This site requires JavaScript for navigation. Please enable JavaScript for the best learning experience.

A standard DNS architecture will have a primary authoritative server that the DNS administrator configures with domain information in one or more zone files. This primary server will be registered with the domain registrar. This information should of course be backed up on a secondary (slave) server. Once the zone files download succesfully, the secondary server should respond authoritatively if queried. This provides fault tolerance, as well as load balancing of DNS resolution requests.

All that is necessary to configure on the secondary server is a list of domains for which the secondary is to be authoritative. This is done by configuring a list of zone file on the secondary server. When a secondary server is started it downloads these files from the primary DNS server. The secondary server is totally reliant upon the primary server. If the information is not on the primary server, it will never appear on the secondary.

A secondary server performs a 'zone transfer' to download zones from the primary server. When the expire time in the Start of Authority (SOA) resource record decays to zero the secondary server opens a TCP connection on port 53 to a primary server to download the zone file. The server will permit or deny the transfer request depending upon its configuration. This allows the secondary server to mimic the primary, and to contain a backup copy of all DNS information configured in various zone files on the Primary server.

The secondary server will not transfer (download) any zone that contains an error or unrecognized record types (such as WINS records, or records containing the underscore character). The secondary server will not transfer any zone that is not properly configured and does not list the secondary DNS server in the SOA record and where no name server (NS) record for the server doesn't exist.

BIND 8.0 and later contains an additional feature called dynamic update. Normally a zone transfer is initiated by the secondary server after refresh time set in the zone's SOA record has expired. A primary server running BIND 8.0 and later will send out a notification to all its configured secondary DNS servers whenever its zone files are modified and the version number has increased. This allows for faster updates between the secondary servers and the primary server.


Bookmark this page and SHARE:  


Support InetDaemon.Com

Get Tutorials in your INBOX!

Free Training