Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Primary and Secondary vs. two primaries

0 views
Skip to first unread message

Guy

unread,
Jun 3, 2007, 6:46:31 AM6/3/07
to
I’m trying to harden our DNS servers. I currently have 2 servers (ns1 and
ns2). Ns1 is primary and ns2 is secondary. Neither are AD integrated.

I know that a secondary zone server only maintains a limited copy of the
zones and queries the primary for other information. So if the primary goes
down, it seems that the secondary is somewhat useless.

Do you see any downsides to having ns1 & ns2 both being primary (other than
having to manually two servers)?


Anthony

unread,
Jun 3, 2007, 7:17:16 AM6/3/07
to

"Guy" <gap...@newsgroup.nospam> wrote in message
news:eT1u6xcp...@TK2MSFTNGP06.phx.gbl...

> I'm trying to harden our DNS servers. I currently have 2 servers (ns1 and
> ns2). Ns1 is primary and ns2 is secondary.

DNS servers aren't ordered. They are just servers that respond to queries.
DNS client can have more than one DNS server to query, in a list, so from
their point of view one might be considered "primary" but it isn't really.
It is just first on a list.

> I know that a secondary zone server only maintains a limited copy of the
> zones

The Primary Zone is the master, where changes are made. The Secondary is a
full copy of the zone, but can't itself be updated.

>and queries the primary for other information.

DNS servers query whichever server they have set up with the Forwarder to
forward queries to. There is not Primary or Secondary role involved.

>So if the primary goes
> down, it seems that the secondary is somewhat useless.

Not at all.

> Do you see any downsides to having ns1 & ns2 both being primary (other
> than having to manually two servers)?

You can set up one server with the Primary zone and the other with the
Secondary copy. You can set them both to Forward to an ISP DNS for
resolution of other domains that they don't hold.

Anthony
http://www.airdesk.co.uk

Herb Martin

unread,
Jun 3, 2007, 8:58:36 AM6/3/07
to

"Guy" <gap...@newsgroup.nospam> wrote in message
news:eT1u6xcp...@TK2MSFTNGP06.phx.gbl...
> I'm trying to harden our DNS servers. I currently have 2 servers (ns1 and
> ns2). Ns1 is primary and ns2 is secondary. Neither are AD integrated.
>
> I know that a secondary zone server only maintains a limited copy of the
> zones and queries the primary for other information.

Not quite accurate -- a secondary keeps a READ-ONLY copy of the
entire zone, and transfer the zone (changes) from another master (primary
or secondary) of that same zone.

> So if the primary goes down, it seems that the secondary is somewhat
> useless.

No, the secondary cannot be used (as-is) for making updates, either
manual or dynamice, but it works "just fine" without the Primary for
some period of time (until expiration.)

> Do you see any downsides to having ns1 & ns2 both being primary (other
> than having to manually two servers)?

Yes, all changes must be maintained manually on both -- increasing the
administrative
overhead and the potential for problems.

This is not the way (ordinary) DNS zones are run.


--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)


Kevin D. Goodknecht Sr. [MVP]

unread,
Jun 3, 2007, 11:31:07 AM6/3/07
to
Read inline please.

In news:eT1u6xcp...@TK2MSFTNGP06.phx.gbl,
Guy <gap...@newsgroup.nospam> typed:


> I m trying to harden our DNS servers. I currently have 2 servers (ns1
> and ns2). Ns1 is primary and ns2 is secondary. Neither are AD
> integrated.
>
> I know that a secondary zone server only maintains a limited copy of
> the zones and queries the primary for other information.

The Secondary zone is a full copy of the zone that is not writable, and from
the querying client's viewpoint, there is no difference. The only time a
secondary needs to contact its master is to refresh its zone data.
Otherwise, it operates totally independent of its master.

> So if the primary goes down, it seems that the secondary is somewhat
> useless.

Not true, the Secondary will continue to operate normally, until the Expire
time on the SOA record has elapsed.


> Do you see any downsides to having ns1 & ns2 both being primary
> (other than having to manually two servers)?

One would be trouble, imagine having a hundred domains set up this way.
Unless the zones are Active Directory Integrated, in which all zones are
Primary Masters, you should stick to what is tried and true and keep it
simple.


--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps

===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================


Guy

unread,
Jun 3, 2007, 11:49:55 AM6/3/07
to
Thanks to all that have replied so quickly

"Guy" <gap...@newsgroup.nospam> wrote in message
news:eT1u6xcp...@TK2MSFTNGP06.phx.gbl...
0 new messages