0

I want to setup primary DNS as OCI DNS for a domain example.com. Want to setup it's secondary DNS in easyDNS.

I found a documentation here to setup secondary DNS with easyDNS: https://kb.easydns.com/knowledge/secondary-dns/

Here is an example with DNSMadeEasy as primary: https://kb.easydns.com/knowledge/secondary-dns-with-dns-made-easy-as-primary/

But in order to add the easyDNS nameserver to ACL in OCI, where should i make the changes in OCI console? I can't find any documentation of OCI regarding this.

How to setup primary DNS as OCI DNS and secondary DNS as EasyDNS?

It is necessary to add our nameserver to the ACL for your domain list, as well as ensuring that the IP is whitelisted on your firewall. This should be whitelisted for both UDP and TCP, in and out.

Can anyone please help me?

AnjanaAK
  • 125
  • 4

1 Answers1

2

This is not supported per OCI DNS FAQ:

What does Oracle Cloud Infrastructure DNS support for secondary DNS today?

Oracle Cloud Infrastructure DNS zones may be configured as Secondary zones today. External name servers are not currently supported for secondary DNS.

Also, as @HåkanLindqvist mentions in the comments, the API reference for UpdateZoneDetails only has externalMasters, but there are no attributes for external secondary servers. Therefore, it seems there is no way to allow zone transfers from OCI DNS. It seems you could use EasyDNS as the primary and OCI DNS as the secondary, if you need both.

As OCI alone already provides anycast DNS, it is quite redundant and protected by itself, already. You should think carefully whether you actually need two different DNS providers. Yes, it might add some redundancy, but it also adds some costs. Also, if something changes with either of the providers, it might break the zone transfers, making part of your name servers out-of-date or even completely malfunctioning. With big DNS infrastructures it is possible that the zone transfer is invoked from another IP address than any of the actual name servers listed. If only one provider is used, they are aware of that and their access lists are updated accordingly.

Esa Jokinen
  • 43,252
  • 2
  • 75
  • 122
  • +1 for the quote that directly answers the question. However, "it simply won't add anything but costs" is not really true, since anycast alone does not prevent all types of problems where multiple service providers could improve robustness. It may be "good enough for my purposes", but that is a tradeoff different from what is stated. – Håkan Lindqvist Dec 08 '20 at 14:10
  • @EsaJokinen But the same FAQ says that: " **Can I add a secondary DNS provider to my Oracle Cloud Infrastructure DNS service?** _Yes. Other vendor DNS solutions may be used as secondary DNS with the Oracle Cloud Infrastructure DNS as primary for higher service availability if required._ " – AnjanaAK Dec 08 '20 at 16:40
  • 1
    @AnjanaDyna That does sound like a thing, but I would have expected to see something related to that here https://docs.cloud.oracle.com/en-us/iaas/api/#/en/dns/20180115/datatypes/UpdateZoneDetails (where there is only stuff related to the opposite) – Håkan Lindqvist Dec 08 '20 at 18:20
  • @EsaJokinen Yes, I suppose I'm just wishing for a more nuanced perspective. The statement in the question comes across like ready-made tradeoffs presented as an objective truth (a simple one at that). – Håkan Lindqvist Dec 08 '20 at 19:00
  • 1
    Thanks, Håkan. I've now updated my answer. – Esa Jokinen Dec 09 '20 at 14:38