How do I setup and manage Secondary DNS?

This article describes the purpose of Secondary DNS and outlines how to configure Secondary DNS at Cloudflare.


What is Secondary DNS?

Secondary DNS is available for domains on Enterprise plans.

Secondary DNS allows Cloudflare to act as a Secondary DNS provider to another organization's Master DNS. With Secondary DNS, DNS entries are edited in a system outside of Cloudflare and changes are transferred to Cloudflare's infrastructure.  If the current DNS provider does not support Zone Transfer, Cloudflare cannot become a Secondary DNS provider.

Secondary DNS domains cannot use the Cloudflare proxy or any Cloudflare features.

Prerequisites

1. Contact your Cloudflare Account team:

  • Request Secondary DNS to be enabled.
  • Request the configuration parameters to set at the primary DNS provider.

2. In the Cloudflare Overview app for the domain requiring Secondary DNS:

  • Identify the Cloudflare Account ID.
  • Identify the Cloudflare Zone ID.
  • Note the two Cloudflare Nameservers.
If the Cloudflare Nameservers don't contain secondary in the name, confirm the Cloudflare Account team has enabled Secondary DNS.

3. Consult the Master DNS provider's documentation for instructions on configuring the Master zone. 

4. Determine the configuration parameters from the Master zone:

  • Master IP Address - The IP address that Cloudflare should accept Zone Transfers from.
  • Zone transfer type - Will zone transfers be full (AXFR) or incremental (IXFR)?
  • (Optional) TSIG Secret - The secret string used to authenticate zone transfers.
  • (Optional) TSIG Algorithm - The algorithm used to authenticate zone transfers.

Once the list of prerequisites have been completed, configure the Secondary Zone at Cloudflare.


Configuring a Secondary Zone through the CloudFlare API

DNSSEC is currently unsupported when Cloudflare is configured as a Secondary DNS provider.

Secondary DNS can only be configured via the Cloudflare API. Requests can be sent to the API via a command-line utility like cURL or a browser plugin such as Postman.  

Refer to the Cloudflare API documentation for full examples on the supported API methods available:

For each POST example provided in the steps below, replace :account_tag with the Account ID identified from the Prerequisites section of this article:


Related Resources

Not finding what you need?

95% of questions can be answered using the search tool. This is the quickest way to get a response.

Powered by Zendesk