homepage Welcome to WebmasterWorld Guest from 54.242.241.20
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Hardware and OS Related Technologies / Website Technology Issues
Forum Library, Charter, Moderators: phranque

Website Technology Issues Forum

    
Primary and Secondary DNS setup
location and query order of authoritative nameservers
Robert Charlton

WebmasterWorld Administrator robert_charlton us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 3091170 posted 4:52 am on Sep 21, 2006 (gmt 0)

Be forwarned that I'm not experienced in DNS, but am being forced to learn by necessity. I have a question about the setup of Primary and Secondary DNS servers and where they should be located for the best tradeoff of speed and safety.

I've noticed that a client site is sometimes a bit slow to respond. The web host tech support tells me that there's a delay because the Primary DNS is at the registrar (across the country), rather than on the web host's nameservers. We're currently not using the web host's nameservers at all.

According to the support technician, adding Secondary DNS records to the hosting company's nameservers would not speed up response, though, because... so he says... the Primary and Secondary nameservers are queried in that order... ie, primary first, then the secondary. The registrar's tech support says much the same thing.

We'd like to keep the Primary DNS with the registrar, though, along with our NS records, because, if the host has problems, we could change A records to address a new hosting account very quickly. The registrar's A Record changes propagate in about 15 minutes.

As I search for answers, I'm beginning to question whether the tech support advice I've gotten is correct. I've found several references that suggest that both the primary and secondary nameservers are authoritative nameservers, and that these are queried "in no particular order." If that's the case, I'd think that adding our A records etc to the hosting company's name servers would speed things up, while giving us the extra measure of backup I'd like.

Thoughts... suggestions... comments?

Depending on the answer, this is liable to be a multi-part question. ;)

 

freeflight2

10+ Year Member



 
Msg#: 3091170 posted 5:02 am on Sep 21, 2006 (gmt 0)

you are correct: these 2 dudes were wrong... dnsreport.com will enlighten you even further

Robert Charlton

WebmasterWorld Administrator robert_charlton us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 3091170 posted 7:22 am on Sep 21, 2006 (gmt 0)

you are correct: these 2 dudes were wrong... dnsreport.com will enlighten you even further

freeflight2 - Thanks. I don't know all that much, but I'm amazed how many times I have to double-check support services. I did look on dnsreport.com, which is a great resource, and I couldn't find any articles. Are you talking about the DNS report itself?

My first follow-up question is whether there's any easy way of migrating my A records etc on the host's nameservers to exactly match what's on the registrar's nameservers. As I understand it, there isn't, and I simply have to be very careful and copy and paste everything in manually.

Where, if at all, am I likely to encounter differences in control panels that might result in different settings, and where am I likely to screw up?

I assume that once I've entered the data into the host's DNS control panel, including location info for all nameservers, I should go back to the registrar and have them add the new nameservers to the NS record. Is this correct? Again, any tricky spots in the process here that can cause grief later?

[edited by: Robert_Charlton at 7:23 am (utc) on Sep. 21, 2006]

Romeo

10+ Year Member



 
Msg#: 3091170 posted 1:20 pm on Sep 21, 2006 (gmt 0)

As I understand it, there isn't, and I simply have to be very careful and copy and paste everything in manually.

No 'copy and paste' necessary -- this is why there is one primary and those secondaries - it is just a maintenance thing and has nothing to do with query order.

Basically, if everything is set up correctly at the primary and the secondary side, you maintain and edit your zone file on the primary side only.

Whenever the zone file gets changed, the primary nameserver will automatically notify the secondary that a change has occured and the secondary then initiates a zone file transfer.

On the primary server the NOTIFY should be enabled and zone transfer to the secondary server allowed.

On the secondary name server side just a SLAVE definition for this domain to its nameserver server config is needed.

This was the basic description. Hopefully the tools provided to you would enable you to do all this -- otherwise you would be lost (or need assistance from your providers ... but I already said you would be lost).

By the way, the speed of the DNS lookup depends on many factors, the location of the delegated domain's servers is only one of them (not the most important one, if you don't use nameservers in Siberia while your host is in South America). It starts in the cache of your local access provider and may go through root servers until it finally ends on one of your nameservers.

