Primary/Secondary question

  • Thread starter Thread starter James
  • Start date Start date
J

James

Question

Say you have ClientA, with IP 1.1.1.1 and its DNS server (DNS_A) with IP
1.1.1.2, ClientA makes a request to DNS_A, DNS_A has the info listed in a
secondary zone, does DNS_A or ClientA go and contact the server that hosts
the matching primary zone for the secondary zone on DNS_A

Thanks
 
In
James said:
Question

Say you have ClientA, with IP 1.1.1.1 and its DNS server
(DNS_A) with IP
1.1.1.2, ClientA makes a request to DNS_A, DNS_A has the
info listed in a secondary zone, does DNS_A or ClientA go
and contact the server that hosts the matching primary
zone for the secondary zone on DNS_A

Thanks
Click to expand...

The secondary does not usually contact the Primary DNS on the behalf of a
client request, unless the client is requesting a dynamic update of its
records.
But under normal queries the Secondary has no need to contact the primary
for a query. The secondary DNS will contact the primary on the basis of the
values set on the SOA record for refresh and retry, when the secondary is
trying to refresh its zone data from the primary. If the secondary is unable
to contact the primary, for a zone refresh for the period set in the Expire
portion, the secondary zone is expired and will stop contacting the primary.
 
James said:
Question

Say you have ClientA, with IP 1.1.1.1 and
...its DNS server (DNS_A) with IP 1.1.1.2,
Click to expand...
ClientA makes a request to DNS_A, DNS_A has the info listed in a
secondary zone, does DNS_A or ClientA go and contact the server that hosts
the matching primary zone for the secondary zone on DNS_A
Click to expand...

No. A server never has to ask another server for
information it has in a zone file -- it is already
AUTHORITATIVE for that zone.

Many people do not realize that Secondary DNS
servers are authoritative for those zones, but they
KNOW the correct (authoritative) answer and
just return it to the requestor.

Also, note that a caching server (without that
zone) might have a copy of the record it has
previously resolved from the authoritative servers
and it will in general do the same thing: just
return the answer.

So, as a general rule, if the DNS server "knows"
the answer it returns it immediately without referring
the question to any other DNS server.

BTW, the second sequence above (caching) is the
reason for sometimes seeing "non-authoritative" vs.
"authoritative" when you run NSLookup or a similar
tool.
 
Back
Top