So apart from setting ns[2345].he.net as your DNS servers at your registrar and adding a slave at http://dns.he.net you need to do the following:
- Allow transfer AXFR to slave.dns.he.net. Server that pulls zones is slave.dns.he.net, not ns1.he.net.
- Remove ns1.he.net from allow transfer ACLs if it was there.
- Set the server to send NOTIFY’s to ns1.he.net. Yes, to ns1, not to slave.dns.he.net. slave.dns.he.net doesn’t listen for any DNS requests including NOTIFY’s.
BIND example
The NOTIFY part is a bit tricky, so here’s an example from my setup.
Creating an ACL for slave.dns.he.net
At the top level of named.conf:
acl he-slaves
{
216.218.133.2; // slave.dns.he.net IPv4
2001:470:600::2; // slave.dns.he.net IPv6
};
Basic zone setup
zone "example.org" in
{
type master;
allow-transfer
{
he-slaves;
};
file "data/example.org";
};
Notification setup
Add this to the zone:
notify explicit;
also-notify
{
216.218.130.2;
};
So the zone looks like:
zone "example.org" in
{
type master;
allow-transfer
{
he-slaves;
};
notify explicit;
also-notify
{
216.218.130.2; // ns1.he.net
};
file "data/example.org";
};
PowerDNS 4 example
execute this commands on PowerDNS machine
pdnsutil set-meta example.org ALLOW-AXFR-FROM AUTO-NS 216.218.133.2
pdnsutil set-meta example.org ALSO-NOTIFY 216.218.130.2
The result can be checked via:
pdnsutil get-meta example.org