Support for Hidden Primary DNS

I’m trying to figure out if Mail-in-a-box supports .dk domains as the TLD “owner” dk-hostmaster has to validate/authorize all nameservers for the .dk domain.
I have my domain names registred with, which supports Hidden Primary DNS. I’m thinking that by utilising this with mail-in-a-box I should be able to run the actual nameserver on the mail-in-a-box, but have’s nameservers be the official servers towards dk-hostmaster (SOA).

From gratisdns’ support page I have found the following (in danish): A rough translation below with risk of my DNS knowledge mangling it even further:

Their example BIND file uses the following details:

DNS server’s IP:, web server’s IP: and domain: domæ (DNS: xn–

Which results in a BIND conf that would be on the mail-in-a-box:

; Dropzone from
$ORIGIN . 43200 IN SOA (
serial 2004010101
) 43200 IN A 43200 IN MX 10 43200 IN A 43200 IN CNAME 43200 IN NS 43200 IN NS 43200 IN NS 43200 IN NS 43200 IN NS

And they then list the following things to note:

  • You must increase the serial by one each time you change your zone file
  • You must allow free access for zone transfer (AXFR) of the zone, at least to the ip address related to
  • That a serial is formatted as a date YYYYMMDDXX, where XX is the revision number for the day and the serial must be 10 numbers long
  • That a serial set to high is difficult to adjust down again

So is this possible to handle with mail-in-a-box or should I go look for a mail box solution that doesn’t rely on hosting the DNS server aswell?


I guess I could just use gratisdns as an external DNS for my domain. I think I’ll go ahead and try that, though i’m still interested in doing it the with hidden primary DNS.

If it is currently not supported I will make a github issue and maybe someone @JoshData could give a few hints to where it could be implemented if you want it as feature?

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.