Gandi’s Secondary Nameserver¶
If you have your own primary nameserver, but you need a secondary DNS, Gandi can provide this service to you, with no extra charge if the domain is registered with us.
Gandi’s secondary DNS is ns6.gandi.net. Its IP is 126.96.36.199. Our secondary server supports pre-signed DNSSEC zones.
Our secondary nameserver can be useful if you only have one nameserver, but need another, and don’t have the resources or time to set up your own.
How to add¶
On the Nameserver page in your domain’s admin, enter the following in one of the blank fields:
How it works¶
ns6.gandi.net copies the zone file from the primary DNS whenever it detects that a change has been made in the primary DNS. Therefore, you must first have the possibility of including ns6.gandi.net in the zone, as it will be requesting zone transfers from the primary nameserver.
In order for this process to work, and to use our secondary server, do the following:
- The administrator of the primary nameserver must authorize the AxFr requests from ns6.gandi.net.
- The administrator of the primary nameserver must increment the serial number of the SOA.
We try to resolve the name of the name of the first nameserver of the domain listed on Gandi’s interface. If it’s a glue record, then we don’t try to resolve it, but rather, we get the IP address from our database instead.
To find the serial number type the command:
dig SOA @ns6.gandi.net example.com
And you will see a line like this:
;; ANSWER SECTION: net4france.com. 604800 IN SOA s1.net4france.com. kermit.s1.net4france.com. 2019012319 86400 21600 604800 60
In this line, the SOA is :“2019012319”, which can be compared to the primary nameserver:
dig SOA @server1.webhost.com example.com
For extensions like .de that perform a zonecheck, you will not be able to use our secondary nameserver if you have not correctly authorized the zone transfer to it as described above. Also, due to the provisioning delay, please allow for at least 30 minutes to an hour for the operation to be attempted before checking on your interface to see if it was updated (and therefore, accepted by the registry)