Submit a ticket My Tickets
Login  Sign up

Understanding Secondary DNS

A secondary name server provides redundancy for your primary name servers. If something goes wrong with your primary name servers you run the risk of requesting a dead end with nowhere else to go. 

By using a secondary name server, you will be replicating the zone file on back up Name Servers. Secondary Name servers receive information about the domain from the primary Name Servers through mechanisms in DNS.  In order to request any information about the domain, the Secondary name servers must communicate with the Primary provider through a defined set of IPs. 

If any changes take place at the Primary provider, the master name servers will send a NOTIFY to the secondary name servers about this change. This ensures that the zone file is up to date and the SOA serial number is the same on the secondary name servers. If the primary name server does not support NOTIFY, the secondary name server will simply just query for the SOA serial number based on the refresh value configured in the SOA record.

Start of Authority (SOA) record

The Start of Authority record, most known as the SOA record, is used as a version number of a DNS zone and it contains information about the zone transfer process. 

SOA parameters

Within the Start of Authority, you will find information that will rule how the zone file will be propagated to the secondary set of name servers. 

  • Serial

The serial number will reflect a version of a zone file. This number is important because once increased and noticed by the secondary name servers, the slave servers will assume that modification within the zone file has occurred, and therefore a zone transfer will be initiated. This means that if you have two DNS services providers delegated to a certain domain, the SOA serial number must be the same for both, which means that the zone is the same on both systems.

When a change is made to the zone on the primary name servers, the SOA serial number is incremented and, with NOTIFY configured, the secondary name servers are informed of the change. As long as the SOA serial number on the secondary name servers is lower than the SOA serial number on the primary name servers, a zone transfer will occur. If the SOA serial number on the secondary name servers is higher than the SOA number on the primary name servers, a zone transfer will not occur. The SOA serial number on the primary name servers would then need to be changed to a serial number higher than the SOA serial on the secondary name servers to correct the problem.

  • Refresh 

The refresh defines after how long secondary name servers will request the master for the SOA record. 

  • Retry

If the Refresh was not successful, the secondary name servers will eventually retry to request the SOA for any updates. The Retry should always have a lower value than the Refresh value. 

  • Expire

Until a certain point, if the master name servers do not respond with the SOA record after a number of attempts, the EXPIRE is going to determine after how long the secondary name serves will stop asking master name servers for the SOA of the domain. The EXPIRE value should always be higher than the sum of the Retry and Refresh values. 

  • TTL

The Time to Live regulates how long the SOA will be cached in the slaved name servers. The TTL is essential to ensure a low response value, which in practice will mean a fast resolution, providing the best performance. 

Check the RFC 1035 for the SOA record standards. 

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.