Published: 1 March 2024
Contributors: Chrystal R. China, Michael Goodwin
A primary DNS server is the authoritative name server of a domain name system (DNS). It is the first point of contact in query resolution and serves as the definitive source for information about a domain, storing original copies of all the domain's DNS records.
If a primary DNS server is unavailable, the browser, application, or device that initiated the query contacts a secondary DNS server, which contains a copy of the same DNS records.
In a DNS infrastructure, domain names drive traffic to IP addresses that hold the correct resources to address user requests. When users enter a domain name, the primary DNS server is the first stop on the path to query resolution. However, human-friendly hostnames and computer-friendly IP addresses need an intermediary to communicate. That’s where primary DNS servers enter the process.
Primary servers translate domain names into corresponding IP addresses, which then send the queried information back to the user. As such, primary DNS serves a vital function in routing internet traffic.
The Enterprise Guide to AI and IT Automation offers an in-depth look at AI-powered IT automation, including why and how to use it, the issues blocking your efforts and how to get started.
Subscribe to the IBM newsletter
Broadly speaking, DNS is akin to a phonebook for the internet. It converts domain names (such as www.example.com) into IP addresses (such as 192.0.2.1) that computers use to identify each other on the network. Without DNS, users would need to remember complex numerical IP addresses to access websites, which is impractical even before considering the volume of unique searches and data requests users make in a single day.
DNS frameworks have a tree-like structure with the root domain at the top, followed by top-level domains (TLDs), such as .com, .org, .net, .uk, and so on. Below the TLDs are second-level domains that typically comprise the recognizable part of a domain name (such as “ibm.com”) and any available secondary zones. Each TLD has its own set of name servers, but the primary name server comes into play at the second level.
When a domain is registered, its name server (NS) records are created and stored on a primary DNS server, typically provided by a hosting company or a DNS service provider. The primary DNS server holds various types of NS records, including A records, MX records and CNAME records (among other types), that route the appropriate data and information back to the user.
It's worth noting that server administrators can designate DNS servers as either primary or secondary. In fact, servers can have a primary designation in one zone and a secondary designation in another. However, each DNS zone can only have a single primary server.
Domain modifications also occur in the primary DNS. When an administrator wants to adjust DNS records, they must do so within the primary DNS servers; the changes then propagate to down the hierarchy to the remaining servers.
DNS servers are categorized as “primary” and “secondary” based on their roles in the DNS hierarchy. Whereas the primary DNS server holds the original read/write version of the zone file, secondary DNS servers hold read-only replicas of the zone file for the purposes of load balancing and redundancy management.
Secondary DNS services are nonessential; DNS systems can function when only a primary server is available. But it is standard, and often required by domain registrars, to maintain at least one secondary server to facilitate round-robin DNS (which distributes traffic evenly across each server) and prevent denial-of-service.
The conventional primary/secondary DNS architecture is becoming obsolete among modern, managed DNS providers. Today, most providers offer name server IPs to use, and behind each of those IPs is a pool of DNS servers that route requests by using anycast (a one-to-many transport protocol). This approach tends to provide better redundancy and higher availability than the classic model.
However, even in advanced DNS deployments, secondary DNS can help businesses:
Both primary and secondary servers maintain the efficiency and functionality of DNS systems, but there are key differences that dictate how they behave and interact in the computing environment.
In addition to storing the primary zone file, the primary DNS server responds to update requests from the domain administrator and processes dynamic updates. Secondary zone servers are backup servers that handle requests during primary server downtime or when the primary server is overloaded.
The primary zone file in the primary DNS contains all the A records (address records for IPv4); AAAA records (address records for IPv6); MX records (which direct to mail servers); CNAME records (which map aliases to their true, or “canonical,” domain names); SOA records (which contain all the administrative information for a domain); and TXT records (which indicate the sender policy framework record for email authentication) for a given domain. The administrator directly manages this file, and any updates or changes to DNS records are made here first.
Secondary DNS servers are exact copies of the zone file, transferred from the primary server. They cannot accommodate direct revision or edits to the zone file. Instead, they periodically check with the primary server for updates in a process called zone transfer.
