Problem solve Get help with specific problems with your technologies, process and projects.

Secondary DNS servers for the Internet

The Domain Name System (DNS) requires that multiple servers exist for every delegated domain (zone). Both the physical and topological location of each server is a material consideration when selecting secondary servers. The geographic placement as well as the diversity of network connectivity exhibited by the set of DNS servers for a zone can increase the reliability of that zone as well as improve overall network performance and access characteristics.

A major reason for having multiple DNS servers for each zone is to allow DNS information from the zone to be available widely and reliably to clients throughout the Internet. Multiple servers spread the name-resolution load and improve the overall efficiency of the system by placing servers nearer to the resolvers.

With multiple servers, usually one server will be the primary DNS server and others will be secondary DNS servers. The distinction between primary and secondary servers is relevant only to the servers for the zone concerned; to the rest of the DNS servers they are simply multiple servers. All are treated equally.

The primary server holds the master copy of the zone file; it is the server where the data is entered into DNS from some source outside the DNS. Secondary servers obtain data for the zone using DNS protocol mechanisms to obtain the zone DNS table from the primary server.

When selecting secondary servers, you should give attention to the various network factors that are likely to fail. Servers should be placed so that it is likely that at least one server will be available to serve all significant parts of the network if the others fail. Secondary DNS servers should be placed at dispersed locations to minimize the likelihood of a single failure disabling all of them.

Listing servers that cannot be reached from large parts of the network causes a particular class of problems. This could be listing the name of a machine that is completely isolated behind a firewall, or just a secondary address on a dual-homed machine that is not accessible from outside. The names of servers listed in DNS records should resolve to addresses that are reachable from the region to which the DNS records are being returned. Including addresses which most of the network cannot reach does not add reliability to the zone.

Barrie Sosinsky ( president of consulting company Sosinsky and Associates (Medfield MA). He has written extensively on a variety of computer topics. His company specializes in custom software (database and Web related), training and technical documentation.

This was last published in January 2001

Dig Deeper on Network Infrastructure

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.