- Apr 25, 2013
- 3,372
- 36
- 28,640
When you deploy a DNS server in your organization, the installation and configuration process by default uses the Stub zone that caches all the resolve queries in this database. This DNS cache is helpful when the users request for the same destination repeatedly. With the help of the cache, the already resolved destinations can be easily accessed as query needs not to go through the entire name resolution process that happened when the query was resolved for the first time.
Apart from the default Stub zone, when administrators manually configure the DNS server and prepare it to service in large network infrastructures, they configure the Primary Zone in the DNS server.
Primary DNS Zone
Primary zone in the DNS server is the read/write copy of the DNS database. This means that whenever a new DNS record is added to the DNS database either automatically by the DNS clients or manually by the administrators, it is actually written in the primary zone of the DNS server. One DNS server can have only one primary DNS zone.
Since the primary zone of the DNS server is the read/write copy of the DNS database, it must be kept at a location where it remains physically protected from attacks, and remains safe from internal or external network threats and intrusions.
Secondary DNS Zone
Unlike primary DNS zone, the secondary DNS zone is the read-only copy of the DNS records. This means that the DNS records cannot be added directly to the secondary DNS zone. The secondary DNS zone can receive the updated records only from the primary DNS zone of the DNS server.
Also, unlike primary DNS zone where only one copy of the zone can exist in a DNS server, there can be up to 255 secondary DNS zones, where each secondary zone can receive DNS records updates from the same primary DNS zone, and none of the secondary zones can register the DNS records on its own.
DNS secondary zone is mostly deployed in another domain whose DNS server is not authoritative for resolving the queries of the current domain. For example, if there are two domains namely A and B, the primary DNS zones become authoritative for resolving the queries within their own domains, and the secondary DNS zone of the domain A will be placed in the domain B and vice-versa. With the help of this approach, if the DNS clients in the domain B try to communicate with any computer within the domain A, their queries can be resolved by the secondary DNS zone of the domain A that is placed within the domain B.
Apart from the default Stub zone, when administrators manually configure the DNS server and prepare it to service in large network infrastructures, they configure the Primary Zone in the DNS server.
Primary DNS Zone
Primary zone in the DNS server is the read/write copy of the DNS database. This means that whenever a new DNS record is added to the DNS database either automatically by the DNS clients or manually by the administrators, it is actually written in the primary zone of the DNS server. One DNS server can have only one primary DNS zone.
Since the primary zone of the DNS server is the read/write copy of the DNS database, it must be kept at a location where it remains physically protected from attacks, and remains safe from internal or external network threats and intrusions.
Secondary DNS Zone
Unlike primary DNS zone, the secondary DNS zone is the read-only copy of the DNS records. This means that the DNS records cannot be added directly to the secondary DNS zone. The secondary DNS zone can receive the updated records only from the primary DNS zone of the DNS server.
Also, unlike primary DNS zone where only one copy of the zone can exist in a DNS server, there can be up to 255 secondary DNS zones, where each secondary zone can receive DNS records updates from the same primary DNS zone, and none of the secondary zones can register the DNS records on its own.
DNS secondary zone is mostly deployed in another domain whose DNS server is not authoritative for resolving the queries of the current domain. For example, if there are two domains namely A and B, the primary DNS zones become authoritative for resolving the queries within their own domains, and the secondary DNS zone of the domain A will be placed in the domain B and vice-versa. With the help of this approach, if the DNS clients in the domain B try to communicate with any computer within the domain A, their queries can be resolved by the secondary DNS zone of the domain A that is placed within the domain B.
Facebook
Twitter
Instagram