Sidebar

Domain Settings

This guide explains the various configuration options available for your domains in the UK DNS Privacy Project authoritative DNS service, including SOA record settings, DNSSEC configuration, and auditing options.

Accessing Domain Settings

To access and modify a domain’s settings:

  1. Navigate to Dashboard > Authoritative Domains
  2. Click on the domain name you want to configure
  3. Click the Edit button in the top-right corner of the domain details page

Alternatively, from the domains list, you can click the edit (pencil) icon next to any domain.

SOA Record Configuration

The Start of Authority (SOA) record contains important administrative information about your domain. You can configure the following SOA parameters:

Refresh Interval

  • Default: 3600 seconds (1 hour)
  • Purpose: Specifies how often secondary nameservers should check with the primary nameserver for zone changes
  • Recommendation: For domains with frequent changes, use a lower value (1800-3600 seconds). For relatively static domains, a higher value (7200+ seconds) is appropriate.

Retry Interval

  • Default: 600 seconds (10 minutes)
  • Purpose: Determines how long secondary nameservers should wait before retrying a failed zone transfer
  • Recommendation: Should be lower than the refresh interval, typically 1/6 to 1/10 of the refresh value

Expire Interval

  • Default: 604800 seconds (1 week)
  • Purpose: Specifies when secondary nameservers should stop answering queries if they cannot reach the primary nameserver
  • Recommendation: Should be significantly longer than refresh and retry intervals, typically 1-2 weeks (604800-1209600 seconds)

Minimum TTL

  • Default: 86400 seconds (24 hours)
  • Purpose: Default time-to-live for negative responses (when records don’t exist)
  • Recommendation: 3600-86400 seconds depending on how frequently you add new records
SOA record configuration

Security Settings

DNSSEC Configuration

DNSSEC (Domain Name System Security Extensions) adds cryptographic signatures to your DNS records, helping prevent DNS spoofing and cache poisoning attacks.

  • DNSSEC Enabled: Toggle this option to enable automatic DNSSEC management for your domain
  • When enabled, our system will:
    • Generate and manage signing keys
    • Sign all DNS records in your zone
    • Automatically handle key rollovers

Important: After enabling DNSSEC, you must add the corresponding DS (Delegation Signer) records at your domain registrar. Instructions for this process are provided in our Enabling DNSSEC guide.

Auditing

The auditing feature provides a detailed log of all changes made to your domain’s DNS configuration.

  • Purpose: Track who made changes to your domain records and when those changes occurred
  • Note: Once enabled, auditing cannot be disabled for security reasons

When auditing is enabled:

  • All record additions, modifications, and deletions are logged
  • All changes to domain settings are recorded
  • The audit log can be viewed by clicking the Audit Log button on the domain details page

Advanced Settings

Nameserver Configuration

The primary and secondary nameservers for your domain are automatically configured to:

  • Primary: ns1.dnsprivacy.org.uk
  • Secondary: ns2.dnsprivacy.org.uk

These nameservers are managed by the UK DNS Privacy Project service and cannot be modified.

Best Practices for Domain Settings

SOA Record Optimization

  • High-Traffic Domains: Use shorter refresh and retry intervals (1800-3600 seconds for refresh, 300-600 seconds for retry)
  • Low-Traffic Domains: Use longer refresh and retry intervals (7200+ seconds for refresh, 1200+ seconds for retry)

DNSSEC Implementation

  1. First enable DNSSEC in your UK DNS Privacy Project dashboard
  2. Generate the DS records (this happens automatically)
  3. Add the DS records at your domain registrar
  4. Verify DNSSEC is working using online validation tools

Auditing Recommendations

  • Enable auditing for all production domains
  • Review audit logs regularly, especially after making significant changes
  • Use audit logs for compliance documentation when required

Applying Changes

After modifying any domain settings:

  1. Review your changes to ensure accuracy
  2. Click Save Changes to apply the new settings
  3. Allow time for changes to propagate through the DNS system

For SOA record changes, propagation typically takes the amount of time specified in the previous TTL setting.


Our use of cookies
We use a session cookie to maintain your login state when you create an account with us. This cookie is essential for the operation of our website and is used solely for authentication purposes. For more information, please read our privacy policy.