Using Hurricane Electric free DNS service for slaves

So apart from setting ns[2345].he.net as your DNS servers at your registrar and adding a slave at http://dns.he.net you need to do the following:

  1. Allow transfer AXFR to slave.dns.he.net. Server that pulls zones is slave.dns.he.net, not ns1.he.net.
  2. Remove ns1.he.net from allow transfer ACLs if it was there.
  3. Set the server to send NOTIFY’s to ns1.he.net. Yes, to ns1, not to slave.dns.he.net. slave.dns.he.net doesn’t listen for any DNS requests including NOTIFY’s.

BIND example

The NOTIFY part is a bit tricky, so here’s an example from my setup.

Creating an ACL for slave.dns.he.net

At the top level of named.conf:

acl he-slaves
{
216.218.133.2; // slave.dns.he.net IPv4
2001:470:600::2; // slave.dns.he.net IPv6
};

Basic zone setup

zone "example.org" in
{
type master;
allow-transfer
{
he-slaves;
};
file "data/example.org";
};

Notification setup

Add this to the zone:

notify explicit;
also-notify
{
216.218.130.2;
};

So the zone looks like:

zone "example.org" in
{
type master;
allow-transfer
{
he-slaves;
};

notify explicit;
also-notify
{
216.218.130.2; // ns1.he.net
};

file "data/example.org";
};

PowerDNS 4 example

execute this commands on PowerDNS machine

pdnsutil set-meta example.org ALLOW-AXFR-FROM AUTO-NS 216.218.133.2
pdnsutil set-meta example.org ALSO-NOTIFY 216.218.130.2

The result can be checked via:

pdnsutil get-meta example.org