Secondary DNS: Difference between revisions

This information is out of date, please see: https://support.aa.net.uk/New_Authoritive_DNS

We will have new systems in place for managing Secondary DNS.

IP addresses for ACLs

If we are running secondary DNS to your own primary, then please allow these IP addresses for zone transfers:

New

Starting from March 2025 we initiate zone transfers from these IP addresses:

• 194.4.172.3
• 194.4.172.4
• 194.4.173.3
• 194.4.173.4
• 2001:8b6:1:0:194:4:172:3
• 2001:8b6:1:0:194:4:172:4
• 2001:8b6:2:0:194:4:173:3
• 2001:8b6:2:0:194:4:173:4

Legacy

These will still be in use until mid-2025. Keep these in your ACLs as well as the new ones above.

• 194.4.173.1
• 2001:8b0:0:81::51bb:5120

If you are running your own DNS, you will need a secondary. You can use secondary-dns.co.uk which is configured to try and automatically secondary any new domain from an AAISP allocated IP address that a customer uses.

Using our secondary name server is normally automatic if you are using BIND-8/9. To make it pick up a domain automatically you have to change the top level delegation to list your name server and secondary-dns.co.uk, and then have bind send a notify from your primary. Our name server checks the delegation first and then adds the zone, loading from your primary servers IP. If you later change the IP of your primary, then the old IP must return that it is not authoritative in order to clear the zone allowing it to reload from the new primary. If you encounter any difficulties, please contact technical support, who can make changes manually if necessary.