When is secondary dns used

Some may also prefer the primary one but do some kind of load balancing and switch to the secondary one if more than a certain amount of queries are currently pending on the primary one. Some will just alternate between them as a poor man's load balancing. All of this is actually allowed. In your case, though, I'm afraid something is wrong with your primary server as by default, macOS will only use the primary one.

If it constantly falls back to the secondary one, it may consider the primary one to be too slow. Every time that happens, the secondary server becomes the primary one, see this older knowlebase article.

This cnet article explained how this can be disabled but I'm not sure this is still possible in current systems. I wasn't able to find any reference on this but IIRC from the very back of my head, Apple once mentioned on a WWDC that they are now more aggressive at DNS querying and may even try to contact multiple DNS servers at once with the fastest one winning in some cases but I might be wrong on this maybe this was iOS only or so. Stack Overflow for Teams — Collaborate and share knowledge with a private group.

Create a free Team What is Teams? Collectives on Stack Overflow. Learn more. When is a secondary DNS server used? Ask Question. Asked 9 years, 7 months ago. You want to have all your nameservers always up. In your case, you may find that it is simpler to use your ISP or domain registrar to host your domain.

They will have one or more backup nameservers and will have resources dedicated to keeping them running. If all you run is a web server a secondary DNS may not seem that important. However, when your server is down there are a number of reasons you may want a backup DNS server, including:. If your domain gets or send email you need a backup DNS to establish your credibility and ensure future delivery of email. If a mail server looks up you domain and finds it doesn't exist, it will immediately bounce your email.

However, if it DNS lookups succeed and the server is down, then the email will be queued for later delivery. Only if you are down for a few days will your email start bouncing. Some poorly behaved automated delivery systems try only once and may fail to deliver messages even if your server is up.

You don't need to switch to the backup it's automagic. If a DNS request for a name within your domain gets as far as querying remember DNS is heavily cahed you servers then if your primary NS server doesn't respond, the secondary NS server will be queried. If you host your DNS away from the server hosting the services you provide then having 2 is sensible.

If one goes down then the other will pickup and your domain is still available. Besides the fact that a second DNS server is required by RFC it's also good to avoid negative caching by upstream resolvers. As some ISPs have uncommon caching policies it's better to have a second dns server that answers those requests even if the webserver is down.

This way you can avoid effects of negative caching once the server is back up running. Note: In general a neg-cache interval of max. You are right -- you don't need a third-party secondary in your situation, and it'll offer few improvements to you, provided that all your other services including the mail are still hosted on a single box in a single network.

Yes, both the primary and secondary are run next to each other; both are supposed to have the same information but coherence of information is not guaranteed in practice ; to an outsider's view, there's no difference between the primary and the secondary server, both are viewed the same, generally, only one is used for a given resolution. If one is down, the other one is tried. It'll be a bad idea to have one of the servers in Tokyo, if all of your customers are in New York, because it'll increase the latency of the average resolution e.

The DNS spec does appear to require that at least two NS records are provided for a domain, so, you might run into some resolvers failing to resolve a name if you somehow manage to set up only a single NS record for your domain. A good overview on the misconceptions of a secondary third-party DNS service is provided by DJB, the author of djbdns:. The service companies' claims are wildly exaggerated, and should never be used as a substitute for common sense.

Sign up to join this community. The best answers are voted up and rise to the top. Stack Overflow for Teams — Collaborate and share knowledge with a private group. Create a free Team What is Teams? When another DNS server is added to a domain, one will become the primary. Essentially, it is a managerial space within the DNS environment that defines procedures for proper DNS operations in relation to the domain s.

Each zone file includes a Start of Authority SOA record, which includes the administrative information about the zone, such as its name, serial number, and e-mail address of the administrator of the zone file. All records that have been configured in the DNS management portal are stored on the server. They further define the domain and dictate actions that the server needs to take pertaining to the rules set in the record. Secondary DNS service affords you an extra set of authoritative nameservers to answer queries for your domain.

The information that is stored on both nameservers is identical. Secondary DNS allows your domain zone file to be backed up automatically and stored as a copy on a secondary server. If one provider is unreachable, the other will systematically step in to answer the queries.

Having Secondary DNS is much like setting a destination on a map application on your mobile phone and letting it guide you. Secondary DNS is a mission-critical configuration that provides extra redundancy for your domain since you are able to establish a supporting set of automatically updated zone files. This is essential in bypassing DNS service outages , misconfigurations, natural disasters, and targeted attacks such as distributed denial-of-service DDoS attempts.

So not the 2 hours I mentioned but more like 15 minutes which to an end user would be 2 hours. Plus if it's cached which chances are it is, then it would be indefinite until a reboot or ipconfig flush. The article doesn't contradict what I said above. Your article simply gives a very high level overview of how the client queries the DNS servers. It does not go into the detail of what happens in normal situations. For instance, point 1 states that if no response is received then it will go to the second.

On top of that, if the server is accessible but DNS has issues, then the client will get a response from the server even if it's not the response we expect, the client won't go to the next DNS server because it got a response from the first.

The client queries the DNS server for an external address, the DNS server tries to resolve it but says it can't reach the site. That response is sent back to the client, therefore the client did receive a response and will not move onto the next DNS server. I highly recommend reading the entire article I posted above from Ace, it will explain in much better than I can and will help you to understand when, why and how a client will go to a send DNS server.

To continue this discussion, please ask a new question. Get answers from your peers along with millions of IT pros who visit Spiceworks. Best Answer. Thai Pepper. View this "Best Answer" in the replies below ». Popular Topics in DNS.