[Webinar] Learn how to a build a cloud-first strategyRegister Now


WHOIS question

Posted on 2004-12-01
Medium Priority
Last Modified: 2010-04-10
1. Are all of the name servers listed in your WHOIS authortative for your domain?

2. If they are listed in your WHOIS, this means they are all primary name servers right ? (not secondaries?)  Or......is one a primary and one a secondary?

3. From the plethora of online DNS stuff I've read: Primary nameservers have an SOA for your domain. Secondary servers do not.

Do secondary servers have primary Forward Lookup Zones? Here's an example. At home, i host my own DNS server (dissovledz.com). It is the primary name server for my domain. I have no additional name servers. If I were to create another name server at another location......should this be another primary nameserver or should it be a secondary?  Should it be a primary forward lookup zone in this server or secondary lookup zone (you see where I am confused?)  
Question by:dissolved
  • 5
  • 3
LVL 36

Assisted Solution

grblades earned 1000 total points
ID: 12715827
Hi dissolved,
1) Yes

2) They can be primary or secondary servers. They could all be secondary servers even.

3) The basic difference is that all updates are performed on the primary server. Secondary servers regularly check the 'serial' parameter of the SOA and if it has been updated they perform a zone transfer and pull a new database of entries for the corresponding domain into their database. A secondary DNS server can be thought of as a backup DNS in the same way that a backup domain controller and primary domain controller work on the Windows file servers.

If you setup a DNS at a remote site then if that site has a different domain you would normally create it as a primary as you dont want lots of DNS traffic going between sites. You can then also set one sites DNS server to be a secondary for the others domain so that each site acts as a backup for the other.
On the clients DNS configuration you list the local DNS server first and then add the remote DNS server as a 2nd entry. If the first server fails then the client will access the second server located at the remote site.
This way normal DNS traffic does not waste internet bandwidth but if the server fails DNS continues to function.
Normally each DNS server will have a forwarder pointing to the local ISP's DNS servers.
LVL 71

Expert Comment

by:Chris Dent
ID: 12715948

Definition of Terms:

Primary - Start of Authority for the Domain, provides Authoritative Answers for it's own domain.
Secondary - Authoritative for the Domain (but not the Start of Authority), will have a Name Server record in the Forward Lookup zone.

Master - A Zone File Type, Master allows Read and Write access.
Slave - A Zone File Type, Slave allows Read access only - Zone file is transferred from the Master

1. Yep

2 & 3. Primary is the Start of Authority for the Domain, Secondary traditionally holds a Slave copy of the domain and is included in the Name Server list for the Domain so at least one name server is available to service requests.

Still, only one server gets to be Start of Authority.

Basically, if the DNS is included in the Name Server List (i.e. it has an NS Record in the Lookup Zones) then the server can provide an Authoritative answer for the domain.

The Rest. Secondary Servers can have Master Forward Lookup Zones, but this means you'd have to manually update two seperate servers. The Slave zone type removes this problem since it just performs a Zone transfer from the Master.

If you run an Active Directory Integrated DNS talk of Master and Slave zones becomes redundant.

Active Directory Integrated DNS zones are all Master Zones (AD Integrated DNS is known as Multi-Master DNS). This means all AD Integrated zones are Read / Write access, which allows them to accept and replicate updates to other DNS Servers via normal AD Replication.

Hope that all makes some kind of sense.
LVL 71

Expert Comment

by:Chris Dent
ID: 12715963

I type way too slow ;)
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.


Author Comment

ID: 12716200
ok thanks guys. so:

-every name listed in WHOIS is authoritative.
-you are only allowed one primary server (w/ SOA). The rest must be secondary (i read this in an RFC just now)

I guess where I'm confused is when it comes to the Primary zones (master) and Secondary Zones (slave). I do in fact understand the concept of primary and secondary servers. Like you guys were saying, secondary DNS server is like having a backup domain controller.

If I were to create a secondary server for dissolvedz.com, it would not be in a primary zone (aka : master zone) correct? Let's say  I am going to create another DNS server from scratch. And when I went to configure it, I would specify SECONDARY ZONE for dissolvez.com. This way, no SOA record would be present and the SECONDARY ZONE (aka slave) would get its transfer from the primary NS at my house. This is where I'm confused.  But I think I am correct?

LVL 71

Expert Comment

by:Chris Dent
ID: 12716310

That sounds right. It's mainly just the different terms that are confusing.

Master and Slave are zone file types.
Primary and Secondary are Name Server roles.

Author Comment

ID: 12716400

primary name server has master zones  for dissolvedz.com
secondary name server has slave zones for dissovledz.com

I think I get it now.  When you set up a name server for a domain and specify "MASTER ZONE", this means that THIS name server will be THE primary name server for the domain.

Not trying to beat this to death, but can I get another verification on that kind sirs ? :-D
LVL 71

Accepted Solution

Chris Dent earned 1000 total points
ID: 12716537

The set-up you post is correct.

The only bit that's missing is that the Start of Authority record defines which server is the Primary for the Domain (effectively).

But add that in and your description is perfect:

The Primary Server is the SoA, has an NS Record and runs a Master Zone File.
The Secondary Server has an NS Record and runs a Slave Zone File.

Author Comment

ID: 12716552
thanks! microsoft likes making things confusing with their "Primary zone and secondary zone" terminology

thanks again guys
LVL 71

Expert Comment

by:Chris Dent
ID: 12716558

Yeah, don't I know it ;)

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
Make the most of your online learning experience.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

865 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question