AutoDNS and secondary domain name servers

Background

As part of our virtual dedicated server and co-location packages, we provide secondary DNS service for domains you wish to host. You can control the list of domains for which we provide secondary DNS service using an automated tool called AutoDNS, which was written by Jonathan McDowell.

(A note for the pedants: strictly when several DNS servers can answer queries for a domain, there is no preference among them for clients. A "secondary" DNS server will serve queries at all times, even when the "primary" is not down. Here we are referring to the "primary" server as the one from which other servers will obtain authoritative information for a zone by AXFR.)

Before you can use this facility, you need to give us the public key part of a GnuPG key-pair, which will be used to authenticate your commands to AutoDNS; and the IP address of the primary DNS server from which domains will be transferred by our secondary server. Usually this will be your co-located or virtual server, but if you're paying for co-lo or VDS service, we're happy to secondary for domains hosted anywhere. We will give you the IP address and hostname of a secondary DNS server, and an email address to which AutoDNS requests can be sent.

Using AutoDNS

AutoDNS responds to commands sent to its email address, which we will give you. All commands must be GPG-signed, in the "ASCII-armour" mode (in which the signature appears as inline text, rather than as a separate MIME-part). Here is an example AutoDNS mail, which adds a domain to your secondaried domains, removes another, and replies with a list of all the domains you control:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

BEGIN
ADD example.com
DEL example.org
LIST
END

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iHJUIUIHBJHBJkC6LpkACgkQ8NUINBERrSMmLQCgw+d6CmuIp/hj0poihh21FFjF
fpoAnRauMC3axI4NdVhg5HRafdMW0P/9
=eFjG
-----END PGP SIGNATURE-----

If your email client doesn't itself support GnuPG, you can prepare a signed mail by saving the list of commands in a file, and then signing it with the command

gpg --clearsign file

which produces a signed version, file.asc. Alternatively,

gpg --clearsign < file | mail -s 'dns-auto' autodns address

signs and sends the mail all in one go. Or, if the editor in your normal mail client lets you pipe the text of your mail through an external command, you can just use that; in vi, type something like,

%! gpg --clearsign

or in emacs,

C-x h C-u M-| gpg --clearsign

Other editors will, of course, vary.

Important: AutoDNS doesn't currently support MIME "multipart/signed" format for GPG-signed email (this is the more modern format which is produced by mail clients like mutt). You must use an in-line "ASCII-armoured" signature instead, as shown above.

AutoDNS commands

Commands recognised by AutoDNS begin on the first column of the line, and consist of a single capitalised keyword followed in some cases by an argument:

BEGIN: Start processing commands.
END: Stop processing commands.
HELP: Return an informative message.
LIST: Show all the zones you currently control on the server.
ADD domain: Add domain to the list of domains secondaried for you.
DEL domain: Remove domain from the list.

AutoDNS will reply to your mail with the results of any commands it processes.