Primary Vs Secondary DNS

Primary DNS servers host controlling zone files, while secondary DNS servers are used for reliability and redundancy.

Primary Vs Secondary DNS

Learning Objectives

After reading this article you will be able to:

  • Define dynamic DNS
  • Understand the difference between a primary and secondary DNS server
  • Understand the need for secondary DNS servers

What are primary and secondary DNS servers?

When setting up a DNS server, a server administrator has a choice of whether to designate a DNS server as a primary or a secondary server (also known as a slave). In some cases, a server can be primary for one zone and also secondary for another zone.

A primary server hosts the controlling zone file, which contains all the authoritative information for a domain (This means that it is trusted source for important information, such as the IP address of the domain). This includes important information such as the IP address of the domain and who is responsible for the administration of that domain. Primary servers get this information directly from local files. Changes to a zone’s DNS records can only be made on a primary server, which can then update secondary servers.

Secondary servers contain read-only copies of the zone file, and they get their info from a primary server in a communication known as a zone transfer. Each zone can only have one primary DNS server, but it can have any number of secondary DNS servers. Changes to a zone’s DNS records cannot be made on a secondary server, but in some cases a secondary server can pass along change requests to a primary server.

Why have a secondary DNS server?

Primary DNS servers contain all the relevant resource records and can handle DNS queries for a domain, but it is standard (and required by many registrars) to have at least one secondary DNS server. The benefit of these secondary servers is that they provide redundancy in case the primary DNS server goes down, and they also help distribute the load of requests to the domain so that the primary server doesn’t get overloaded, which could result in a denial-of-service. They can do this using round-robin DNS, a load-balancing technique designed to send each server in the cluster roughly equal amounts of traffic. Learn about how Cloudflare's DNS can protect against denial-of-service attacks.