Internet Performance Delivered right to your inbox

Secondary DNS, Advanced Features & Why To Love Management Zones

Having a secondary DNS provider is awesome as it adds redundancy in that pivotal component of your Internet infrastructure. One of the major downsides, however, can be the limitation of advanced features. Because we have only a slave version of the zonefile, we can’t make changes. No changes means no awesome advanced features. Bummer.

But what if there was a way? That’s impossible….or is it?

The Problem

Let’s say you had a primary and a secondary DNS provider, but wanted to add Traffic Management to a hostname. You could easily do that on your primary DNS provider, but when the transfer goes out to the secondary provider, all the proprietary load balancing goodness disappears. No more monitoring, weighting, serve counts, etc —  just plain jane records.

You could convert the secondary to another primary zone to run dual primary, but now you need to keep two zones in sync and pay for advanced features from both providers. This is costly and requires major integration work.

The Solution

If you were to create a new management zone, you can add a CNAME record from the redundant zone out to a second zone containing the advanced features. Because there is just a CNAME on the hostname, you don’t have the issue with losing the complex functionality of Traffic Management when the primary sends the update to the secondary.

Here is a breakdown of how it could look:

  1. Create a new zone, purely for management such at “”.
  2. Create a node off the new zone so you can add the CNAMEs, like “”
  3. Create the service & configure as you would normally.
  4. Finally, CNAME from the location where you want the service to operate. –CNAME–>”

Traffic will now be diverted from there to the Traffic Management service and finally to the endpoint located in the service. You won’t be fully redundant because you are having both providers point to a central management zone, but it does allow for two networks to hand out your zone. Also, there will be a second lookup due to the CNAME. In response, that CNAME can have a large TTL to provide some caching.

Share Now

Matt Torrisi
Whois: Matt Torrisi

Matt Torrisi is a Senior Solutions Engineer at Oracle Dyn Global Business Unit, a pioneer in managed DNS and a leader in cloud-based infrastructure that connects users with digital content and experiences across a global internet.

To current Dyn Customers and visitors considering our Dynamic DNS product: Oracle acquired Dyn and its subsidiaries in November 2016. After June 29th, 2020, visitors to will be redirected here where you can still access your current Dyn service and purchase or start a trial of Dynamic DNS. Support for your service will continue to be available at its current site here. Sincerely, Oracle Dyn