Lei Hu said:
Hi there,
This is to follow up my preivous question about primary server name in a SOA
record.
Q1: Must the DNS server that holds the master copy of a .dns file be the
primary server for the zone?
Depends on what you mean by "master". While Primary
is a very specific technical term in DNS, the word "Master"
is a bit more flexible.
Sometimes we use the term "master" to mean the Primary or
any of the SET of Active Directory Integrated DNS servers
(AD-Int-DNS) -- here the word emphasizes which machine,
or set of machines, can CHANGE the zone.
A master in this sense should be listed in the SOA.
The more technical and traditional use of the word "master"
in DNS is on a Secondary DNS server which much pull the
zone from another DNS server of that same zone: The DNS
server chosen for the source of the file is termed the MASTER
(of that Seconary.)
Many people think this "master" must be the primary but
that is not true -- ANY DNS server of that same zone can
be the master of any other Secondary of that zone (as long
as the master allows the transfer.)
Or put it another way, is it possible for a
server to be the primary DNS server for a zone with the .dns file hosted in
another server?
Not really -- anything is "possible" (if you write you own
DNS server software for instance) but that doesn't make sense
nor would it likely even be useful.
Q2: A DNS server always knows that it is the primary server or a secondary
server.
Yes, because only the Primary (or AD-Int-DNS server SET) can
accept changes.
And Yes, because the Secondaries do not accept changes but
rather pull from another DNS server of that same zone (i.e.,
the Master.)
If it is the primary, it resolves names by looking up its dns file.
Seconardies do precisely this also. Remember that Secondaries
have a full copy of the zone.
Secondaries pull from the zone file from a Master in what is termed
a "Zone Transfer."
FYI: Secondaries and Primaries are ALL "authoritative". (You will
hear people misuse the word "authoritative" to mean Primary.)
Secondaries are authoritative because they have an Authoritative, i.e.,
CORRECT and FULL, copy of the zone with it's SOA record.
No client specifies its primary and secondary DNS servers by their names,
rather, by their IP addresses.
Actually, neither. Clients do not know nor generally care which
is the Primary or Secondary.
[This terminology mistake is VERY common on these lists and a
minor pet peeve of mine since it adds to the confusion of those
who read or hear it incorrectly.]
Clients specify a PREFFERED or an ALTERNATE DNS server.
These servers might be the Primary and the Secondary for the same
zone as the client, or they might be specified in the opposite order.
In fact, it is perfectly possible for the client to use a set of DNS
servers (Preferred and Alternate) that have NOTHING to do directly
with their "own zone". (Note this is not usual for internal clients but
perfectly normal for machines which are ON the Internet.)
So when discussing the client configuartion, use Preferred and
Altnernate or just say the "client configuration" or the NIC->IP
settings.
Therefore, DNS server's name doesn't need to
be resolved.
That part is correct. Whichever you specify you use the
IP, because it wouldn't work if they client had to contact
the DNS server to resovle the DNS server name to contact
the DNS server (ugh!)
So, my question is, what is the primary server name in the SOA
recored for?
Historically, it was more for documentation purposes probably.
But with the additional of DYNAMIC DNS it became one way
a client could discover which DNS server allows for updates.
This is the exception to the rule that "clients don't generally"
need to know the Primary explicitly -- if they will update their
own records dynamically they must find the DNS server which
can accept the changes.
....OR another DNS server much be willing to forward those
changes up the "secondary->master" chain to the Primary.
See above -- why are you worried about this?
You are likely clarify several DNS misconceptions but not
actually getting much useful on your precise questions so it
might be useful to understand the underlying motivation for
those questions.
Are you just "learning" (that's fine) or are you trying to solve
a real-world problem (which we might address directly)?
FYI 2:
Another minor oddness occurs with the Master entry in the
SOA: Historically AD-Int-DNS server sets did not exist and
so this was always PRECISELY ONE DNS server.
Today it would make more sense to allow a LIST of IP or DNS
server names for the "master".
Notice that the term Master here is probably use to mean "the
DNS server that can accept changes for the zone".