Specifying lower priority backup IP for a nameserver

Question

Let's assume that I use EasyDNS as a DNS service provider.

There I have an A-record entry for ns-at-premises.example.com pointing to the IP address 192.0.2.123, where a DNS server is located, at my premises, listening on port 53.

There's also a CNAME-record entry for ns.example.com with the value of ns-at-premises.example.com (I read somewhere that NS-Records should get CNAMEd).

example.com has an A-record of 192.0.2.234, a VPS hosted on AWS and www.example.com has a CNAME of example.com, but that is irrelevant.

There is a subdomain dynamic.example.com which has a NS-Record of ns.example.com, which will send any request for *.dynamic.example.com or dynamic.example.com to be resolved at 192.0.2.123, where * can be anyting.

--

What I now want to do is add a backup nameserver in case 192.0.2.123 goes down. This means that a port-53 server at 192.0.2.124 should get queried in case 192.0.2.123 is not reachable.

I would add an A-Record for ns-backup.example.com pointing to 192.0.2.124, and a CNAME for ns2.example.com with the value of ns-backup.example.com

--

The question is, how can I now tell EasyDNS that dynamic.example.com should query or redirect to ns2.example.com when ns.example.com is not reachable?

I read that just adding a second NS-Record with the value of ns2.example.com to dynamic.example.com would result in clients using ns.example.com and ns2.example.com for lookups in a Round-Robin fashion, but what I actually want is that ns2.example.com only gets queried if ns.example.com is down.

So I am actually looking for a way to add weights to the nameservers, like MX-Records are able to provide.

Is this possible? Or must I settle with the idea that none of those two nameservers will be a primary and deal with them as loadbalanced non-prioritized servers?

Answer 1

The DNS protocol does not provide a mechanism to designate primary and backup name servers.

You can set up multiple name servers that are authoritative but each of them is expected to respond (and usually to return identical responses to identical queries) and all of them will be queried.

Answer 2

You don't need to be fixed with ns1.example.com and ns2.example.com. You just need to have valid record for NS so even directly ns-at-premises.example.com can be set up as name server and no ns1.example.com cname is needed to be set up.

As has been already mentioned here there is not available use case you are asking about... What you can do is set up master on ns1 which would notify the changes to ns2 which would pull the changes to local cache so "standard" master/slave configuration.

At that moment you can have both DNS resolving the same response so at the end you don't need to care which DNS server has provide the answer. Even ns1 would be temporarily unavailable the ns2 would have still valid cached information for the time of ns1's outage.

What may be also the case is to have "hidden" nameserver at premisses which would not be even propagated to the DNS. There could be just handled the changes and act as master. Other DNS server which would be located in DC (for example) can be announced in DNS as NS for the domain. Any changes done during at-premises online status could be directly propagated to (pulled into) publicly known NS server. In case of outage the changes will be propagated with next successful check once ns1 is up.

There is nowhere required that "real master" where the zone records are handled have to be all the time publicly available. It has to be available enough to not expire the zones cached on the slaves. For DNS functionality all NS listed in the domain definition (mainly upper NS - for example.com it is NS for .com) can be even all slaves as for resolving purpose there is no difference. The role of master/slave is just for zone maintenance purpose (where it is handled).