I pointed my domain nameservers (in the regristrar) to a DNS provider (Cloudflare). Then I created two NS records pointing to my hoster nameserver. Registrar -> DNS provider -> hoster. But it doesn't work. I want to use an intermediary to be able to change hoster fast. Besides, I tried to add these values to my registrar. (names are examples) ns1.hoster.com ns2.hoster.com ns1.cloudflare.com ns2.cloudflare.com That is, I want to use cloudflare as a NS backup. But intodns.com says the configuration is not good.
1 Answers
That is simply not how it works. Your authoritative DNS servers must contain the appropriate information which includes themselves as your DNS servers.
You also can not decide that a DNS server will be a backup DNS just like that, especially if you're not the administrator of that server. Configuring a DNS slave requires configuration on both the master and slave and most hosts won't allow any special requests that their automated system is not set to accommodate.
The best way to allow easy and fast change of host is to configure your DNS zone on Cloudflare to reflect the host's values for email (MX) and hosting (A and/or AAAA) with a short TTL. The short TTL is what will allow you to quickly change hosts.
Note that the TTL is not an absolute law and some DNS servers around the world may not want to respect a TTL that may cause their server an undue load, but many will respect a TTL of 30 minutes or more.
- 1,000
- 6
- 8
-
Solved! Thank you. So, what's the use of NS records on Cloudflare? – John Doe May 13 '16 at 10:42
-
Name servers are managed in an hierarchical fashion and the top level servers won't accept the record if they don't pass their basic validations. Once those are populated, all nameservers looking for information on your domain will query the NS servers listed in the zone info they got. It is actually a bit more complicated as the demand generated at certain big name servers is so high that they impose the need for partnerships to even out the load required, but that part is fairly transparent to smaller name server administrators that simply rely on their own providers. – Julie Pelletier May 13 '16 at 13:42
-
@Julie Not all of them perform that validation, but more problematic is the fact that re-validation practically never occurs. This means that they can be changed afterwards. (not that they should...) – Andrew B May 13 '16 at 17:27
-
1@Gemma NS records below the domain apex are referrals. NS records at the apex provide the authoritative definition for the domain. Referrals (the NS records present on the servers delegating authority to you) are followed, but not considered authoritative. That is because authority for those records is owned by the server being delegated to. The result is very confusing: [initially nameservers will follow the referral, but when the referral expires the apex records will be used.](http://serverfault.com/q/588244/152073) Simplified: Both sets of NS records should agree or things get confusing. – Andrew B May 13 '16 at 17:30
-
Side-note, I just gave the linked Q&A a massive overhaul. This is the second time I've had to link to it this week and it needed to provide a better introduction to these concepts. – Andrew B May 13 '16 at 18:11