Although I have a specific problem, I am trying to implement a good strategy for the domains I manage.
Current setup:
A VPS managed with Plesk with multiple domains. (I do have a failover IPv4.)
The main nameserver is a glue record that points to the VPS ipv4 and ipv6.
Initially I tried to just glue a secondary name server to the same IP, but the TLD I use requires 2 name servers with distincts IP addresses.
So, for the secondary name server, my VPS provider (OVH Cloud) provides a secondary DNS, but it only links the domain to an IPv4 and does not allow for any specific zone configuration.
Plesk is the Primary DNS server and there are multiple records added. One of them is the SPF record.
Problem:
It seems that during the DNS propagation, some "top level" DNS servers are setting the NameServers backward: the secondary DNS server is used first.
When this happen, my DNS records from my primary DNS server are not being served. For example, running mxtoolbox will give me errors as it can't find the SPF record from the primary server.
** Solutions: **
Is there a way to have the primary DNS server push his zone configuration to the secondary DNS server?
Alternatively, is there a way to enforce which is the primary name server and which is the secindary name server? (I consider this acceptable as the primary name server and the actual hosting is done by the same server. In most cases if the primary DNS server fails, so does the content and other services)
The typical way for a primary nameserver to push the config to a secondary is using
AXFR
. So yes, this is possible.In terms of
NS
reords, there is no distinction between a primary record and a secondary record. They may be accessed sequentially in either order or simultaneously. To enforce one, you would need to remove the other record.