Set Up a Secondary Zone

This tutorial explains how to set up a secondary DNS zone in IONOS Cloud by running a bind9 server on an Ubuntu operating system. The setup includes the following configuration steps:

Set up a Dedicated Core server in IONOS Cloud.
Configure a primary nameserver on a Dedicated Core Server in IONOS Cloud running a bind9 server on an Ubuntu operating system.
Create a secondary DNS zone using IONOS Cloud DNS API.
Establish and verify the zone transfer between primary and secondary zones.

Set up a Dedicated Core Server in IONOS Cloud

Note:

The user who creates the server has full root or administrator access rights. A server, once provisioned, retains all its settings (resources, drive allocation, password, and so on), even after server restart at the operating system level.
The server will only be removed from your virtual data center once you delete it in the DCD.

To set up a Dedicated Core server in IONOS Cloud, follow these steps:

1. Create a Dedicated Core server and configure the server in the Settings tab by following the steps in Create a Dedicated Core Server.

2. Configure the server Network settings by following the steps in the Dedicated Core Server network settings.

3. Configure the server Storage settings by following the steps in the Dedicated Core Server storage settings.

4. Continue to provision the changes and start the Dedicated Core Server by following the steps in the Provision changes and starting the Dedicated Core Server.

Result: A Dedicated Core Server is set up and started along with the configuration of Settings, Network, and Storage setup.

Dedicated Core Server network settings

In the DCD > Inspector pane on the right, configure the following network details in the Network tab.

1. Name: Choose a name unique to this Virtual Data Center (VDC).

2. MAC: Assigned on VM creation.

3. LAN: Select the LAN connection that is connected to the internet, by default LAN 1.

4. Firewall: By default, the firewall is disabled. To enable firewall rules, make sure that incoming and outgoing traffic is allowed on port 53 for UDP and TCP.

5. IPv4 Configuration: Leave to default values.

Result: The Network settings for a Dedicated Core server are configured.

Dedicated Core Server storage settings

Warning: The storage type cannot be changed after provisioning.

In the DCD > Inspector pane on the right, configure the following storage details in the Storage tab.

1. Click SSD and a new pop-up window Create New Attached Storage appears.

2. Configure the following storage details:

Name: Enter a name that is unique within your VDC.
Availability Zone: Leave on "Auto".
Size in GB: Enter "30" which is sufficient for this tutorial.
Performance Select "Standard".
Image: You can select one of IONOS images or snapshots, or use your own. For this tutorial, we will use an Ubuntu server image from IONOS. To make the same choice, select ubuntu-22.04-server-cloudimg-amd64 under IONOS Images.
Password: Create a password for the "root" user of the server. You will need this password to SSH and make changes.
SSH Keys: Select an SSH key stored in the SSH Key Manager.
Ad-hoc SSH Key: If you have not created an SSH key, copy and paste the public part of your SSH key into this field.
Cloud-Init user data: Leave on "No configuration".
Boot from Device: Select this checkbox to make the SSD drive bootable.

3. Click Create SSD Storage to create the SSD storage.

Result: The Storage settings for a Dedicated Core server are configured.

Provision changes and start the Dedicated Core Server

1. Select the newly created Dedicated Core server.

2. From the Settings tab in the Inspector pane, select Power > Start.

3. Click Provision Changes in the lower right corner and further click Provision Now.

Result: The Dedicated Core server is provisioned and started.

Next steps: After your changes are provisioned and the server is started, select your Dedicated Core server, click the Network tab in the Inspector pane and copy the IPv4 address.

Configure a Dedicated Core Server as a primary nameserver

Prerequisite: A Dedicated Core server in IONOS Cloud needs to be set up and you must have the IPv4 address of the server.

To configure a Dedicated Core server and enable it to act as the primary nameserver, follow these steps:

1. SSH into the newly created Dedicated Core server.

ssh root@<IP-ADDRESS>

2. Connect to the newly created server via SSH.

root@ubuntu:~# sudo -i
root@ubuntu:~# apt update -y
[...]
root@ubuntu:~# apt install -y bind9 bind9utils
[...]

3. Proceed with configuring bind9 and your primary DNS zone.

root@ubuntu:~# vi /etc/bind/named.conf.local

4. Configure notify to the IONOS Cloud DNS anycast nameserver and allow zone update from localhost.

Note: For sending DNS notify messages, Cloud DNS uses the following Anycast addresses: IPv4 212.227.123.25 or IPv6 2001:8d8:fe:53::5cd:25.

logging {
  category xfer-out { default_syslog; };
  category xfer-in { default_syslog; };
  category notify { default_syslog; };
  category lame-servers { default_syslog; };
  category general { default_syslog; };
  category default { default_syslog; };
};


zone "primary-zone.de" IN {
  type master;
  file "/var/cache/bind/primary-zone.de.db";
  notify explicit;
  also-notify  { 212.227.123.25; };
  allow-update { 127.0.0.1; };
};

