Hi All,
I am working on the proprietory Dynamic DNS client implementation . My DHCP and DDNS server are running on LINUX and would like to know some information about Secondary & Tertiary DNS Servers.
Currently, my client send the update to only Primary DNS server.

Could anyone kindly answer the following :
Why do we need secondary and tertiary servers?
My understanding regarding them is that :
- Any client sends the update only to the Primary DNS server.
- Primary server updates the records to secondary and tertiary.
- Any DNS Queries can be answered by any of the primary, secondary or tertiary servers.

What happens when the primary server is not reachable?
Should client send the update record to secondary DNS Server in that case?

Thanks in advance,

With Regards,
nsvora

I have a very basic knowledge of DNS, but as I understand it; the DHCP server can be set to distribute IP's (and as a part of this, the Primary, Secondary & Tertiary DNS server addresses) to client machines. If the Primary DNS goes down or is overloaded with traffic (ie the client machine doesn't get a response soon enough) then I'd expect the client to look to the Secondary DNS. And then to the Tertiary if that didn't respond soon enough. So I guess they are simply there for backup, and also load-balancing I suppose on very busy networks :shrug: Hopefully that made sense, the wiki has a lot on DNS (http://en.wikipedia.org/wiki/DNS), which I should probably read myself sometime :up:

Hi All,
I am working on the proprietory Dynamic DNS client implementation . My DHCP and DDNS server are running on LINUX and would like to know some information about Secondary & Tertiary DNS Servers.
Currently, my client send the update to only Primary DNS server.

Could anyone kindly answer the following :
Why do we need secondary and tertiary servers?
My understanding regarding them is that :
- Any client sends the update only to the Primary DNS server.
- Primary server updates the records to secondary and tertiary.
- Any DNS Queries can be answered by any of the primary, secondary or tertiary servers.

What happens when the primary server is not reachable?
Should client send the update record to secondary DNS Server in that case?

Thanks in advance,

With Regards,
nsvora

Secondary/Tertiary DNS servers are generally implemented to remove the issue of a single point of failure in a network (because, obviously, if one goes down you no longer have name resolution). If this just means Internet access is gone, that may be okay, but if you're also using Active Directory or another application/database that requires name resolution, you're hooped. There are other things you could do with secondary DNS' if you wanted to get fancy, but given that you seem to be doing something for a company that isn't paying *me* to do it, I'll leave it at that ;)

Clients will send requests to their primary first, then secondary, etc. depending upon timeout and negative response.

If you're setting up secondary and tertiary DNS's on Linux machines, you'll want to create the primary as the master name server clients register with and the secondary/tertiary as a secondary/slave name server to the master name server. By doing that the primary/master name server will update the secondary servers of changes (but keep in mind that if the primary goes down clients will no longer be able to register until you change the secondary into a primary or bring the primary back online).

Secondary/Tertiary DNS servers are generally implemented to remove the issue of a single point of failure in a network (because, obviously, if one goes down you no longer have name resolution). If this just means Internet access is gone, that may be okay, but if you're also using Active Directory or another application/database that requires name resolution, you're hooped. There are other things you could do with secondary DNS' if you wanted to get fancy, but given that you seem to be doing something for a company that isn't paying *me* to do it, I'll leave it at that ;)

Clients will send requests to their primary first, then secondary, etc. depending upon timeout and negative response.

If you're setting up secondary and tertiary DNS's on Linux machines, you'll want to create the primary as the master name server clients register with and the secondary/tertiary as a secondary/slave name server to the master name server. By doing that the primary/master name server will update the secondary servers of changes (but keep in mind that if the primary goes down clients will no longer be able to register until you change the secondary into a primary or bring the primary back online).

Thanks for your replies jimwah and serra.

I understand the redundancy required for the updates to go throught we need two servers.
So according to you, DDNS client be sending these updates to secondary if primary is not reachable. Right?

Note :
I have proprietory implementation of DHCP and DDNS client so i dont want to have DHCP server updating the DNS server.

Thanks for your replies jimwah and serra.

I understand the redundancy required for the updates to go throught we need two servers.
So according to you, DDNS client be sending these updates to secondary if primary is not reachable. Right?

Note :
I have proprietory implementation of DHCP and DDNS client so i dont want to have DHCP server updating the DNS server.

If you don't want your DHCP server updating your DNS server you can simply turn off that option. Doing so forces the clients to update their own DNS information. It should be noted however that this can create some issues such as:

Scenario:
Client A registers its own DNS entry. Client A is then unplugged from the network or changes its IP without notifying its DNS server of a change. Client B then comes along and wants to register its IP address, which was the same as Client A's old IP. But registration fails! The reason is that Client B may not have the permission required to change the entry.

All assuming it's an internal DDNS server, of course..

If you don't want your DHCP server updating your DNS server you can simply turn off that option. Doing so forces the clients to update their own DNS information. It should be noted however that this can create some issues such as:

Scenario:
Client A registers its own DNS entry. Client A is then unplugged from the network or changes its IP without notifying its DNS server of a change. Client B then comes along and wants to register its IP address, which was the same as Client A's old IP. But registration fails! The reason is that Client B may not have the permission required to change the entry.

All assuming it's an internal DDNS server, of course..

Thanks for reply Serra.
So according to you, DDNS client be sending these updates to secondary if primary is not reachable. Right?

They could send their updates, but the secondary would never process them.

Your master/primary Linux DNS server is the only server with the 'write' permission for the DNS file. Your secondary has only 'read' permission and obtains updated copies of the file from your primary.

So clients can only register with the primary, but can use the secondary if the primary is unavailable. If the primary becomes unavailable the secondary will continue to have its copy of the DNS file, but clients will not be able to register with it until you either promote it to a primary or bring the primary back online. This should hopefully be a short amount of time, because you should find out quickly if your primary fails and so it should cause very little downtime anyway (especially since all core servers and computers should have statically assigned IP addresses anyway)

They could send their updates, but the secondary would never process them.

Your master/primary Linux DNS server is the only server with the 'write' permission for the DNS file. Your secondary has only 'read' permission and obtains updated copies of the file from your primary.

So clients can only register with the primary, but can use the secondary if the primary is unavailable. If the primary becomes unavailable the secondary will continue to have its copy of the DNS file, but clients will not be able to register with it until you either promote it to a primary or bring the primary back online. This should hopefully be a short amount of time, because you should find out quickly if your primary fails and so it should cause very little downtime anyway (especially since all core servers and computers should have statically assigned IP addresses anyway)


Thanks for the reply Serra.
All I understand from the discussion is that ,
1) We need secondary and Tertiary Servers for redundancy purpose. So in case primary server is not available, client query could be answered by secondary or tertiary servers.
But this is true only for the DNS queries. Updates should be sent to only primary server.
2) In case primary server is not reachable , secondary server should be configured as primary server. And updates should be sent only to current primary server.
(Only one server can be authoritative for a zone. Could this be another reason for this ? )

In any case, the dns "updates" should be sent only to the primary server.
Secondary & Tertiary servers are configured only for redundancy of "queries". We cannot have redundancy for updates.

Could you kindly correct me if I am wrong.

With Regards,
nsvora