Managed DNS and DNSSEC

Last Update 10/11/2021


MasterDC customers can use our DNS and DNSSEC management service and DNS servers to manage their domain name system. After adding the service to Customer Administration, you can access DNS management via the web interface.

There are two DNS servers available in operation:

  • Primary DNS server for creating configuration and DNSSEC signatures: dns1.master.cz
  • Secondary DNS server for downloading configuration from dns1 and other customer servers: dns2.master.cz

IP Addresses for DNS Servers

  IPv4 IPv6
dns1.master.cz 81.31.37.68 2a01:430:100:4c::acdc
dns2.master.cz 80.79.16.4 2a01:430:200:1e:abba

NSSET NSSID:DNS-MASTER-CZ is set up for both servers.

You can also set up DNS management for both primary and secondary servers. Alternatively, you can choose administration only for the secondary server.

Primary and Secondary Server Administration

If you set up both primary and secondary server administration, we create a complete setup that synchronises to both our DNS servers. The individual DNS records (A, AAAA, MX, etc.) will then be transcribed from the customer’s information system, where you can keep track of them.

Secondary Server Administration

If you choose a secondary server only, you only specify the IP address of your primary server. From there, our secondary DNS server will download the zone settings. You will need to enable zone transfer on the primary server for the IP address of the secondary MasterDC server. You will then manage the actual DNS records yourself on your primary server.

DNSSEC Activation

DNSSEC is activated on the primary server, and zones are automatically signed there. However, this does not mean that DNSSEC is activated on the domain itself.

To activate DNSSEC, you need to insert DS records into the parent zone (.cz, .com, etc.). These DS records are visible in the domain details in Customer Administration. For example, they can look like this:

However, inserting these records into the parent zone needs to be resolved with the domain registrar – other information, e. g. DNSKEY is already inserted in the DNS from our side.

Tip: You can use various tools to check your DNSSEC settings – for example, https://dnssec-analyzer.verisignlabs.com/.

Any suggestions for improving the tutorial?

Let us know by sending a message