How can I launch a private Internet DNS server?

Chuck Aurora ca at nodns4.us
Thu Nov 5 17:27:19 UTC 2020


On 2020-11-05 07:36, Bob Harold wrote:
> On Thu, Nov 5, 2020 at 7:00 AM Michael De Roover <isc at nixmagic.com>
> wrote:
>> On Thu, 2020-11-05 at 11:31 +0100, Alessandro Vesely wrote:
>>> A good secondary offloads your server noticeably, and
>>> keeps the domain alive in case of temporary failures.
>> 
>> AFAIK, authoritative slave servers are only used when the master is
>> confirmed to be down. Lookups take significantly longer in such
>> cases since for every request, the master will be asked first.

This is not true, as Bob points out, and as I add to below.

> You appear to have confused 'secondary' authoritative servers with a
> second 'resolver'.
> Authoritative servers - listed in the NS records - are used by other
> DNS servers, not by end users, and they will get used equally with the
> slaves, if your parent zone has the right NS records also.  Those are
> good to outsource the secondaries.

It should perhaps be pointed out here that the DNS protocol has no
means to distinguish among different types of NS host.  (Yes, there is
the SOA MNAME, but that is not used by resolvers.)  One NS is as good
as any other NS.

For that matter, there is no requirement that any zone should have
different kinds of NS hosts.  Some might still be using out-of-band
means to distribute zone files among multiple master/primary servers.
Others might have all NS as secondary/slave servers, which get their
notifies and transfer the zone from an unlisted (not listed among the
zone's NS records) primary server.

BIND named as resolver is going to try all NS and stick with whichever
gives the fastest responses.


More information about the bind-users mailing list