Best practices for improving external DNS resiliency

Best Practice 1: Use a hidden master

A hidden master is a name server that is not advertised and does not appear in any name server records. In other words, it is not known publicly on the Internet and does not answer any queries. The hidden master’s purpose is to provide zone transfers to a set of secondary name servers that are known publicly and answer queries.

Fault tolerance icon


Master can go down without impacting the resolution of your domain.

Security icon


IP address of the name server is not published, and is less likely to be hacked.

easy administration icon


Reloads and restarts of the hidden master do not impact resolution of your domain.