Secondary DNS servers for the Internet

The Domain Name System (DNS) requires that multiple servers exist for every delegated domain (zone). Both the physical and topological location of each server is a material consideration when selecting secondary servers. The geographic placement as well as the diversity of network connectivity exhibited by the set of DNS servers for a zone can increase the reliability of that zone as well as improve overall network performance and access characteristics.

A major reason for having multiple DNS servers for each zone is to allow DNS information from the zone to be available widely and reliably to clients throughout the Internet. Multiple servers spread the name-resolution load and improve the overall efficiency of the system by placing servers nearer to the resolvers.

With multiple servers, usually one server will be the primary DNS server and others will be secondary DNS servers. The distinction between primary and secondary servers is relevant only to the servers for the zone concerned; to the rest of the DNS servers they are simply multiple servers. All are treated equally.

The primary server holds the master copy of the zone file; it is the server where the data is entered into DNS from some source outside the DNS. Secondary servers obtain data for the zone using DNS protocol mechanisms to obtain the zone DNS table from the primary server.

When selecting secondary servers, you should give attention to the various

    Requires Free Membership to View

    Login

network factors that are likely to fail. Servers should be placed so that it is likely that at least one server will be available to serve all significant parts of the network if the others fail. Secondary DNS servers should be placed at dispersed locations to minimize the likelihood of a single failure disabling all of them.

Listing servers that cannot be reached from large parts of the network causes a particular class of problems. This could be listing the name of a machine that is completely isolated behind a firewall, or just a secondary address on a dual-homed machine that is not accessible from outside. The names of servers listed in DNS records should resolve to addresses that are reachable from the region to which the DNS records are being returned. Including addresses which most of the network cannot reach does not add reliability to the zone.

Barrie Sosinsky (barries@killerapps.com)is president of consulting company Sosinsky and Associates (Medfield MA). He has written extensively on a variety of computer topics. His company specializes in custom software (database and Web related), training and technical documentation.

This was first published in January 2001

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

    Back to top