04.08.2025

How to Set Up a Secondary DNS Server with BIND9 on Ubuntu 20.04

The secondary DNS server works for fault tolerance. If the primary one stops working for some reason, the secondary one will ensure the functionality of the website and other resources specified in it.

First, you need to install and make a basic configuration of the BIND9 DNS server.

Cloud Servers from $5 / moIntel Xeon Gold 6254 3.1 GHz CPU, SLA 99,9%, 100 Mbps channel

Initial settings

Primary DNS server IP - 10.1.1.9
Secondary DNS server IP - 10.1.1.10
Example domain name - domain-name.com

Additional settings for the primary DNS server BIND9

If you configured the primary DNS server according to our instructions, you can skip this step.

We must allow the primary DNS server to transmit DNS zone data to the secondary server. Open the BIND9 configuration file.

sudo nano /etc/bind/db.domain-name.com

Add the following 2 parameters to the zone settings: allow-transfer and also-notify, substituting the IP address of the secondary server in them. The result will be something like this.

zone "domain-name.com" {
type master;
file "/etc/bind/db.domain-name.com";
allow-transfer { 10.1.1.10; };
also-notify { 10.1.1.10; };
};

Save this file and reload BIND9.

sudo systemctl reload bind9

Configuring BIND9 as a secondary DNS Server

Open the BIND9 configuration file.

sudo nano /etc/bind/named.conf.local

Add the following directive to it.

zone "domain-name.com" {
type slave;
file "db.domain-name.com";
masters { 10.1.1.9; };
};

The masters parameter must contain the IP address of the primary DNS server. Save the file and reload BIND9.

sudo systemctl reload bind9

To check if the secondary DNS server is working correctly, use the command on any remote computer:

nslookup domain-name.com 10.1.1.10

Use your FQDN instead of domain-name.com and the IP address of your secondary DNS server instead of 10.1.1.10.

Output

Server: 10.1.1.10
Address: 10.1.1.10#53

Name: domain-name.com
Address: 10.1.1.10

Conclusion

By setting up a secondary DNS server with BIND9, you significantly improve the resilience and availability of your domain’s name resolution. If the primary DNS server goes down, the secondary server will seamlessly take over, ensuring that your website and other critical resources remain accessible. Following this step-by-step guide helps you build a fault-tolerant DNS infrastructure and avoid costly downtime.

FAQ

Q: Is a secondary DNS server mandatory?
A: Technically, no, but it is highly recommended to avoid single points of failure in DNS resolution.
Q: How often does the secondary server update its data from the primary?
A: It updates whenever changes occur and the primary sends notifications (thanks to the also-notify parameter), plus it performs periodic zone refreshes based on its configuration.
Q: Can I use a different DNS server instead of BIND9?
A: Yes, other DNS servers like PowerDNS or Microsoft DNS can also be configured for secondary functionality, but the configuration steps will differ.
A: If both the primary and secondary DNS servers are offline, name resolution for your domain will fail, so it’s wise to monitor both servers and consider geographic redundancy for maximum reliability.