FAQs

 

Frequently asked questions are answered here:

  • Is it difficult or complicated to configure the anycast network?
  • How can I perform zone changes?
  • How can a zone transfer be initiated?
  • How can I activate RcodeZero Secondary DNS for a zone?
  • Are there any limitations in RcodeZero?
  • Where can I find the customer web interface?
  • Can I download statistics?
  • How can I check whether the DNSSEC serial is up to date?
  • When is a hidden master required?
  • How can I check if some zones cause problems?
  • How can I check the status of a certain zone within the RcodeZero network?
  • How long does it take until an updated zone is deployed on the anycast nodes?
  • Where can I find the REST docu and the workflow?

 

IS IT DIFFICULT OR COMPLICATED TO CONFIGURE THE ANYCAST NETWORK?

RcodeZero Anycast Secondary-DNS is an easy to use anycast name server network. The complexity of anycast and the distribution of DNS data are hidden from the customer. The customer has a single point for managing the DNS zones and the DNS zone transfer.

Once a zone is added via a RESTrequest or via the customer web interface, the control name server and all the anycast name servers behave authoritative for the respective zone. The control name server will request a zone transfer from the master name server(s) and deploy the zone data to the anycast name servers.

HOW CAN I PERFORM ZONE CHANGES?

On zone changes, the master name server has to send DNS NOTIFYs to the control server. Then the control server fetches the SOA record from the master name server and if the serial is increased, a zone transfer is initiated and the updated zone data is distributed to the anycast name servers.

HOW CAN A ZONE TRANSFER BE INITIATED?

Additionally, zone transfers can be initiated via the "retrieve" command on the REST interface or via the web interface. In this case, the serial is ignored and the zone is transferred and deployed to the anycast nodes even if the serial has not increased. Note: Even if a zone was transferred, the Anycast name servers may respond a few minutes with old data due to internal caching in the name server software.

HOW CAN I ACTIVATE RCODEZERO SECONDARY DNS FOR A ZONE?

Please configure the master name server(s) to allow a zone transfer. In case the master name server is a “hidden master”, also allow the RcodeZero control name server to query your master server(s) for serial checks.
Add the zone via a SOAP request or via the admin panel.
Add another NS record(s) to the zone pointing to the RcodeZero name server. RcodeZero provides 4 IP addresses (2x IPv4 and 2x IPv6). Either use the RcodeZero host names “sec1.rcode0.net” and “sec2.rcode0.net”, or use your individual name servers. In this case please make sure that the individual name server points to the addresses as described below.
sec1.rcode0.net: This hostname provides the main anycast IP addresses. They will be announced from all locations.
IPv4: 192.174.68.100
IPv6: 2001:67c:1bc::100
sec2.rcode0.net: This hostname provides the secondary anycast IP addresses.
IPv4: 176.97.158.100
IPv6: 2001:67c:10b8::100
In case only a single NS hostname/IP addresses is required, please use sec1.rcode0.net or the respective IP addresses.

Example with RcodeZero hostnames:

example.com. IN NS sec1.rcode0.net.
example.com. IN NS sec2.rcode0.net.

Example with RcodeZero hostnames:

example.com. IN NS ns1.provider-xyz.net.
example.com. IN NS ns2.provider-xyz.net.

ns1.provider-xyz.net. IN A 192.174.68.100
ns1.provider-xyz.net. IN AAAA 2001:67c:1bc::100
ns2.provider-xyz.net. IN A 176.97.158.100
ns2.provider-xyz.net. IN AAAA 2001:67c:10b8::100

4. Add the new name server to the above zone (e.g. to the Registry via the registrar).

Instead of adding RcodeZero Secondary DNS as additional name server by adding a new NS record to the zones, you can also replace one of your existing name servers with RcodeZero. In this case, you only have to change the A/AAAA records of the existing name server hostname and let it point to our anycast IP addresses. This does not require any changes to zones and registry – as long as the hostname is outside the zone and thus glue records are not used.

Adding, deleting or querying a zone can be done either via a SOAP request, or in the admin panel. Both systems use the same username/password for authentication. The SOAP interface allows automation whereas the customer web site is ideal for adding just a few zones or checking the status.

