Bobcares
Client Area
Emergency Support
Cloudflare | Latest | Server Management

Cloudflare DNS Secondary | More About

by | Aug 19, 2022

Cloudflare DNS Secondary Servers can easily prevent outages which usually occur with single DNS servers. Bobcares, as part of our Server Management Service, responds to all your DNS inquiries, large or small.

Cloudflare Secondary DNS

Cloudflare secondary DNS is a replica of the primary DNS records on Cloudflare. The secondary DNS nameservers were specially built as a backup to the primary nameserver. So both of the DNS can serve the DNS records at all times. Thus decreasing the latency of DNS requests, distributing the load between DNS servers, and adding resiliency to the infrastructure.

The communication between a primary server and a secondary nameserver is possible by zone transfer. The transfer of DNS zones takes place unidirectionally from the primary DNS server to the secondary DNS server via secondary DNS. In order to keep track of any zone updates, a primary DNS server may have any number of secondary DNS servers with which it must communicate.

How Does Cloudflare Secondary DNS Works?

Several large businesses grow their DNS infrastructure. A managed DNS service is increasingly being used by users in place of two or three on-premise DNS servers or several DNS vendors. This will boost redundancy in case a DDoS attack manages to bring down one of their providers.

With more than 200 data centers spread around the world, all of which run the DNS software, Cloudflare’s DNS Servers customers may take advantage of DNS lookups that take on average just 11 milliseconds worldwide. Therefore, this is a good option for clients who want to utilize multiple DNS providers or who find it too difficult to abandon their on-premise DNS server.

Cloudflare initially implemented Secondary DNS using Mesos Marathon. The separation of each service into several different marathon apps also makes individual scaling of apps possible. All of these services live in Cloudflare’s core data centers.

  1. Zone Transferer: The service in charge of attempting IXFR; if IXFR fails, it attempts AXFR.
  2. Zone Transfer Scheduler: The service in charge of verifying zone SOA serials for modifications regularly.
  3. Rest API: The service for registering new zones and primary nameservers.
  4. Notify Listener: This service lies external to the cluster, in addition to marathon apps. The service listens for notifies from primary servers and tells the Zone Transferer to initiate an AXFR/IXFR.

The inter-service communication was through Apache Kafka. After the zone transferer finishes the AXFR/IXFR, the zone is then sent on to the zone builder before being pushed out to the edge at each of the 200 sites. Although this architecture performed great at first, it exposes numerous vulnerabilities and scalability problems later.

Now Cloudflare migrated all of the core data center services to Kubernetes, moving away from individually managed apps and Marathon clusters. The Marathon-based services and the NOTIFY Listener are now with Kubernetes.

Performance Of Cloudflare Secondary DNS

Cloudflare leads in global performance for Secondary DNS. Let’s see how well each component of the Cloudflare Secondary DNS performs.

  • Primary Server to Notify Listener: Most accurate measurement is only precise to the second, but the UDP/TCP communication is likely much faster than that.
  • NOTIFY to Zone Transferer: This is negligible.
  • Zone Transferer to Primary Server: 99% of the time the average latency for a zone transfer is ~800ms.
  • Zone Transferer to Zone Builder: It takes ~10ms to build a zone most of the time.
  • Zone Builder to Quicksilver edge: 95% of the time, it takes less than 1s propagation.
  • End to End latency: The approximate time is less than 5 seconds on average.

[Looking for a solution to another query? We are just a click away.]

Conclusion

Cloudflare Secondary DNS provides users with custom DNS solutions, be it on-premise or some other DNS provider. Additionally, it also allows users to take advantage of Cloudflare’s DNS performance, proxying, and security capabilities through Secondary Override. To conclude, our Support team explains briefly how the secondary DNS works along with analyzing its performance.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

Related posts:

  1. Monitor Server and Avoid Downtime in Cloudflare – Best Practices
  2. Cloudflare Error 1200 – How to resolve
  3. Error 1005 Access Denied Cloudflare | Troubleshooting Tips
  4. Cloudflare Code 81053 Error | Resolved

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

server management

Spend time on your business, not on your servers.

TALK TO US

Or click here to learn more.

Related Articles

  1. Monitor Server and Avoid Downtime in Cloudflare – Best Practices
  2. Cloudflare Error 1200 – How to resolve
  3. Error 1005 Access Denied Cloudflare | Troubleshooting Tips
  4. Cloudflare Code 81053 Error | Resolved

Never again lose customers to poor
server speed! Let us help you.

GET STARTED

Privacy Preference Center

Consent Management

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience.

Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Privacy Policy

Required
By using this site, you agree to our Privacy Policy.

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

Cookies Used

Required
PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]

livechat.bobcares.com

Opt Out
PHPSESSID

my.bobcares.com

Opt Out
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

Cookies Used

_ga, _gat, _gid

google.com

Opt Out
_ga, _gat, _gid

manager.smartlook.com

Opt Out
smartlookCookie

clarity.microsoft.com

Opt Out
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

Cookies Used

IDE, test_cookie, 1P_JAR, NID, DV, NID

doubleclick.net

Opt Out
IDE, test_cookie

google.co.in

Opt Out
1P_JAR, NID, DV

google.com

Opt Out
NID

olark.com

Opt Out
hblid

rb2b.com

Opt Out
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

Cookies Used

SID, APISID, HSID, NID, PREF

google.com

Opt Out
SID, APISID, HSID, NID, PREF