US: +1 888 720 9500 Show
US: +1 888 791 1189
Intl: +1 925 924 9500 Aus: +1 800 631 268
UK: 0800 028 6590 CN: +86 400 660 8680
Direct Inward Dialing: +1 408 916 9892
A primary DNS server is the first point of contact for a browser, application or device that needs to translate a human-readable hostname into an IP address. The primary DNS server contains a DNS record that has the correct IP address for the hostname. If the primary DNS server is unavailable, the device contacts a secondary DNS server, containing a recent copy of the same DNS records. How Does a Primary DNS Server Work?When a computer or device needs to connect to another device on the Internet, it typically uses a human-readable domain name, like “www.example.com”. The browser or application needs to translate the domain name into a numeric Internet Protocol (IP) address like “192.100.100.1”. This translation is done by the Domain Name System (DNS). The device first contacts the primary DNS server that hosts the controlling zone file. This file contains the authoritative DNS information for the domain or subdomain. “Authoritative” means it is the trusted source for information like the IP address of the domain, administrator contact information, and settings like Time to Live (how long this IP address should be saved in a local cache). The primary DNS server resolves the query by returning the IP address for the requested hostname. However, if the primary server is slow to respond, or is unavailable, the device is referred to one or more secondary DNS servers. What is Secondary DNS?Changes to DNS records—for example, changing the IP for a domain name—can only be done on a primary server, which can then update secondary DNS servers. DNS servers can be primary for one DNS zone and secondary for another DNS zone. A secondary server holds a secondary DNS zone—a read-only copy of the zone file, which contains the DNS records. It receives an updated version of the copy in an operation called zone transfer. Secondary servers can pass a change request if they wish to update their local copy of the DNS records. Secondary DNS servers are not mandatory—the DNS system can work even if only a primary server is available. But it is standard, and often required by domain registrars, to have at least one secondary server. Learn more about secondary DNS servers with NS1. Benefits of having a secondary DNS server for a domain:
DNS Zone, Primary and Secondary DNS ConfigurationIn the preceding discussion we referred to DNS zones. A DNS zone is a distinct part of the domain name space, delegated to a specific legal entity that is responsible for managing it. For example, a root domain such as “acme.com” is a DNS zone, which can be delegated to a company, Acme Corporation Inc. Acme Corporation then assumes responsibility for setting up a primary DNS server, called an Authoritative Name Server, which holds correct DNS records for that domain. DNS zones exist at higher and lower levels of the DNS hierarchy. For example, the Top Level Domain “.com” is also a DNS zone, which has an Authoritative Name Server providing DNS records for all the domains in the “.com” namespace. A subdomain, such as “support.acme.com” is also a DNS zone, which can be managed by Acme Corporation, or delegated to another entity. Primary and Secondary DNS Management in Modern DNS InfrastructureThe classic primary/secondary DNS architecture is no longer used by modern, managed DNS providers. Today, most DNS providers offer customers several name server IPs to use. Behind each of these IPs are pools of DNS servers, with requests routed via anycast (a one-to-many transport protocol). This provides improved redundancy and high availability compared to the primary/secondary model. However, even in advanced DNS deployments, secondary DNS can help you:
To learn more about how you can leverage primary and secondary DNS to power state-of-the-art, high-performance and highly available DNS deployments, see NS1’s Secondary DNS solution.
While a round robin DNS setup allows for greater load balancing, it should be noted that if one of the hosts becomes unavailable, the DNS server will not know this. Should this happen, the DNS will continue to alternate giving out the IP of the downed server. Example DNS RecordThe following is an example of what a sample DNS record might look like.
