DNS Servers

DNS servers perform one or more functions:

• Zone Master Servers.A master name server maintains all the data corresponding to the zone, making it the authority for that zone. Master servers are commonly called authoritative name servers. (See "Master Servers".)

  There are two types of master server:

  • Zone primary master server. Each zone has one server that is designated as the primary master server for that zone. (See "Primary Master Server".)

  • Zone secondary master server. A zone may have one or more secondary master servers. Secondary master servers obtain their DNS data from the zone's primary master server. (See "Primary Master Server".)

• Cache-only Server. All servers are caching servers in the sense that they maintain a cache of DNS data. A cache-only server is a server that is not a master server for any zone other than the in-addr.arpa. domain. (See "Caching and Cache-only Servers".)

• Root Domain servers. A root domain server is the authoritative server for the top of your DNS domain hierarchy. If your network is connected to the Internet, your root domain servers are out on the Internet itself. If your network is not connected to the Internet, you must set up your own root domain server. (See "Root Domain Name Server".)

These different server functions can be performed by the same machine.For example, a machine can be a primary master server for one zone and a secondary master server for another zone. When this manual refers to a primary or secondary or cache-only server, it is not referring to a particular machine, but the role that machine plays for a given zone.

Master Servers

The master name servers maintain all the data corresponding to the zone, making them the authority for that zone. These are commonly called authoritative name servers. The data corresponding to any given zone should be available on at least two authoritative servers. You should designate one name server as the primary master server and at least one more as a secondary master server, to act as a backup if the primary is unavailable or overloaded.

A server may function as a master for multiple zones: as a primary for some zones, and as a secondary for others.

Primary Master Server

The primary master server is the DNS name server that loads the master copy of its data from disk when it starts in.named. A zone's primary master server is where you make changes for the zone. The primary master is the source for DNS information regarding its zone. The primary server may also delegate authority to secondary servers in its zone as well as to servers outside its zone.

Secondary Master Server

A secondary master server maintains a copy of the data for the zone. The primary server sends its data and delegates authority to the secondary server. Clients can query a secondary server for DNS information. By using secondary servers, you can improve response time and reduce network overhead by spreading the load over multiple machines. Secondary servers also provide redundancy in case the primary server is not available.

When the secondary server starts in.named, it requests all the data for the given zone from the primary. The secondary server then periodically checks with the primary to see if it needs to update its database. The process of sending the most recent zone database from the primary to the secondary is called a zone transfer. Thus, you do not modify data files on a secondary server, you modify the data files on the zone's primary server and the secondary servers update their files from the primary.

Caching and Cache-only Servers

All name servers are caching servers. This means that the name server caches received information until the data expires. The expiration process is regulated by the time-to-live (TTL) field that may be attached to the data.

Additionally, you can set up a cache-only server that is not authoritative for any zone. A cache-only server is a server that is not a master server for any zone other than the in-addr.arpa. domain. A cache-only server handles the same kind of queries from clients that authoritative name servers perform. But the cache-only server does not maintain any authoritative data itself.

A cache-only server requires less memory than an authoritative server, but cannot function by itself if no primary or secondary servers are available.

Root Domain Name Server

A DNS name space must have one ore more root domain name servers that are authoritative for the root domain.

• If your network is connected to the Internet, your root domain server exists at the root domain Internet site and all you have to do is provide that site's Internet IP addresses in your cache file as explained in "Internet Root Domain Server".

• If your network is not connected to the Internet, you must set up primary and secondary name servers in the root-level domain on your local network as explained in "Non-Internet Root Domain Server". This is so that all domains in your network have a consistent authoritative server to which to refer; otherwise, machines may not be able to resolve queries.

The information that identifies the root domain name servers is stored in a cache file. This manual and most Solaris sites call this file named.ca. (Other common names for this file are: root.cache, named.root, or db.cache.) Each server's boot file contains a record identifying the file that holds the root domain name server information.

Internet Root Domain Server

If your site is connected to the Internet, your DNS name server's boot files must point to a common cache file (usually called named.ca) that identifies the root domain name servers. A template for this file may be obtained from InterNIC registration services via:

• Anonymous FTP. The FTP site is: ftp.rs.internic.net. The file name is: /domain/named.root.

• Gopher. The Gopher site is: rs.internic.net. The file is: named.root which can be found under the InterNIC Registration Services menu, InterNIC Registration Archives submenu.

If you are naming your DNS files according to the conventions in this manual, you need to move this file to /var/named/named.ca.

Non-Internet Root Domain Server

If your site is not connected to the Internet, you must set up one or more of your servers to perform as root domain name servers. The boot files of all DNS name servers on your network must point to a common cache file (usually called named.ca) that identifies the root domain name servers. You then create a cache file that identifies your root name servers.

Since a single machine can be the primary domain name server for more than one machine, the easiest way to create a root domain name server is to have the server for your highest level domain also be the server for the logical "." domain.

For example, suppose you have given your network the domain name solo. The DNS master name server is dnsmaster.solo.(with a trailing dot). In this case, you would make dnsmaster the root master server for the "." domain.

If your network has more than one top-level domain, the root domain server name should be the primary name server for all top-level domains. For example, if your network is divided into two separate, non-hierarchal domains named solo and private, the same server must be root master server for both of them. Following the example above that would mean that dnsmaster.solo. is root domain master for both the solo and the private domains.