1 minute read

For some reasons I like to hosting my DNS services myself and this worked very well in the past. As I now have to look for a new domain hoster (see Server migration for details) one of the major criteria, besides price of course, was the ability to change the name server entries (NS record).

Furthermore I need a secondary DNS additionally which must have an IP from a different Class C network due to domain regulations. Since I’m not willing to afford another server for this purpose, I remembered that there are free DNS providers around.

After some evaluation I decided to go for EveryDNS.net. They offer the service I need free of charge (if someone has better suggestions pls let me know :) ). They offer name servers in the US and NL and check for zone changes via AXFR However I had to change my Bind 9 settings to work flawlessly with EveryDNS.net and this is what I did:

I dislike the idea given access to everybody via AXFR to my server that’s why I always had an ACL for that. So I created a new ACL for this with the list of IP addresses I found at the EveryDNS FAQs

acl everydns {;;;;;;; 

This ACL is referenced in the allow-transfer statement of the corresponding zone.

allow-transfer { slaves; everydns; };

Since I’m curious, I wanted to know if it works. That’s why I added some logging for the transfer requests to my configuration. Remember to set the access rights for the log file properly ;)

logging {
    channel log_zone_transfers {
        file "/var/log/axfr.log";
        print-time yes;
        print-category yes;
        print-severity yes;
    category xfer-out { log_zone_transfers; };

What you have to do else is to update your actual zone file and add the new name server(s) and change the settings at your domain provider of course. That’s it. You’re done now.