Name Servers

Name servers are the hosts and programs which answer DNS protocol queries.

A name server is an Internet host running software capable of processing DNS requests. A popular free software name server is BIND Named, for UN*X hosts.

Primary and Secondary Name Servers

Typically, a single name server will be configured as the primary name server for a domain. For backup purposes, a number of other name servers may be configured as secondary name servers. From the standpoint of DNS, there is no difference between primary and secondary name servers, since the resolving algorithm simply uses a domain's NS records in the order provided. Typically, the primary name server is listed first, followed by the secondaries, but this is not a requirement. In fact, if a group of domains is served by a set of name servers, the ordering of the name servers may be mixed among the domains, to facilitate load balancing.

A domain's primary name server will have a file on disk containing the RR definitions for that domain. Typically, secondary name servers do not have to be known to the primary. However, some sites, not wishing to publicly distribute copies of their entire domain, restrict zone transfers to preconfigured hosts. Secondary name servers depend on zone transfers for their operation.

Typically, a secondary name server will perform a zone transfer to acquire a complete copy of the primary's RR database, often saving this copy on disk. Periodically, the primary's SOA record for the domain is checked for changes in its SERIAL field. Upon detecting a change, the secondary performs another zone transfer to acquire the updated information. Therefore, the SERIAL field in a domain's SOA record must be changed every time a change is made within the domain.

The timing of secondary updates is governed by several fields in the domain's SOA record. The secondaries check the primary's NS record every REFRESH seconds. If one can not perform a scheduled check, it retries every RETRY seconds. If a check can't be performed for EXPIRE seconds, then all the secondary's records for that domain are discarded, and it begins to return errors to lookup requests.

Recursion, Caching, and Authoritative Replies

If a name server receives a query for a domain it does not serve, two options are available. The name server may return a referral to the client citing better name servers. Such replies have empty answer sections, and NS records in the authority section pointing to the other servers. Alternately, the server may recurse by attempting to completely resolve the request through a series of exchanges with other name servers, delaying a reply to the original requester until it is complete.

Most name servers will recurse, since this permits them to cache the various resource records used to access the foreign domain, in anticipation of further similar requests. Every resource record has a Time To Live (TTL) field (distinct from the IP TTL field) which specifies the number of seconds the record may be cached before it must be discarded. Although an explicit TTL can be set on any resource record, most records default to the TTL specified in the MINIMUM field of their SOA. Clients may also cache, according to the same rules.

Part of the DNS message header is the Authoritative Answer (AA) bit. This bit is set in replies that come direct from a primary or secondary name server. This bit is clear in replies that come from a cache.

\begin{soapbox}

In my opinion, authority is one of the most confusing aspects of DNS. First, it would be better to invert its sense of the AA bit and rename it "Cached". Second, it doesn't tell you what you really want to know - is this the most reliable information possible? This is because secondary name servers set the AA bit in their replies, and a common DNS misconfiguration is inaccurate secondaries. So call the present bit "Cached" and add another one - "Primary". Permit clients to set the bit in questions to demand forwarding to a primary name server. Use this option after receiving a suspicious or vacuous DNS answer. Then this concept would become useful.

\end{soapbox}