*Note: Don’t forget to put a period after the domain name like in the examples above. How to Install and Configure DNSNow you know more about the Domain Name System and what it does, but before you can start using it, you’ll need to know how to install and configure DNS. for the purposes of this guide we’ll be covering the DNS configuration and installation procedure specifically for an older Windows Server 2003. For information on installing DNS onto newer server models, check out our guide on How to Setup DNS Server on Windows Server 2012. Preliminary Requirements for DNS ConfigurationBefore you can configure your DNS, you’ll need to gather some basic information. Some of these requirements must be pre-approved by InterNIC for use on the Internet. If you’re configuring your server for internal use only, you can decide which names and IP addresses to use yourself. To start, you must have the following information:
*Note: Your servers may include mail servers, public access servers, FTP servers, WWW servers, and others. Additionally, before you can configure your computer as a DNS, you’ll need to verify that the following conditions are true:
DNS InstallationTo install DNS, just follow these 4 steps:
Once this process is completed, DNS should begin installing. DNS ConfigurationTo configure your DNS server, follow these 5 steps:
After finishing the Configure a DNS Wizard, the Configure Your Server Wizard displays the This Server is Now a DNS Server page. To review the changes made to your server or to make sure that a new role was installed successfully, click on the Configure Your Server log. The Configure Your Server Wizard log is located at: %systemroot%\Debug\Configure Your Server.log To close the Configure Your Server Wizard, just click Finish. Setting Up a DNS Forward Lookup ZoneForward lookup zones are the specific zones which resolve domain names into IP addresses. If you’ve followed the configuration instructions above, your forward lookup zone should already be set up. If for some reason you need to set up a forward lookup zone after configuring your DNS, you can follow these instructions:
Changing the DNS Server for Network InterfacesIf you need to change the DNS server for different network interfaces, you can do so using the following:
Flush the DNS Resolver CacheA DNS resolver cache is a temporary database created by a server to store data on recent DNS lookups. Keeping a cache helps speed up the lookup process for returning IP addresses. You can use the command ipconfig /displaydns to see what entries are currently stored in your server’s cache. Sometimes though, a virus will hijack a servers DNS cache and use it to re-route requests. This is sometimes referred to as cache poisoning, and is one of several reasons why you may want to flush the DNS cache. To do so, enter the following command: ipconfig /flushdns When completed successfully, you should receive a message that says “Windows IP configuration successfully flushed the DNS Resolver Cache.” Creating a DNS Entry for the Web ServerObviously, one of the most important things about running a website is ensuring that it is accessible to users. Part of this process involves creating alias or CNAME (Canonical Name) records for the DNS server on which you’ve configured IIS (Internet Information Services). This step is important, because it makes sure that external host computers can connect to your Web server by using the “www” host name. To create a new DNS entry, just follow these steps:
Creating a DNS Entry Using cPanel, WHM, or PleskDepending on your server’s setup, you may prefer to create your DNS entries using your server’s GUI control panel. The following is a list of links to articles that deal specifically with making new DNS entries using cPanel, WHM, or Plesk. If you use any of these three control panels, you might want to look over the corresponding article for more information on using DNS alongside your preferred control panel. Secure Recursive DNSA recursive look up is when a DNS server gets queried for a domain which it isn’t authoritative. For example, if you queried your nameserver for the domain yahoo.com, that would be a non-authorative or recursive lookup. Based on this principle, DNS recursion, also known as having an open DNS server, is when your DNS server is available for DNS lookups for the general public. If you have an open DNS server, chances are higher your server will get abused by spammers. In addition, open DNS recursion is very resource consuming. To lighten the load on your server and reduce potential risk, the following changes can be made to restrict recursive and caching lookups to only the IP blocks listed in the configuration. This can help reduce the risk associated with DNS exploitations used by hackers and malicious actors online. First, you’ll need to follow the set of instructions specific to your server’s OS. We’ve included instructions for both Linux and Windows server users. Linux ServersTo secure recursion on Linux servers running Bind, you’ll need to modify the file /etc/named.conf. *Note: before making any changes, please be sure to back up the file to ensure nothing is lost. If you look at the example below, you’ll notice that the first line of “allow-recursion” is set up for the IP address 127.0.0.1. What this does is allow the local Linux machine to query this specific IP address (127.0.0.1), assuming the server has a nameserver 127.0.0.1 with which to query. Additionally, if you wanted to lock your DNS down even further, you can edit these lines to include only your required or preferred subnets. options { recursion yes; allow-recursion { 127.0.0.1/32; }; allow-query-cache { 127.0.0.1/32; }; }After making any changes, you’ll need to restart Bind with the following command: service named restart /etc/init.d/named restart Windows ServersFor Window Servers, if the local DNS server is not used for caching, then recursion needs to be disabled. Luckily, this is an easy change to make, involving a simple check mark in the DNS servers configuration settings. If you need to turn DNS recursion off for your Bind installation, follow these steps:
Now, recursion has been turned off for your DNS server. Should you ever wish to change this setting, simply repeat the above process and deselect the Disable Recursion checkbox. In Closing and Further ReadingNow, you should have a better understanding of what DNS is and what it does, as well as the processes necessary to install and configure it. In addition, we’ve covered several more advanced DNS features including setting recursion and creating CNAMEs. For further information on DNS, we’ve included a series of links to related articles in the list below. If you are facing issues not covered in this article, feel free to look over these or reach out to our support team for assistance. DNS Related Links: Popular Links Looking for more information on DNS? Search our Knowledge Base! Interested in more articles about Web Hosting? Navigate to our Categories page using the bar on the left or check out these popular articles: Popular tags within this category include: DNS, FTP, IIS, MX Records, and more. Don’t see what you’re looking for? Use the search bar at the top to search our entire Knowledge Base. The Hivelocity Difference Seeking a better Dedicated Server solution? In the market for Private Cloud or Colocation services? Check out Hivelocity’s extensive list of products for great deals and offers. With best-in-class customer service, affordable pricing, a wide-range of fully-customizable options, and a network like no other, Hivelocity is the hosting solution you’ve been waiting for. Unsure which of our services is best for your particular needs? Call or live chat with one of our sales agents today and see the difference Hivelocity can make for you. |