Configuring a primary DNS involves setting up the zone file, resource records and access controls, and might include arranging authoritative (AXFR) and incremental (IXFR) zone transfers to designated secondary servers. Secondary DNS configurations, however, require administrators to set up communication protocols between the primary and secondary servers for zone data transfers, and to specify the frequency of check-ins with the primary server for updates.
Though the primary DNS server is essential, it also represents a single point of failure. If it crashes, and administrators have not designated secondary servers to take over the workload, the entire DNS resolution process suffers. Secondary servers cannot exist without a primary DNS server, but if there is a server outage, they can keep the DNS operational until the primary server is restored.
To better understand primary DNS, it’s important to understand how user queries flow through a system to resolution.
A user enters a domain name into a browser or app and the request is sent to a recursive DNS resolver. Typically, the user's device has predefined DNS settings, provided by the internet service provider (ISP), that determine which recursive resolver is deployed.
The recursive resolver checks its cache (that is, the temporary storage within a web browser or operating system) for the domain's corresponding IP address. If the DNS lookup data is not cached, the resolver initiates the process of retrieving it from the authoritative DNS servers, starting at the root server. The recursive resolver queries different DNS servers until it finds the final IP address.
The recursive resolver queries a root name server, which responds with a referral to the appropriate TLD server for the domain in question (the server responsible for all ".com" domains, for instance).
The resolver queries the TLD name server, which responds with the address of the domain's primary DNS server.
The resolver queries the primary server, which looks up the DNS zone file and responds with the correct record for the provided URL.
The recursive resolver caches the DNS record—for a time that is specified by the record's time-to-live (TTL)—and returns the IP address to the user's device. The browser or app can then initiate a connection to the host server at that IP address to access the requested website or service.
Primary DNS is central to query routing, so maintaining and optimizing primary DNS servers can accelerate the entire DNS system. Businesses can get the most out of their DNS by incorporating the following best practices.
Select a DNS provider with high uptime, comprehensive redundancy protocols and accessible customer support. IBM NS1, for instance, can help ensure that DNS queries are answered quickly and reliably.
Primary DNS providers range in their offerings, from public DNS services to premium, managed DNS servers. Determining the best DNS server for your business depends on organizational needs1, budgets, and complexity. While, for instance, using public DNS provides clients open, free DNS access, a migration to premium DNS can offer more fine-grained control.
Make sure that teams are informed about the latest DNS vulnerabilities and threats (such as malware, distributed DDoS attacks and cache spoofing), and use firewalls, domain name system security extensions (DNSSEC) and other security measures to secure DNS servers2 and mitigate risk.
Update DNS records to reflect changes to IP addresses, infrastructure, and services as quickly and as often as possible. Doing so enables consistent, accurate domain resolution.
IBM® NS1 Connect Managed DNS service delivers resilient, fast, authoritative DNS connections to prevent network outages and keep your business online, all the time.
Improve application resilience and uptime with a global network and advanced DNS traffic steering capabilities.
IBM Cloud® DNS services offer public and private authoritative DNS services with fast response time, unparalleled redundancy and advanced security—managed through the IBM Cloud web interface or by API.
The DNS makes it possible for users to connect to websites using URLs rather than numerical Internet protocol addresses.
DNS servers translate the website domain names users search in web browsers into corresponding numerical IP addresses. This process is known as DNS resolution.
A Domain Name System (DNS) record is a set of instructions used to connect domain names with internet protocol (IP) addresses within DNS servers.
DNS propagation refers to the amount of time that it takes for DNS servers to propagate changes to a DNS record across the internet.
A CNAME record, or canonical name record, serves as an alias within the Domain Name System (DNS), redirecting one domain name to another.
Learn about how computer networks operate, the architecture used to design networks, and how to keep networks secure.
1 "Should large enterprises self-host their authoritative DNS?," IBM.com, 1 February 2024
2 "Why DNS protection should be the first step in hybrid cloud security," (link resides outside ibm.com) TechRadar, 1 February 2024