RocketDNS

Documentation

Quick Start Guide

Welcome to RocketDNS. Follow these steps to configure your Secondary DNS service and ensure global redundancy for your domains.

1. Create the Zone

  • Log in to the RocketDNS Dashboard.
  • Click the Add Zone button.
  • Enter your Domain Name (e.g., example.com) and the IP Address of your Primary (Master) Name Server.

2. Configure Master Server

You must authorize our transfer agent to pull zone data from your server. Update your Primary Name Server's firewall or ACL to whitelist our AXFR IP:

AXFR Source IP: 91.99.187.157

(Resolution: one.rocketdns.io / two.rocketdns.io)

Protocols: Allow TCP/53 & UDP/53

Note: If you are running BIND, add this IP to your allow-transfer block. If using PowerDNS, add it to your allow-axfr-ips.

3. Verify Sync

Once the zone is added and the firewall is open:

  • Wait approximately 10–60 seconds.
  • Our systems will attempt an immediate zone transfer (AXFR).
  • Refresh your dashboard. The zone status should change from Pending to Synced.

4. Update Registrar

Only after the zone status shows Synced, add the RocketDNS nameservers to your existing NS list at your registrar:

ns1.rocketdns.io
ns2.rocketdns.io
ns3.rocketdns.io
ns4.rocketdns.io

Important: SOA Serial Management

RocketDNS relies entirely on the SOA Serial Number to detect changes in your zone.

CRITICAL: Every time you modify records on your Primary Native Server, you MUST increment the Serial Number in your SOA record.

If you do not increment the serial, RocketDNS will assume the zone has not changed and will not pull your new records, resulting in stale data on our edge nodes.

Troubleshooting Guide

If you are experiencing issues with your zones syncing or resolving, please review the common scenarios below before contacting support.

1. Zone Status Stuck on "Pending" or "Error"

If your zone status in the dashboard remains Pending for more than 5 minutes, or shows Error, it usually means our servers cannot pull the zone data from your Master server.

A. Check Firewall & Whitelist

Your Master server must allow TCP and UDP connections on port 53 from our transfer agent.

Check: Is the RocketDNS AXFR IP whitelisted?
IP to Whitelist: 91.99.187.157

B. Test AXFR Manually

You can verify if your Master server is accepting transfers by running a dig command from a neutral location (or checking your Master logs):

# Replace 1.2.3.4 with your Master Server IP
$ dig @1.2.3.4 example.com AXFR
Success: You see a list of all your DNS records.
Failure: You see "Transfer failed", "connection timed out", or "REFUSED".

C. Verify Master IP

Ensure the IP address you entered for your Master Server in the RocketDNS dashboard is correct. If your Master server is behind NAT, ensure you are using the Public IP and port forwarding is active.

2. Updates Are Not Propagating (Stale Data)

If you made changes on your Master server but RocketDNS is still serving old records:

A. The "Serial Number" Trap

This is the #1 cause of stale data. Secondary DNS servers only pull new data if the SOA Serial Number is higher than the previous one.

  • Fix: Increment the Serial Number in your zone file (e.g., change 2026013001 to 2026013002).
  • Action: Reload your Master server service. RocketDNS checks for changes periodically, or immediately if you send a NOTIFY.

B. Force a Sync

If you forgot to increment the serial or need an immediate update:

  1. Go to the RocketDNS Dashboard.
  2. Locate the zone.
  3. Click the Force Sync or Refresh icon.

3. Slow Update Speeds

By default, we check your Master server for updates based on the Refresh value in your SOA record. To make updates instant, configure NOTIFY.

Configure NOTIFY (Optional but Recommended)

Configure your Master server to send a "NOTIFY" packet to our nameservers whenever you reload a zone.

  • Bind/Named: Add also-notify { 91.99.187.157; };
  • PowerDNS: Ensure slave-renotify is enabled.

4. "REFUSED" or "SERVFAIL" Errors

If public resolvers (like Google 8.8.8.8) return SERVFAIL when querying our nameservers:

  • Check Expiry: If we cannot contact your Master server for a period longer than the Expire value in your SOA record (typically 1-4 weeks), we will stop answering queries to prevent serving dangerous stale data.
  • DNSSEC: If you have DNSSEC enabled on your Master, ensure you are sending us the RRSIG and NSEC/NSEC3 records via AXFR. If your zone is signed but we don't have the signatures, validation will fail.

Still Need Help?

If you cannot resolve the issue, please contact support with the following details:

  • The Domain Name affected.
  • The IP Address of your Master Server.
  • Specific error messages or dig results.

Email: support@rocketdns.io

© 2026 RocketDNS Inc.