ARE THERE ANY LIMITATIONS IN RCODEZERO?

 

WHERE CAN I FIND THE CUSTOMER WEB INTERFACE?

The customer website is located at: https://my.rcodezero.at/ (Username and password are identical as for the SOAP interface.) The customer web interface allows you to add/delete/query zones, fetch a complete zone list, and to see and download DNS query statistics. When adding a zone via the web interface, multiple master servers can be configured by separating them with a comma, e. g.: 1.2.3.4,2001:db8::1234

CAN I DOWNLOAD STATISTICS?

Query statistics can be downloaded from the website, either manually using a web browser or automated. The data is provided as CSV file with semicolon (;) as delimiter. The statistics are stored only for the last 3 months, thus make sure to periodically download your statistics. Note: The download may take considerable time (30s - 5min). To download the statistics manually just logon to the web interface and follow the links.

CAN I USE A SOAP API?

The Web-API is based on SOAP and a Web Services Description Language (WSDL)-file describing the interface is available at https://api.rcode0.net/SecondaryDNS.wsdl. Please note, that this API is only available with the Service Provider product.

HOW CAN I CHECK WHETHER THE DNSSEC SERIAL IS UP TO DATE?

Every time the zone’s signatures need to be refreshed (re-signing of the zone), the zone’s serial will be increased. Thus, for signed zones the zone’s serial announced by the Anycast nodes will be bigger than the serial on the customer’s hidden master. But, a higher serial on the anycast node is not an indication that the zone is up2date. Therefore, every time the serial is increased on the hidden master, the new serial should be higher than the serial on the anycast node.

WHEN IS A HIDDEN MASTER REQUIRED?

For zones using the DNSSEC signing service, the customer’s master name server must be a hidden master. Further, the zone must not be hosted on a name server which is a public facing name server too and is also authoritative for a parent zone.

HOW CAN I CHECK IF SOME ZONES CAUSE PROBLEMS?

In the web interface is a page called "Problematic Zones":
https://my.rcodezero.at/problematic
This page lists all your zones for which the control server failed to check the serial or failed to transfer the zone.

HOW CAN I CHECK THE STATUS OF A CERTAIN ZONE WITHIN THE RCODEZERO NETWORK?

First, you should check the serial of the zone on the control server (of course this implies, that the master server always increases the serial on zone changes). This can be done either by viewing the zone details on the website or by querying the control server for the SOA record, e. g.: dig @83.136.34.7 yourdomain.com SOA

If the serial is smaller than the serial on the master server, then possible problems can be that the control server is not allowed to query and transfer the zone from the master. Make sure to allow query and zone transfer from the control server IP addresses 83.136.34.7 and 2A02:850:8::6. The control server will check the zone's SOA record every "refresh" seconds (minimum refresh value: 24 hours) or when NOTIFYs are received. Further, immediate zone transfers can be initiated by using the "retrieve" SOAP command.

If the zone on the control server is up-to-date, you can also check the zone data on an anycast name server. Due to asynchronous replication and name server internal caching the changes may be delayed up to 5 minutes.

dig @sec1.rcode0.net yourdomain.com SOA

 

HOW LONG DOES IT TAKE UNTIL AN UPDATED ZONE IS DEPLOYED ON THE ANYCAST NODES?

Short answer: typically below 3 minutes.

Long answer: this depends on several facts and timers which needs to be accumulated:

DNS NOTIFY: On zone updates, the master server must send NOTIFYs with an increased serial number to our control server to initiate a zone transfer. The transfer will usually start immediately, but may take some minutes in periods of heavy workload (lots of zone updates).
Zone data distribution: The control server will distribute the new zone date to all anycast nodes. This takes usually below 1 minute.
DNS Caching: Our name servers cache DNS responses for 4 minutes. Thus, if the domain was queried just before the zone was updated, the name server will respond with the old data for 4 minutes. Note: As there are multiple name servers with load-balancing on every anycast location, it may happen that some responses still contain the old data while some responses already contain the new data.


Where can I find the REST docu and the workflow?

The documentation of our REST interface can be found here: https://my.rcodezero.at/api-doc/