Trying to find a secondary (slave) DNS service offering DNSSEC and IPv6?

We have our own hidden primary DNS server on our DMZ and use secondary DNS servers hosted on the Internet by a company called Gradwell. This has served us well for quite a few years now, but they do not offer IPv6 connectivity nor DNSSEC capabilities.

So I started looking around to see if I could find a company that would still provide us with a secondary service, but would also provide DNSSEC and IPv6 capabilities too. For some reason, I am really struggling!

I spoke to ISC ( as they have a secondary DNSSEC/IPv6 DNS service, but it is really geared up for large corporates/service providers that have many hundreds/thousands of domains. We have about 30-40 domains in total, so their pricing model was far too expensive for us. We pay something like £25/year for the service from Gradwell, and don’t mind paying a bit more if we get the additional capabilities, but I cannot justify the thousands that ISC wanted.

So a quick Google reveals secondary DNS services from people like RollerNet, Couchness, BackupDNS, Twisted4Life etc., but reading their web sites it’s not clear whether they can offer me the features I want. This is a useful list:, but some of the sites are not in English and none of the DNS servers appear to be hosted in the UK (where my company is based and where most of our customers reside). Ideally I would like some servers to be located in the UK with additional ones in the US and European continent, maybe even utilising anycast.

Because I am struggling so much, I am wondering if there is a gap in the market. Maybe I should do something myself? The requirements as I see it are as follows:

  • A minimum of 4 authoritative servers, 2 in the UK, 1 in the US, 1 in EMEA. Alternatively global coverage could be provided via multiple servers hidden behind 2 or 3 anycast addresses
  • Authoritative DNSSEC support (i.e. ability to return DNSSEC records if requested via “DO” flag in query)
  • Support the standard AXFR/IXFR mechanism for zone propagation (NOTIFY is optional)
  • Support IPv6 connectivity, so that queries can be accepted from IPv6 clients using IPv6 transport
  • Provide a Web UI so that domains can be added and deleted, and the IP address of the primary can be specified
  • Don’t be too expensive, i.e. < £100 per year for up to 50 domains

Leave a comment and let me know what you think, if there’s enough interest I might set something up.

This entry was posted in Computers and Internet. Bookmark the permalink.

4 Responses to Trying to find a secondary (slave) DNS service offering DNSSEC and IPv6?

  1. Evan Touchett says:

    did you ever find what you were looking for?

    • Well I haven’t looked recently, I do run my own business now and would love to provide this sort of service, but it will be a while before I have the resource to invest in this. Do you have a similar requirement and have you found anything?

      Maybe one day…! 🙂

      • Evan Touchett says:

        I’m looking at
        I think they can offer me secondary DNS hosting on many name servers. We use Network Solutions for our managed DNS and it is pretty easy for us to use. Unfortunately they will only host our domain on 2 name servers. With the recent DDOS attack we were down for part of yesterday and they will not offer a more resilient solution.

  2. Take a look at Neustar, we are looking to resell their services here in the UK…

    Whereabouts in the world are you?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s