For every domain name (referred to as a ‘zone’ in DNS jargon) on the internet there needs to be a series of DNS servers known as a primary/master and secondaries/slaves. The job of these DNS servers are to provide answers to the location on the internet where the zone’s servers will be found in the form of an IP address. These DNS servers are referred to as the ‘authoritative’ name servers as they are given the authority to be the absolute answer to the questions such as “Where is domain.com’s website hosted?”
It is recommended to have a total of 4 or 5 DNS servers to be answering ‘authoritatively’ for a zone. Internet standards (RFC’s) require a minimum of 2 authoritative DNS servers for a zone and that these two DNS servers be located apart from each other. However, much of the internet ignores this requirement and has 2 authoritative DNS servers located at the same location. Mail-in-a-Box is also guilty of this.
Why do we care?
The problem with having DNS located with a single provider in a single location is that there is no redundancy in case of a problem. It becomes a single point of failure. If the server is down for any reason you will not be able to access your website, or receive email, or access any other services on your domain. This, of course, is not acceptable.
How do we solve the problem?
To solve the problem of there being a single point of failure we will use a secondary DNS provider. This will also work to eliminate the problem of creating a second NS glue record in the case of a domain registrar which requires 2 different IP addresses for the glue records.
What do we need?
It will be necessary to sign up for an account with a Secondary DNS Provider. There are free as well as paid providers. I am going to focus on free providers. The best known providers are Puck and BuddyNS. There are others such as GeekDns, Afraid.org, and ZoneEdit. For this guide I am going to use Puck as they are generally the simplest of the free providers as well as the fact that their focus is ONLY on Secondary DNS.
So, Let’s begin …
Enable Secondary DNS in Mail-in-a-Box
The very first step is to enable your Mail-in-a-Box server to use PUCK Free Secondary DNS Service.
To do this navigate to the ‘Custom DNS’ page in the admin area where you will add the necessary information.
Sign up for Secondary DNS service
After that is completed, go to https://puck.nether.net/dns/login to register an account. Click on the ‘Sign Me Up!’ link at the bottom of the page:
Once you open the next page, you will complete the form with your details as requested (sample shown):
After you click ‘Submit’ you will be shown the Domains page where you can select ‘Add a New Domain’:
On the next page you will need to enter your domain name and your Mail-in-a-Box server’s IP address:
Once you have completed this you will be taken back to the Domains page where the new domain will appear if you have been successful:
If you have other domains for which DNS is being handled by Mail-in-a-Box, you need to repeat the ‘Add a domain’ step for each one.
Activate Secondary DNS with your domain registrar
The final step in the process is to set up the name servers at your domain registrar. To use Secondary DNS you will need to enter different values than what the setup guide uses. When you first set up Mail-in-a-Box you would have set your name servers like this:
Now that you are using secondary DNS with Puck, you will need to change your NameServer 2 to reflect this change:
Now, with this complete, you are done! Congratulations, you now have Secondary DNS set up and working for your installation of Mail-in-a-Box. No longer do you have to fear a single point of failure for your domain.
11 thoughts on “Setting up Secondary DNS for Mail-in-a-Box”
Thanks for writing this, it was very helpful!
I set this up exactly as outlined, but I am seeing this error in the System Check now:
Secondary nameserver puck.nether.net is not configured to resolve this domain.
It have the domain setup and the IP address is correct. I also changed the NS2 info for the domain. Is there anything else that needs to be done?
Okay, it looks like it just took some time to refresh. All good now.
Thanks! I have been needing to know how to set this up. Your method works perfectly.
I am trying to add a new domain in Puck, but when I enter my domain and my Linode mail server’s IP address, I keep getting this error: Unable to axfr that domain from that IP.
The error message that you are receiving is indicative of not setting
puck.nether.netas the Secondary Nameserver in the Mail-in-a-Box admin area. Please insure that this is done.
I did that, but I’m still seeing the message…
I have a static template website on a different ip at the ‘base’ of the domain:
and the miab is running at mail.mahsite.com on a different IP.
I also have a few random entries in the external DNS.
I think I solved it… unless I’m doing something wrong… I entered mahdomain.com in Puck instead of mail.mahdomain.com.
That worked… for now 😉
Yes, you must list the actual TLD at Puck, not a sub-domain. Glad that it is working now!
I have several DNS records managed by MIAB.
My ‘root’ domain is something like mahdomain.com, where I have a static website on a different IP (configured by MIAB “Custom DNS”), I have mail.mahdomain.com, which is where MIAB is running on a different IP (configured by ns1.mail.mahdomain.com… I guess…). Finally I have a few other ‘subdomains’ configured within the “Custom DNS” of MIAB, such as random.mahdomain.com, and *.random2.mahdomain.com… I’m guessing I only need
mahdomain.com -> MIAB IP in the Puck config?
Sorry for being dumb!
Yes, that is correct. You need the base domain name, in this case mahdomain.com and the IP address of your MiaB server.