Primary vs. Secondary
Fenton
I have seen a few interpertation on the web between primary and secondary
NS. I am just wondering what's your view on it. Some say DNS always looks
for primary NS first and if it fails, it goes to secondary. I support more
that second theory, which is DNS query on all NS on the zone file since it
doesn't know which is the primary and with are secondarys. However, if
that's the case, how come we have to name a NS as Primary and the rest
secondarys?
Confussed
Fenton
Ace Fekay [MVP]
Fenton <fen...@no-email.com> made a post then I commented below
If you're talking about the namesserevers configured in your IP properties,
the DNS resolver service will ask the first entry first. It doesn't matter
if its a Primary zone or Secondary zone. If the first one comes back with an
answer, whether its correct or not, or whether there is an empty answer, its
still an answer, and it will not look further. If the first DNS times out,
then it will try again, and if it times out again, it will then go to the
second entry in IP properties and query that, in the meanwhile, it will
remove the first entry from the eligible resolvers list. It will not go back
to the first entry unless you restart the machine, restart the DNS client
service or force it to revert by altering a reg entry.
Also about secondaries zones, if a machine's first entry is pointing to a
server holding a Secondary zone, and the machine wants to send a
registration request, and updates are allowed on the zone, the DNS client
resolver service recognizes its a Secondary zone and will query for the
MNAME record in the zone (the Master IP) and it will send the registration
request to the Primary.
If this is not what you asked, I apologize and sorry for misinterpreting
your question.
--
Regards,
Ace
Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.
This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
--
=================================
fen...@discussions.microsoft.com
Thanks for your detailed answer. However, I guess I
didn't word the question correctly. What I was trying to
ask is that according to RPC standard, a domain needs to
have at least 2 nameservers hosting the zone - one
primary and one secondary. The secondary is usually sync
to the primary copy by zone transfer. So, if the dns
trying to query for an ip, the root nameserver would
return all the authoritative nameservers. And now, would
the dns always query the primary nameserver first, or
just any nameserver on the list, or would it send a
request to all nameservers? Hope that clears my question
up a bit.
thanks
Fenton
>.
>
Kevin D. Goodknecht Sr. [MVP]
fen...@discussions.microsoft.com <fen...@discussions.microsoft.com>
commented
Then Kevin replied below:
> Ace,
>
> Thanks for your detailed answer. However, I guess I
> didn't word the question correctly. What I was trying to
> ask is that according to RPC standard, a domain needs to
> have at least 2 nameservers hosting the zone - one
> primary and one secondary. The secondary is usually sync
> to the primary copy by zone transfer. So, if the dns
> trying to query for an ip, the root nameserver would
> return all the authoritative nameservers. And now, would
> the dns always query the primary nameserver first, or
> just any nameserver on the list, or would it send a
> request to all nameservers? Hope that clears my question
> up a bit.
I think it does, actually you have to understand how recursive queries work,
on how it gets to the authoritative servers for a domain. The root servers
send a list of TLD DNS servers, depending on the TLD your domain is in. The
order is done with round robin, Then the TLD servers send a list of DNS
servers for your domain, with the order select by round robin. So to answer
your question, it is up to the particular resolving DNS server to decide
which DNS server will get queried first, the order would be random and
irrelevant if all your DNS servers answer with authority.
--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
Fenton
Just wondering since the DNS will randomly select the all Nameservers for
query, (including the primary and all the secondarys), so, is putting an
EXTRA "not-as-reliable" secondary nameserver a good idea? On one hand, it
creates some extra redundancy. However, on the other hand, there are
chances for it to be picked randomly while it is offline and hence delay the
query.
Any suggestion?
Fenton
"Kevin D. Goodknecht Sr. [MVP]" <ad...@nospam.WFTX.US> wrote in message
news:ewdsRF7p...@TK2MSFTNGP15.phx.gbl...
Kevin D. Goodknecht Sr. [MVP]
Fenton <fen...@no-email.com> commented
Then Kevin replied below:
> Thanks kevin,
>
> Just wondering since the DNS will randomly select the all
> Nameservers for query, (including the primary and all the
> secondarys), so, is putting an EXTRA "not-as-reliable"
> secondary nameserver a good idea? On one hand, it
> creates some extra redundancy. However, on the other
> hand, there are chances for it to be picked randomly
> while it is offline and hence delay the query.
Do not confuse what I said, when you put a DNS on your public record as
authoritative then it should answer with authority. In other words it needs
a zone and an NS record for its name and IP.
You could list as many DNS servers you want, up to the maximum you can list
with your registrar, if they don't have a zone and an NS record they have no
authority. If they are capable of doing recursive lookups they will still
answer without a zone for your domain, but not with authority.
