WHOIS question

Posted on 2004-12-01
Last Modified: 2010-04-10
1. Are all of the name servers listed in your WHOIS authortative for your domain?

2. If they are listed in your WHOIS, this means they are all primary name servers right ? (not secondaries?) one a primary and one a secondary?

3. From the plethora of online DNS stuff I've read: Primary nameservers have an SOA for your domain. Secondary servers do not.

Do secondary servers have primary Forward Lookup Zones? Here's an example. At home, i host my own DNS server ( It is the primary name server for my domain. I have no additional name servers. If I were to create another name server at another location......should this be another primary nameserver or should it be a secondary?  Should it be a primary forward lookup zone in this server or secondary lookup zone (you see where I am confused?)  
Question by:dissolved
    LVL 36

    Assisted Solution

    Hi dissolved,
    1) Yes

    2) They can be primary or secondary servers. They could all be secondary servers even.

    3) The basic difference is that all updates are performed on the primary server. Secondary servers regularly check the 'serial' parameter of the SOA and if it has been updated they perform a zone transfer and pull a new database of entries for the corresponding domain into their database. A secondary DNS server can be thought of as a backup DNS in the same way that a backup domain controller and primary domain controller work on the Windows file servers.

    If you setup a DNS at a remote site then if that site has a different domain you would normally create it as a primary as you dont want lots of DNS traffic going between sites. You can then also set one sites DNS server to be a secondary for the others domain so that each site acts as a backup for the other.
    On the clients DNS configuration you list the local DNS server first and then add the remote DNS server as a 2nd entry. If the first server fails then the client will access the second server located at the remote site.
    This way normal DNS traffic does not waste internet bandwidth but if the server fails DNS continues to function.
    Normally each DNS server will have a forwarder pointing to the local ISP's DNS servers.
    LVL 70

    Expert Comment

    by:Chris Dent

    Definition of Terms:

    Primary - Start of Authority for the Domain, provides Authoritative Answers for it's own domain.
    Secondary - Authoritative for the Domain (but not the Start of Authority), will have a Name Server record in the Forward Lookup zone.

    Master - A Zone File Type, Master allows Read and Write access.
    Slave - A Zone File Type, Slave allows Read access only - Zone file is transferred from the Master

    1. Yep

    2 & 3. Primary is the Start of Authority for the Domain, Secondary traditionally holds a Slave copy of the domain and is included in the Name Server list for the Domain so at least one name server is available to service requests.

    Still, only one server gets to be Start of Authority.

    Basically, if the DNS is included in the Name Server List (i.e. it has an NS Record in the Lookup Zones) then the server can provide an Authoritative answer for the domain.

    The Rest. Secondary Servers can have Master Forward Lookup Zones, but this means you'd have to manually update two seperate servers. The Slave zone type removes this problem since it just performs a Zone transfer from the Master.

    If you run an Active Directory Integrated DNS talk of Master and Slave zones becomes redundant.

    Active Directory Integrated DNS zones are all Master Zones (AD Integrated DNS is known as Multi-Master DNS). This means all AD Integrated zones are Read / Write access, which allows them to accept and replicate updates to other DNS Servers via normal AD Replication.

    Hope that all makes some kind of sense.
    LVL 70

    Expert Comment

    by:Chris Dent

    I type way too slow ;)

    Author Comment

    ok thanks guys. so:

    -every name listed in WHOIS is authoritative.
    -you are only allowed one primary server (w/ SOA). The rest must be secondary (i read this in an RFC just now)

    I guess where I'm confused is when it comes to the Primary zones (master) and Secondary Zones (slave). I do in fact understand the concept of primary and secondary servers. Like you guys were saying, secondary DNS server is like having a backup domain controller.

    If I were to create a secondary server for, it would not be in a primary zone (aka : master zone) correct? Let's say  I am going to create another DNS server from scratch. And when I went to configure it, I would specify SECONDARY ZONE for This way, no SOA record would be present and the SECONDARY ZONE (aka slave) would get its transfer from the primary NS at my house. This is where I'm confused.  But I think I am correct?

    LVL 70

    Expert Comment

    by:Chris Dent

    That sounds right. It's mainly just the different terms that are confusing.

    Master and Slave are zone file types.
    Primary and Secondary are Name Server roles.

    Author Comment


    primary name server has master zones  for
    secondary name server has slave zones for

    I think I get it now.  When you set up a name server for a domain and specify "MASTER ZONE", this means that THIS name server will be THE primary name server for the domain.

    Not trying to beat this to death, but can I get another verification on that kind sirs ? :-D
    LVL 70

    Accepted Solution


    The set-up you post is correct.

    The only bit that's missing is that the Start of Authority record defines which server is the Primary for the Domain (effectively).

    But add that in and your description is perfect:

    The Primary Server is the SoA, has an NS Record and runs a Master Zone File.
    The Secondary Server has an NS Record and runs a Slave Zone File.

    Author Comment

    thanks! microsoft likes making things confusing with their "Primary zone and secondary zone" terminology

    thanks again guys
    LVL 70

    Expert Comment

    by:Chris Dent

    Yeah, don't I know it ;)

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    I wrote this article to explain some important DNS concepts that should be known to avoid some typical configuration errors I often see in forums. I assume that what is described here is the typical behavior of Microsoft DNS client. I don't know …
    There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now