How to setup primary / secondary

You have a probably come across the terms "primary DNS server" and "secondary DNS server".

Actually a DNS server (the computer/software) is not specifically "primary" or "secondary".

A DNS server can be primary for one zone (domain) and secondary for another.

The DNS specifications (RFCs) require that each domain name is served by at least 2 DNS server for redundancy.

This may seem a little silly - especially if you run your DNS, web, and mail servers all on the same machine - if this machine goes down, it doesn't really matter that the backup DNS server still works.

But many registrars (companies that register domain names) still require at least 2 DNS servers.

This requirement has been somewhat relaxed lately, and depending which registrar you use, you may only need to specify one DNS server.

NOTE: If your registrar lets you use only one DNS server, some DNS testing tools may still flag this as an error.

NOTE: Registrars requiring 2 DNS servers sometimes refer to these as "primary" and "secondary".

This has absolutely nothing to do with the actual primary/secondary functionality, and it doesn't matter in which order you enter your DNS servers for the domain name. This is just a list of servers, and there could be 1, 2, or any number of DNS servers listed for a domain name.

By definition, a primary DNS server holds the "master copy" of the data for a zone, and secondary servers have copies of this data which they synchronize from the primary through zone transfers at intervals or when prompted by the primary.

Only one DNS server should be configured as primary for a zone, but you can have any number of secondary servers for redundancy.

Both primary and secondary servers for a zone serve exactly the same data to clients.

Because of this you could easily "simulate" a secondary server on a single computer with 2 IP addresses.

Simply configure the zone (as primary), and the server will function as both the primary (on one IP address) and secondary (on the other IP address).

The recommended practice is to configure the primary and secondary DNS servers on separate machines, on separate Internet connections, and in separate geographic locations (for the purpose of redundancy).

When using separated primary and secondary DNS servers, zone transfers are used to synchronize the zone data from the primary DNS server to the secondary server(s).

With other DNS server software, a zone must initially be created on both the primary and secondary servers (creating individual DNS records and any subsequent changes to a zone need only be done on the primary server).

However, Simple DNS Plus has a unique option to automatically create and remove zones on secondary servers whenever you do this on the primary.

We call this a "Super Master/Slave" pair and is configured through the Options dialog / DNS / Local Zones / Super Master/Slave section.

Both servers must be running Simple DNS Plus (no other DNS servers we know of currently support this).

The secondary server must be listed as a "slave" on the primary server, and the primary server must be listed as a "master" on the secondary.

One Simple DNS Plus server can be master and/or slave for any number of other Simple DNS Plus servers.

To create the zone on the primary server, you can use the Quick Zone Wizard.

If you are not using the Super Master/Slave setup, or if either of your DNS servers are not Simple DNS Plus, you will also need to create the zone on the secondary server.

Use the New Zone function, select the "Secondary Zone" option, and specify the zone name and the IP address of the primary DNS server.

Once a zone is configured on both primary and secondary servers, zone transfers should automatically occur when needed.

To verify, use the Look Up function against the secondary server, or check the records on the secondary server through the DNS Records window on that server.

You can later change the primary/secondary status using the Zone Properties dialog.

The Zone Properties dialog "zone transfers" tab can be used to secure the zone, so only authorized secondary servers are allowed to request zone transfer.

 Comments
Gravatar
15 Dec 2018 13:49 UTC
ann
hi. This so useful as i get to know that we have to setup the servers at two different machine. Im doing a project right now and we have to configure DNS master and slave but we got stuck. Can you help us
JH Software
2 Jan 2019 17:00 UTC
JH Software
We'll be happy to try and assist you. You can contact us at https://simpledns.com/contact-us
Gravatar
24 Feb 2019 23:49 UTC
Ross Sheard
Recently, we have had an unexplained failure in one of our DNS server computers, whereby all the records in Simple DNS Plus disappeared. All other applications in the machine were unaffected. After reinstalling the Simple DNS software and records, we receive a persistent message 'RCODE 17 Key not recognised'. Can you advise about this - does the message refer to the secret key being in error, or does it refer to something else. We have, more than once or twice, checked the accuracy of the 'secret key'

With thanks

Ross
JH Software
2 Mar 2019 13:21 UTC
JH Software
RCODE 17 is about a TSIG key – that is a key used to authenticate a request – typically zone transfer or dynamic update.
Gravatar
6 Mar 2019 19:53 UTC
Rick Hantz
The primary DNS server running on Sever 2016se is working fine.
I added the primary zone as a secondary zone on the machine running Simple DNS Plus.
It never transfers/syncs/populates.
Gravatar
6 Mar 2019 20:30 UTC
Rick Hantz
Working now, after several reboots of both machines.
(Never published. Used for replies and to show your Gravatar icon. Never used for any other purpose.)
Connect