To use a Managed DNS Server as the primary name server, and to use a server prepared by you as a secondary name server, configure the settings as follows.

1. Creating a TSIG key
   Using a TSIG key enables you to prevent falsification of data in the zone transfer route. Refer to "TSIG Key Management" for how to create a TSIG key.
   • We recommend that you create a TSIG key.
   • Whether or not you create a TSIG key does not affect the operation of the server.
   • If you already have a TSIG key, you can use the existing one.
2. Setting your secondary name server
   1. Configure the settings for requesting zone transfer from this service.
   2. Configure the settings for permitting NOTIFY from this service.
   Note that both settings are different from Managed DNS Server settings.
   • Refer to "IP Addresses Used by This Service" for information on the IP address range for access permission.
   • Examples
3. Preparing common settings
   Refer to "Common Settings" for how to configure the settings.
   1. In the secondary name server settings, set the zone transfer access permission and the address for NOTIFY.
   2. In the secondary name server settings, register the TSIG key and enable it.
4. Editing records
   Refer to "Record Management" for how to edit records.
5. Applying common settings
   Refer to "Service List" for how to apply common settings.
   • Apply the common settings set in procedure (3) to the zones.
   • Transferring zones to your secondary name server starts once the application is complete.
6. Editing records again
   Refer to "Record Management" for how to edit records.
   • Add your primary name server to the NS record.
     The transfer direction of queries changes to your secondary name server when the addition is complete.
7. Registering the name server
   Register the Managed DNS Server and the secondary name server that you have prepared. Refer to "Registering and Changing Name Servers" for how to register them.
   • When you have signed up for the Domain Management Service, you can register the name server by clicking "Name Server Registration" on the Name Server Management screen.
   • If you have not signed up for the Domain Management Service, apply this registration to your registrar (designated business operator).
8. Register DS records.
   • You can register DS records only when the DNSSEC signature is enabled.
   • Refer to "Updating DS Records" for more information on DS records.

Setting a Hidden Master Configuration

You can operate in such a way that DNS queries are to be accepted solely by the secondary name server that you have prepared, and that this service specializes in management functions, such as zone edit and DNSSEC signature.
In such cases, configure the following settings in addition to the previously-mentioned settings.

• Do not describe the Managed DNS Server in the NS record, or delete the description.
  Refer to "Record Management" for how to edit records.
• Disable the Managed DNS Server in Common Settingss.