Random "Secondary nameserver is not configured to resolve this domain."

I was using v.57 successfully for about a year. I’m using Linode’s DNS as a secondary NS for my domains (ns1, ns2, and ns3.linode.com). This was working perfectly for months. I recently upgraded to v60 on 22.04 (following the guide to upgrade… new instance, restore backup, moved IP) and everything seems to working fine, BUT, I keep getting random Secondary nameserver nsX.linode.com is not configured to resolve this domain. where X is one of Linode’s nameservers. It affects all domains hosted. It’s never consistent between domains and nameservers reportedly not configured (i.e. it might report ns1.linode.com for one domain and ns2.linode.com for another). It doesn’t appear to affect mail delivery or domain resolution, but it does make the status check emails to be unusually noisy. I’ve run the following script found here on the forum, and a quick check seems to indicate the NS is sync’d properly.

#!/bin/sh
# Author : Christophe Casalegno
# Email : brain@christophe-casalegno.com
# Twitter : @Brain0verride
#
# Usage : ./checkdns.sh domaintotest.com firstdnserver secondnsserver
# Example : ./checkdns.sh mydomain.com ns1.box.mydomain.com ns1.linode.com
ns1="$2"
ns2="$3"
serial='grep SOA |cut -d " " -f7'
domain=$1
a=`host -t SOA $domain $ns1 |grep SOA |cut -d " " -f7`
b=`host -t SOA $domain $ns2 |grep SOA |cut -d " " -f7`

if [ $a = $b ]
then
	echo "$domain : synchro ok"
	echo "$ns1 serial : $a"
	echo "$ns2 serial : $b"
else
	echo "$domain : Error"
	echo "$ns1 serial : $a"
	echo "$ns2 serial : $b"
fi

That said, not sure if it’s an issue with MIAB or Linode. I haven’t dug into the code that runs the status checks but thought I post to see if anyone else is experiencing similar issues with other secondary providers.

I have seen reports of this in the past. If the error is not reported consistently each day, you probably don’t have to worry, as you already found out through your script.
Myself, I’m running this and I run unbound instead of bind9, and have not experienced these errors since I’ve been running that. But N=1 and all that. :man_shrugging:t2:

Linode offers proper Secondary DNS? SInce when?

Don’t know… but they even support DNSSEC.

Interesting and good to know, thanks!

I always like to know about providers providing Secondary DNS service for “free” since I am such a proponent of using it.

So far my short list is:

Puck Secondary DNS (Free)
Hurricane Electric (Free)
1984 FreeDNS (Free - No Services Required)
Gandi NS6 (Free for domains registered via Gandi)
Hetzner also offers it but I have not found it to be overly simple to enable.
and now
Linode DNS Manager (Free with at least one VPS)

Anyone have any more that I can add to this list?

Linode free secondary DNS now only usable IF you have at least one single running vps.

1 Like

I’m using Afraid freedns and the already mentioned puck and Hetzner. I actually found Hetzner the most straightforward of the three to setup. :wink:

In all honestly, I avoided Hetzner because they themselves recommended not using their system for Secondary DNS until they finished rolling out their new system (??). So I have not really checked them out since. Did they ever get this rolled out?

I have no idea if that statement is still valid. I only know that I used their DNS console to setup secondary dns. It’s simple and seems to work fine. I have no idea about other DNS console options (I don’t use them) or of future plans they have with their dns functionalities.

Hetzner DNS Console doesn’t appear to support DNSSEC.

I don’t know about other DNS functionality, but they do for secondary DNS.