What is secondary DNS?
In a traditional sense, secondary DNS servers act as a backup to the primary authoritative DNS server. When a change is made to the records on the primary server, a zone transfer occurs, synchronizing the secondary DNS servers with the primary server. The secondary servers can then serve the records as if they were the primary server, however changes can only be made by the primary server, not the secondary servers. This creates redundancy across many different servers that can be distributed as necessary.
There are many common ways to take advantage of Secondary DNS, some of which are:
- Secondary DNS as passive backup - The secondary DNS server sits idle until the primary server goes down, at which point a failover can occur and the secondary can start serving records.
- Secondary DNS as active backup - The secondary DNS server works alongside the primary server to serve records.
- Secondary DNS with a hidden primary - The nameserver records at the registrar point towards the secondary servers only, essentially treating them as the primary nameservers.
What is secondary DNS Override?
Secondary DNS Override builds on the Secondary DNS with a hidden primary model by allowing our customers to not only serve records as they tell us to, but also enable them to proxy any A/AAAA/CNAME records through Cloudflare’s network. This is similar to how Cloudflare as a primary DNS provider currently works.
Consider the following example:
example.com Cloudflare IP - 192.0.2.0
example.com origin IP - 203.0.113.0
In order to take advantage of Cloudflare’s security and performance services, we need to make sure that the origin IP stays hidden from the Internet.
Figure 1: Secondary DNS without a hidden primary nameserver
#dns #product news #proxying #cname #cloud