You may test the speed of your nameservers with dnsstuff.com's 'DNS Timing' function -- another very helpful tool besides the dnsreport.com.

Kind regards,
R.

jtara

WebmasterWorld Senior Member jtara us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 3091170 posted 6:22 am on Sep 22, 2006 (gmt 0)

Primary and secondary(s) should be geographically and topologically dispersed.

The best solution is third-party DNS, and in particular, using a provider that has multiple servers at each address using IP_ANYCAST routing.

IP_ANYCAST allows multiple servers on the net in different places with the SAME address. Clients are routed to the NEAREST site.

Let's say you have a primary and two secondaries. The DNS provider actually provides 9, 12, or more servers. Let's say one is at address 1.2.3.4. They might have duplicate 1.2.3.4 servers in Los Angeles, N.Y., London, and Hong Kong. Clients get routed to the nearest one.

Most major websites (Microsoft, Yahoo, etc.) use this technology for DNS.

(Note that this works only with UDP packets, so don't get any ideas about IP_ANYCAST for your website. :) )

The very top tier DNS providers are expensive. However, there are also a few providers with this technology at very reasonable prices.

Robert Charlton

WebmasterWorld Administrator robert_charlton us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 3091170 posted 5:43 am on Sep 26, 2006 (gmt 0)

Romeo - Thanks. What you're describing is the way I think it should be. I see enough references regarding the need to edit the steps "a server at a time," though, that I'm confused. I think the crux of what you're saying, though, is "if everything is set up correctly."

On this thread, eg...

DNS and Name Servers Setup Help
[webmasterworld.com...]

There alternate ways of setting them up so that they automatically replicate, but these are complex and often unnecessary. What this means for you is that you'll replicate each of the steps below on both (or all) of the nameservers you'll be setting up.

Now, you've described how to set them up so they do automatically replicate, but the devil is always in the details. I'll go through my rough understanding of it, using the registrar example I've mentioned above, and please let me know where I'm going wrong. I'll be using control panels or working with tech support. If tech support, I'll need enough vocabulary to communicate unambiguously what's needed, and that's part of what I'm trying to nail down in this post.

On the primary server the NOTIFY should be enabled and zone transfer to the secondary server allowed.

On the secondary name server side just a SLAVE definition for this domain to its nameserver server config is needed.

Right now I'm assuming that the DNS server IP addresses at the registrar for my domain are both on the "TLD servers" and also on the "Domain Servers" or "DNS Servers" lists. Currently, those listed would only be the IP addresses of the registrar's DNS Servers.

OK... to do what you're suggesting I'm assuming I'd first have the registrar add the IPs of my host's DNS Servers to these lists (the TLD server list and the Primary DNS list), and then to enable NOTIFY in the Primary DNS.

I'd then go either to my host's tech support or to the control panel for the host's DNS servers assigned to my account... which I'm going to make my secondary name servers... and not type in anything except to check a box somewhere that permits a slave definition.

(Conceivably, the order of the above two steps might be reversed.)

If I understand you correctly, that's basically it, and all records would propagate in however long DNS propagation takes. I realize that all control panels aren't the same, but is what I've described likely to be the scenario at hosts like Westhost or Pair?

And, if I wanted to add additional secondary DNS, I'd simply get a DNS server IP account #, set that server as a slave, and add the list at the registrar.

If my Primary DNS server were not at my registrar, I assume I'd set up the DNS server account wherever and then have the registrar address the DNS IP# in their TLD server list.

[edited by: Robert_Charlton at 5:45 am (utc) on Sep. 26, 2006]

Robert Charlton

WebmasterWorld Administrator robert_charlton us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 3091170 posted 6:32 am on Sep 26, 2006 (gmt 0)

The best solution is third-party DNS.

jtara brings up an interesting point, which was in fact the next area I was going to cover. I have a question regarding an additional site (not the one I'm discussing above), that relates to DNS setup and third-party DNS costs specifically, and best practices with A Records and CNAMES. I'll split that one off separately to this thread...