Whether it is a primary or a secondary zone makes no difference to the DNS
server asking for the records, as long as it has authority. The difference
between a primary and a secondary is the secondary will have a read only
zone, but still have authority. The only DNS servers it actually makes a
difference to is the ones holding the zones, the DNS server shown as the
master is the one the secondary servers sync up to. Even that doesn't mean
that it is the one with a Primary zone. In fact, you could make all of the
DNS servers on the public record have secondary zones and the one with the
Primary zone may not even be publicly accessible. It would be a hidden
master and could be configured so that only the secondary servers could
access it to update their zones.
Ace Fekay [MVP]
fen...@discussions.microsoft.com <fen...@discussions.microsoft.com> made a
>
> Thanks for your detailed answer. However, I guess I
> didn't word the question correctly. What I was trying to
> ask is that according to RPC standard, a domain needs to
> have at least 2 nameservers hosting the zone - one
> primary and one secondary. The secondary is usually sync
> to the primary copy by zone transfer. So, if the dns
> trying to query for an ip, the root nameserver would
> return all the authoritative nameservers. And now, would
> the dns always query the primary nameserver first, or
> just any nameserver on the list, or would it send a
> request to all nameservers? Hope that clears my question
> up a bit.
>
>
> thanks
> Fenton
Sorry, I misunderstood your question thinking you were talking about the
client side resolver.
Also, I believe you are talking about the RFCs, not RPCs?
Ace
fen...@discussions.microsoft.com
So, in general, is adding a "not-as-reliable" nameserver
as an extra authoritative nameserver a good idea or a bad
idea? The reason why I ask is that my zone is now host
by 2 Zoneedit nameserver (which are reasonablly
reliable). But I am thinking using Public DNS's
nameservers too so that I will have a total of 4 auth
nameserver hosting my zone file. However, I have heard
that Public DNS's reliablity is not very good.. So, I am
wondering should I just leave it with 2, or should I add
in another not-as-reliable one.
Thanks again
Fenton
>.
>
Kevin D. Goodknecht Sr. [MVP]
fen...@discussions.microsoft.com <fen...@discussions.microsoft.com>
commented
Then Kevin replied below:
>
> So, in general, is adding a "not-as-reliable" nameserver
> as an extra authoritative nameserver a good idea or a bad
> idea? The reason why I ask is that my zone is now host
> by 2 Zoneedit nameserver (which are reasonablly
> reliable). But I am thinking using Public DNS's
> nameservers too so that I will have a total of 4 auth
> nameserver hosting my zone file. However, I have heard
> that Public DNS's reliablity is not very good.. So, I am
> wondering should I just leave it with 2, or should I add
> in another not-as-reliable one.
It is better to have four DNS, when you say not as reliable, do you mean
slower or are there times when they are offline?
Slower is better that offline, it all depends on what you mean by reliable.
If they answer in less than 100ms they are excellent.
Fenton
> In news:28e401c4a85f$bdba28f0$a401...@phx.gbl,
> fen...@discussions.microsoft.com <fen...@discussions.microsoft.com>
> commented
> Then Kevin replied below:
> > Thanks Kevin,
> >
> > So, in general, is adding a "not-as-reliable" nameserver
> > as an extra authoritative nameserver a good idea or a bad
> > idea? The reason why I ask is that my zone is now host
> > by 2 Zoneedit nameserver (which are reasonablly
> > reliable). But I am thinking using Public DNS's
> > nameservers too so that I will have a total of 4 auth
> > nameserver hosting my zone file. However, I have heard
> > that Public DNS's reliablity is not very good.. So, I am
> > wondering should I just leave it with 2, or should I add
> > in another not-as-reliable one.
>
> It is better to have four DNS, when you say not as reliable, do you mean
> slower or are there times when they are offline?
> Slower is better that offline, it all depends on what you mean by
reliable.
> If they answer in less than 100ms they are excellent.
>
from time to time... at least for an hour once a week
Fenton
Erik Aronesty
Generally, I'd say it's better to have 4, even if the public DNS is
less reliable... because caching DNS automatically
- tries again on failure
- caches results
- queries the most reliable server first.
Jonathan de Boyne Pollard
Some say DNS always looks for primary NS first and if it fails, it goes to secondary.
how come we have to name a NS as Primary and the rest secondarys?
Fenton
Your link is EXACTLY what I am looking for !!!! Thanks a lot..... I have
been searching on the net for a while to find something like this.... I
appreicated!
Fenton
"Jonathan de Boyne Pollard" <J.deBoyn...@Tesco.NET> wrote in message
news:c1.01.2t0SKz$5...@J.de.Boyne.Pollard.localhost...