Many people are familiar with secondary DNS configurations, but are amazed to learn of strange things such as hidden master (or hidden secondary) which is related to the primary-secondary DNS relationship.
Here are the different configurations and what they are commonly used for.
Primary is the configuration we all know and love. Your DNS records are hosted somewhere and are directly managed through that service. An example of this: Dyn Managed DNS. If you manage your zone with Dyn, you also get access to advanced services such as Traffic Management or Active Failover.
The nameservers for this network will exist in the delegation, allowing traffic to flow to the service.
Secondary DNS is when you want to add another DNS provider into your delegation to both allow for some redundancy and keep them automatically in sync. This is done by setting up the secondary provider to slave off the master and as you make updates on your primary, it sends a notification to the secondary that there has been a change.
The secondary then requests the changes, thereby staying in sync. You will then put the secondary nameservers in your delegation and voila! This works great if you have vanilla DNS, as well as active failover but if you are trying to keep two services with traffic management in sync, and keeping the regional qualities, you may need to think about this next option.
If you need to keep two zones in sync without notifies (such as when you need Traffic Management on both your DNS providers), you can utilize our API to make changes. You would then make the same changes on your other provider.
This requires much more work as you will need to integrate with both APIs for all zone management, but you will also get the capability of our traffic management suite. Technically you could also do this manually, but likely that would be even more work and if you forget, your two zones would be out of sync.
Alright, everything so far has been visible in the delegation. The following are known as hidden configurations, and have the stealth of a DNS ninja!
Hidden Master or Hidden Primary
I’ve heard it either way and both get the point across. Hidden Master occurs most often when you have something making many automated changes (like through an IPAM) but would like access to a more resilient network for query resolution.
To do this, it is easiest to treat your “real” DNS network(s) as secondary, so they get notifies and pull updates to stay current. The part that makes this hidden, is that only the slave networks are in the delegation so your primary does not receive external query traffic.
Hidden Secondary is when you just want an up-to-date version of the zone for backup. The secondary receives changes, but you don’t add it to the delegation. This means it could be on a desktop in your basement and not actually affect your network performance. Sure, you can usually export your zone from your managed DNS provider, but this allows you the freedom of having a current zone in the event of emergency.
Whatever your ideal configuration, Dyn Managed DNS has you covered.