A Records vs CNAMES in fail-over DNS
prefer A Records, but charges for monitoring are per A Record
[webmasterworld.com...]

Would still appreciate thoughts to my last question, though, on slaving the primary and secondary servers (for non-third-party DNS setups).

jtara

WebmasterWorld Senior Member jtara us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 3091170 posted 9:57 am on Sep 26, 2006 (gmt 0)

And, if I wanted to add additional secondary DNS, I'd simply get a DNS server IP account #, set that server as a slave, and add the list at the registrar.

Generally, setting up slaves is only a concern if you elect to run your own DNS servers. (Which I generally would not recommend.)

If you are using your registrar or third-party DNS, they take care of this for you. You simply update the master using a web interface. They deal with replication internally, and give you a list of from typically 2-5 DNS servers to use.

The only time you'd get involved in setting-up master-slave would be if you choose to use TWO third-party DNS providers. In this case, you would set-up a master-slave relationship, but only between the two services - you would not be doing it for each server provided by the backup DNS service.

Robert Charlton

WebmasterWorld Administrator robert_charlton us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 3091170 posted 3:51 am on Sep 27, 2006 (gmt 0)

If you are using your registrar or third-party DNS, they take care of this for you. You simply update the master using a web interface. They deal with replication internally, and give you a list of from typically 2-5 DNS servers to use.

Yes... the third-party DNS I'll be using for one site (spun off to another thread) has the replication well taken care of. Ditto for everything within the registrar's system.

In this thread (and I didn't mean to confuse things by bringing in the third-party DNS), I'm mainly concerned about a site where I'd like to use the servers at my web host as the secondary DNS. These are close by the web servers, so theoretically there might be a speed gain. But they're not likely to be on a list the registrar, which is across the country, gives me.

The only info I've been given thus far (by low level tech support at both places) is that I'd need to hand copy my A Records. Is this in fact what I need to do, or will giving the registrar the host's DNS IP numbers etc take care of the replication?

jtara

WebmasterWorld Senior Member jtara us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 3091170 posted 4:21 pm on Sep 27, 2006 (gmt 0)

I'm mainly concerned about a site where I'd like to use the servers at my web host as the secondary DNS...

The only info I've been given thus far (by low level tech support at both places) is that I'd need to hand copy my A Records. Is this in fact what I need to do, or will giving the registrar the host's DNS IP numbers etc take care of the replication?

If you are using your registrar's DNS servers, then this probably isn't going to work. They generally don't provide this option.

This will work if you are running ALL of the DNS servers yourself, OR if you are using a good third-party DNS provider.

You need to set up "zone transfers". That way, when changes are made to the master, it will update the slave(s).

I guess you could hand-copy records. Not a great idea, but you could.

1. Set up DNS at your slave server(s), including the new A records from step 2. Your SOA record should reference your primary DNS server.

2. Add A records for your slave DNS server(s) to your primary server.

3. Register your DNS server(s) at your registrar. This is usually a fun Easter-egg hunt. For some reason, they tend to make this hard to find.

4. Add your slave DNS server(s) name(s) and address(es) to the list of DNS servers at your registrar. This might be a problem - when you add to the list, your registrar might now assume that you are not going to be using their DNS, and may give you a message saying "your zone file will be deleted in xx hours", etc. If this happens, this approach is not going to work.

Robert Charlton

WebmasterWorld Administrator robert_charlton us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 3091170 posted 5:54 am on Sep 30, 2006 (gmt 0)

Thanks. I've been able to check only the hosting company so far, and it's as I feared. They say they would only sync with one of their own nameservers.

I'm going to be working on another site with the third-party DNS provider I'm using (and you're using), and will see if I can find out more about using their secondary nameserver service for this site. It's the only service they offer where they suggest setting it up will require some real expertise.

I'm thinking it would just be simpler to have them manage all the DNS for the site than try to set up extra secondaries with the current setup... but that's probably overkill if all we're trying to do is to take a half second or so off the first query to the site.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Website Technology Issues
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved