blank.gif (43 bytes)

Church Of The
Swimming Elephant

Name Servers Connected: An Internet Encyclopedia
Name Servers

Up: Connected: An Internet Encyclopedia
Up: Programmed Instruction Course
Up: Section 2 - Domain Naming
Prev: Introduction to DNS
Next: The DNS Protocol

Name Servers

Name Servers Name servers are the hosts and programs which answer DNS protocol queries.

A name server is an Internet host running software capable of processing DNS requests. A popular free software name server is BIND Named, for UN*X hosts.

Primary and Secondary Name Servers

Typically, a single name server will be configured as the primary name server for a domain. For backup purposes, a number of other name servers may be configured as secondary name servers. From the standpoint of DNS, there is no difference between primary and secondary name servers, since the resolving algorithm simply uses a domain's NS records in the order provided. Typically, the primary name server is listed first, followed by the secondaries, but this is not a requirement. In fact, if a group of domains is served by a set of name servers, the ordering of the name servers may be mixed among the domains, to facilitate load balancing.

A domain's primary name server will have a file on disk containing the RR definitions for that domain. Typically, secondary name servers do not have to be known to the primary. However, some sites, not wishing to publicly distribute copies of their entire domain, restrict zone transfers to preconfigured hosts. Secondary name servers depend on zone transfers for their operation.

Typically, a secondary name server will perform a zone transfer to acquire a complete copy of the primary's RR database, often saving this copy on disk. Periodically, the primary's SOA record for the domain is checked for changes in its SERIAL field. Upon detecting a change, the secondary performs another zone transfer to acquire the updated information. Therefore, the SERIAL field in a domain's SOA record must be changed every time a change is made within the domain.

The timing of secondary updates is governed by several fields in the domain's SOA record. The secondaries check the primary's NS record every REFRESH seconds. If one can not perform a scheduled check, it retries every RETRY seconds. If a check can't be performed for EXPIRE seconds, then all the secondary's records for that domain are discarded, and it begins to return errors to lookup requests.

Recursion, Caching, and Authoritative Replies

If a name server receives a query for a domain it does not serve, two options are available. The name server may return a referral to the client citing better name servers. Such replies have empty answer sections, and NS records in the authority section pointing to the other servers. Alternately, the server may recurse by attempting to completely resolve the request through a series of exchanges with other name servers, delaying a reply to the original requester until it is complete.

Most name servers will recurse, since this permits them to cache the various resource records used to access the foreign domain, in anticipation of further similar requests. Every resource record has a Time To Live (TTL) field (distinct from the IP TTL field) which specifies the number of seconds the record may be cached before it must be discarded. Although an explicit TTL can be set on any resource record, most records default to the TTL specified in the MINIMUM field of their SOA. Clients may also cache, according to the same rules.

Part of the DNS message header is the Authoritative Answer (AA) bit. This bit is set in replies that come direct from a primary or secondary name server. This bit is clear in replies that come from a cache.


    In my opinion, authority is one of the most confusing aspects of DNS. First, it would be better to invert its sense of the AA bit and rename it "Cached". Second, it doesn't tell you what you really want to know - is this the most reliable information possible? This is because secondary name servers set the AA bit in their replies, and a common DNS misconfiguration is inaccurate secondaries. So call the present bit "Cached" and add another one - "Primary". Permit clients to set the bit in questions to demand forwarding to a primary name server. Use this option after receiving a suspicious or vacuous DNS answer. Then this concept would become useful.


Next: The DNS Protocol

Connected: An Internet Encyclopedia
Name Servers


Protect yourself from cyberstalkers, identity thieves, and those who would snoop on you.
Stop spam from invading your inbox without losing the mail you want. We give you more control over your e-mail than any other service.
Block popups, ads, and malicious scripts while you surf the net through our anonymous proxies.
Participate in Usenet, host your web files, easily send anonymous messages, and more, much more.
All private, all encrypted, all secure, all in an easy to use service, and all for only $5.95 a month!

Service Details

Have you gone to church today?
All pages ©1999, 2000, 2001, 2002, 2003 Church of the Swimming Elephant unless otherwise stated
Church of the Swimming Elephant©1999, 2000, 2001, 2002, 2003 is a wholly owned subsidiary of Packetderm, LLC.

Packetderm, LLC
210 Park Ave #308
Worcester, MA 01609