Primary DNS servers host controlling zone files, while secondary DNS servers are used for reliability and redundancy.
After reading this article you will be able to:
Related Content
Subscribe to theNET, Cloudflare's monthly recap of the Internet's most popular insights!
Copy article link
DNS, or the Domain Name System, translates domain names into IP addresses so users can easily navigate to sites on the Internet without having to memorize long, specific strings of numbers and letters.
In this system, a primary DNS server is a server that hosts a website’s primary zone file. This is a text database file that contains all of the authoritative information for a domain, including its IP address, the identity of the domain administrator, and various resource records. Resource records list domain names alongside their corresponding IP addresses, and can take several different forms:
Primary servers are also responsible for making any necessary changes to a zone’s DNS records. Once the primary server has completed the update, it can then pass along change requests to the secondary servers.
Primary DNS servers contain all relevant resource records and handle DNS queries for a domain. By contrast, secondary DNS servers contain zone file copies that are read-only, meaning they cannot be modified. Instead of getting their information from local files, they receive pertinent information from a primary server in a communication process known as a zone transfer.
Zone transfers become more complicated when they are completed between multiple secondary servers. If several secondary servers are in use, one may be designated as a higher-tier secondary server so that it is capable of replicating zone file copies to the remaining pool of secondary servers.
A server administrator may choose to designate a DNS server as a primary or secondary server. In some cases, a server can be primary for one zone and secondary for another zone.
Although each zone is limited to one primary DNS server, it can have any number of secondary DNS servers. Maintaining one or more secondary servers ensures that queries can be resolved even if the primary server becomes unresponsive.
Although secondary DNS servers are not necessary to complete DNS queries for a domain, it is standard practice (and required by many registrars) to establish at least one.
There are two main benefits of using a secondary DNS server:
Dynamic DNS (DDNS) is a service that keeps IP addresses automatically updated. This is especially useful for smaller web properties (personal websites, small businesses, etc.) that are not assigned static IPs, but instead temporarily lease IPs from their Internet Service Provider (ISP).
Rather than making frequent manual changes to a domain’s IP address via the primary server, users can employ DDNS to automatically update their DNS records with the most current IP address that has been assigned to their domain.
Cloudflare offers a managed DNS service that can be configured in a hidden primary setup or as a secondary DNS service. In a hidden primary setup, users establish an unlisted primary server to store all zone files and changes, then enable one or more secondary servers to receive and resolve queries. Although the secondary servers essentially fulfill the function of a primary server, the hidden setup allows users to hide their origin IP and shield it from attacks.