"zoneId": "bdae7da0-0363-49d7-929d-92992786efe1",
"rootName": "primary-zone.de"
},
"properties": {
"content": "0:0:0:0:0:0:0:1",
"enabled": true,
"name": "www",
"priority": 0,
"ttl": 3600,
"type": "AAAA"
}
},
{
"type": "record",
"metadata": {
"fqdn": "www2.primary-zone.de",
"zoneId": "bdae7da0-0363-49d7-929d-92992786efe1",
"rootName": "primary-zone.de"
},
"properties": {
"content": "203.0.113.1",
"enabled": true,
"name": "www2",
"priority": 0,
"ttl": 3600,
"type": "A"
}
}
],
"offset": 0,
"limit": 100,
"_links": {
"self": "/secondaryzones/bdae7da0-0363-49d7-929d-92992786efe1/records?limit=100&offset=0",
"next": "/secondaryzones/bdae7da0-0363-49d7-929d-92992786efe1/records?limit=100&offset=100"
}
}5. Globally resolve a new record from the IONOS Cloud DNS anycast network by using the following command:
dig +short www2.primary-zone.de @ns.ui-global-dns.com.Final result
By following this tutorial, you have successfully set up a secondary DNS zone in IONOS Cloud using a BIND9 server on Ubuntu. You can now manage DNS records on your primary nameserver and ensure reliable zone transfers to the secondary zone.
Conclusion
In this tutorial, you learned how to set up a secondary DNS zone in IONOS Cloud with BIND9 on Ubuntu. By following the steps, you can efficiently manage DNS records and automate zone transfers between primary and secondary servers.
Last updated
Was this helpful?