5. Create your primary zone.

root@ubuntu:~# vi /var/cache/bind/primary-zone.de.db

6. Edit the zone file.

; Zone: primary-zone.de
; Exported: Mon Aug 17 22:36:11 UTC 2023
 
$ORIGIN primary-zone.de.
$TTL 3600
 
@   3600    IN  SOA primary-zone.de. hostmaster.primary-zone.de. (
                    2017060104  ; serial
                    28800       ; refresh
                    7200        ; retry
                    604800      ; expire
                    600 )       ; minimum
@   3600    IN  NS  ns.ui-global-dns.com.
@   3600    IN  NS  ns.ui-global-dns.de.
@   3600    IN  NS  ns.ui-global-dns.org.
@   3600    IN  NS  ns.ui-global-dns.biz.
www 60    IN  A   127.0.0.1
www 60    IN  AAAA    ::1

7. Save your changes and quit the Vim editor.

8. Check the configuration, reload bind, and verify that the configured zone is working.

root@ubuntu:~# named-checkconf
root@ubuntu:~# systemctl reload named
root@ubuntu:~# dig +short primary-zone.de

Result: The Dedicated Core server is configured as the primary nameserver in IONOS Cloud running a bind9 server on an Ubuntu operating system.

Create a secondary zone in IONOS Cloud DNS

Prerequisite: A Dedicated Core server in IONOS Cloud is set up as a primary nameserver.

To create a secondary zone in the IONOS Cloud DNS by using the REST API, follow this step:

Send a POST request to the /secondaryzones endpoint.

curl --location 'https://dns.de-fra.ionos.com/secondaryzones' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO' \
--data '{
    "properties": {
        "zoneName": "primary-zone.de",
        "description": "This is a secondary zone for primary-zone.de in IONOS Cloud DNS",
        "primaryIps": [
            "<IP-ADDRESS>"
        ]
    }
}'

Response

{
    "id": "bdae7da0-0363-49d7-929d-92992786efe1",
    "type": "secondaryzone",
    "href": "/secondaryzones/bdae7da0-0363-49d7-929d-92992786efe1",
    "metadata": {
        "createdDate": "2023-08-06T19:36:58+00:00",
        "lastModifiedDate": "2023-08-06T19:36:59+00:00",
        "nameservers": [
            "nscs-ic.ui-dns.com",
            "nscs-ic.ui-dns.de",
            "nscs-ic.ui-dns.org",
            "nscs-ic.ui-dns.biz"
        ],
        "state": "AVAILABLE"
    },
    "properties": {
        "description": "This is a secondary zone for test-dns-public.info in IONOS Cloud DNS",
        "primaryIps": [
            "<IP-ADDRESS>"
        ],
        "zoneName": "test-dns-public.info"
    }
}

Result: A secondary zone in IONOS Cloud DNS is successfully created By using a POST request.

Verify zone transfer

On the primary nameserver, you can verify the zone transfer in the logs by executing the following command:

root@ubuntu:~# journalctl --unit named --follow
Aug 07 14:43:39 ubuntu named[2666]: client @0x7f467825b958 212.227.123.26#33308 (primary-zone.de): transfer of 'primary-zone.de/IN': AXFR started (serial 2017060104)
Aug 07 14:43:39 ubuntu named[2666]: client @0x7f467825b958 212.227.123.26#33308 (primary-zone.de): transfer of 'primary-zone.de/IN': AXFR ended: 1 messages, 8 records, 299 bytes, 0.001 secs (299000 bytes/sec) (serial 2017060104)

You can also verify zone transfer status using IONOS Cloud DNS API:

curl --location 'https://dns.de-fra.ionos.com/secondaryzones/bdae7da0-0363-49d7-929d-92992786efe1/axfr' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO'

Response

On success response: 200 OK

{
    "items": [
        {
            "errorMessage": "",
            "primaryIp": "<IP-ADDRESS>",
            "status": "OK"
        }
    ],
    "type": "collection"
}

Result: The zone transfer between primary and secondary zones is successfully verified.

Add a record

To add a record, follow these steps:

1. On the primary nameserver, update the zone with a new record setting—A record to a TEST-NET-3 IP address:

root@ubuntu:~# dig +short www. primary-zone.de @ns.ui-global-dns.com
217.160.0.148
root@ubuntu:~# nsupdate
> server 127.0.0.1
> zone primary-zone.de
> update add www2.primary-zone.de. 600 IN A 203.0.113.1
> send
> quit

2. Resolve the new record locally.

root@ubuntu:~# dig +short www2.primary-zone.de @127.0.0.1
203.0.113.1

3. View the logs which show that a notification is sent to the secondary zone for the new record.

Aug 07 16:00:22 ubuntu named[2666]: client @0x7f467000d0a8 127.0.0.1#34056: updating zone 'primary-zone.de/IN': adding an RR at 'www2.primary-zone.de' A 203.0.113.1
Aug 07 16:00:22 ubuntu named[2666]: zone primary-zone.de/IN: sending notifies (serial 2017060105)

4. Using Cloud DNS API, verify that the newly added record is transferred to the secondary zone.

curl --location 'https://dns.de-fra.ionos.com/secondaryzones/bdae7da0-0363-49d7-929d-92992786efe1/records' \
--header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJraWQiO'

{
    "id": "bdae7da0-0363-49d7-929d-92992786efe1",
    "type": "collection",
    "href": "/secondaryzones/bdae7da0-0363-49d7-929d-92992786efe1/records?limit=100&offset=0",
    "metadata": {
        "primaryIps": [
            "<IP-ADDRESS>"
        ]
    },
    "items": [
        {
            "type": "record",
            "metadata": {
                "fqdn": "primary-zone.de",
                "zoneId": "bdae7da0-0363-49d7-929d-92992786efe1",
                "rootName": "primary-zone.de"
            },
            "properties": {
                "content": "primary-zone.de hostmaster.primary-zone.de 2017060105 28800 7200 604800 600",
                "enabled": true,
                "name": "",
                "priority": 0,
                "ttl": 3600,
                "type": "SOA"
            }
        },
        {
            "type": "record",
            "metadata": {
                "fqdn": "primary-zone.de",
                "zoneId": "bdae7da0-0363-49d7-929d-92992786efe1",
                "rootName": "primary-zone.de"
            },
            "properties": {
                "content": "ns.ui-global-dns.de",
                "enabled": true,
                "name": "",
                "priority": 0,
                "ttl": 3600,
                "type": "NS"
            }
        },
        {
            "type": "record",
            "metadata": {
                "fqdn": "primary-zone.de",
                "zoneId": "bdae7da0-0363-49d7-929d-92992786efe1",
                "rootName": "primary-zone.de"
            },
            "properties": {
                "content": "ns.ui-global-dns.biz",
                "enabled": true,
                "name": "",
                "priority": 0,
                "ttl": 3600,
                "type": "NS"
            }
        },
        {
            "type": "record",
            "metadata": {
                "fqdn": "primary-zone.de",
                "zoneId": "bdae7da0-0363-49d7-929d-92992786efe1",
                "rootName": "primary-zone.de"
            },
            "properties": {
                "content": "ns.ui-global-dns.com",
                "enabled": true,
                "name": "",
                "priority": 0,
                "ttl": 3600,
                "type": "NS"
            }
        },
        {
            "type": "record",
            "metadata": {
                "fqdn": "primary-zone.de",
                "zoneId": "bdae7da0-0363-49d7-929d-92992786efe1",
                "rootName": "primary-zone.de"
            },
            "properties": {
                "content": "ns.ui-global-dns.org",
                "enabled": true,
                "name": "",
                "priority": 0,
                "ttl": 3600,
                "type": "NS"
            }
        },
        {
            "type": "record",
            "metadata": {
                "fqdn": "www.primary-zone.de",
                "zoneId": "bdae7da0-0363-49d7-929d-92992786efe1",
                "rootName": "primary-zone.de"
            },
            "properties": {
                "content": "127.0.0.1",
                "enabled": true,
                "name": "www",
                "priority": 0,
                "ttl": 3600,
                "type": "A"
            }
        },
        {
            "type": "record",
            "metadata": {
                "fqdn": "www.primary-zone.de",
                "zoneId": "bdae7da0-0363-49d7-929d-92992786efe1",
                "rootName": "primary-zone.de"
            },
            "properties": {
                "content": "0:0:0:0:0:0:0:1",
                "enabled": true,
                "name": "www",
                "priority": 0,
                "ttl": 3600,
                "type": "AAAA"
            }
        },
        {
            "type": "record",
            "metadata": {
                "fqdn": "www2.primary-zone.de",
                "zoneId": "bdae7da0-0363-49d7-929d-92992786efe1",
                "rootName": "primary-zone.de"
            },
            "properties": {
                "content": "203.0.113.1",
                "enabled": true,
                "name": "www2",
                "priority": 0,
                "ttl": 3600,
                "type": "A"
            }
        }
    ],
    "offset": 0,
    "limit": 100,
    "_links": {
        "self": "/secondaryzones/bdae7da0-0363-49d7-929d-92992786efe1/records?limit=100&offset=0",
        "next": "/secondaryzones/bdae7da0-0363-49d7-929d-92992786efe1/records?limit=100&offset=100"
    }
}

5. Globally resolve a new record from the IONOS Cloud DNS anycast network by using the following command:

root@ubuntu:~# dig +short www2.primary-zone.de @ns.ui-global-dns.com.

Result: A record is successfully added to the primary nameserver.

PreviousExternalDNS for Managed Kubernetes NextLogging Service

Last updated 1 year ago