IBM NS1 Connect

 View Only

NS1 Now Supports Apex ALIAS for Secondary Zones

By Annie Liu posted Tue October 03, 2023 11:26 AM


NS1 is starting 2023 with a bang. In January, we announced a powerful set of data analysis capabilities for troubleshooting networks with our new DNS Insights feature. Now we’re following up with some additional product enhancements which will make NS1’s Managed DNS even more flexible and user-friendly.

ALIAS at the Apex for Secondary Zones

It’s common practice (and good risk management) to have redundancy in the form of a secondary provider for your authoritative DNS. Prioritizing reliability and uptime means having a “warm” back-up ready to go in the unlikely event that the performance of a primary DNS service is degraded in any way.

Unfortunately, the structure of DNS doesn’t always make it easy to use secondary providers. One example of this is the “CNAME at the apex” problem, which has created awkward workarounds which prevent businesses from satisfying use cases that require name redirection at the zone apex.

Say you’re using a CDN to deliver web content. If you want to point your domain to that CDN, you want to use a name ( instead of an IP address. Unfortunately, by definition CNAME records can only point to a single, “canonical” record. You can’t use a CNAME record at the same time as other record types like SOA and/or NS, for example.

ALIAS records were created by authoritative DNS providers as a workaround for this challenge. Implementation of ALIAS records varies by authoritative DNS provider - they aren’t a standardized part of the usual DNS specs (there is no ALIAS record RFC). ALIAS records sit at the zone apex and are designed to coexist with other record types. With ALIAS records at the apex, you can deliver content using multiple services and record types.

Adding a secondary DNS provider on top of this apex ALIAS solution adds an additional layer of complication. When a zone is transferred via XFR from a primary to a secondary provider, apex alias information is stripped out, as ALIAS records are not recognized as standard records (See RFC 1034 and RFC 5936). Translating the apex ALIAS configuration is often difficult, because each authoritative DNS provider and business tends to implement ALIAS records slightly differently in different ways.

NS1 now offers apex ALIAS functionality for secondary zones, making this common workaround available even when XFR strips out the necessary data. By enabling this feature, NS1 customers will be able to create apex ALIAS records in secondary zones in both our API and portal.

This new feature makes it easier than ever for NS1 to operate as a secondary provider of authoritative DNS, improving the resilience of our customers’ architecture and adding flexibility in their DNS deployments.

Want to learn more? Check out our help center guide to ALIAS records.