Zone transfer
Printer Friendly Format
Bookmark this page
Back to "Domain Name System"Since a DNS loss for an enterprise has usually serious consequences, the DNS data become - thus the zone files (see: Zone) - identically nearly without exception held on several name servers. When changes it must be guaranteed that all servers possess the same volume of data. The synchronisation between the servers involved is realized by the zone transfer. The zone transfer does not only contain the bare transferring of files or sentences, but also recognizing deviations in the volume of data of the servers involved.
The original data of a zone are appropriate for that on a DNS server, as Primary name server (short: Primary) for this zone is designated. For the increase of the reliability to protect realization of a simple distribution of load or around the Primary before attacks (see also: Hidden Primary) are installed in practice in nearly all cases one or more additional servers, those as Secondary name server (short: Secondary) for this zone to be designated. With some Topleveldomains (e.g. de.) it is even regulation to make zone files for the Secondleveldomains on at least two servers accessible.
A DNS server cannot be called overall Primary or Secondary. This function is to be always regarded regarding a zone. So a DNS server can be Primary for a zone and Secondary for another zone.
The DNS information of a Primary and a Secondary is regarded as qualitatively equivalent. Both Primary and Secondary are autoritativ for a zone, i.e. can be absolutely trusted to their data (in contrast to it for example data from DNS Caches as not autoritativ outstandingly, there it to have become outdated can).
DNS entries are produced, changed or deleted in principle only on the Primary. That can take place via manual editing of the zone file concerned or automatically via dynamic updates from a data base.
A DNS server, which serves a zone file as direct source for the synchronisation, is called master. One calls a DNS server, which refers the zone data of a master, Slave. A Primary is always master, while a Secondary can be both Slave and masters. It is Slave, if it refers the zone data of a master; it is master, if it serves as source for further Secondaries. This nesting of Secondaries is frequently used, in order to decrease the load of the Primarys by the zone transfer.
For the synchronisation between master and Slave two methods exist:
Notify procedure
The master informs all Slaves of a zone, as soon as in the zone something changed. The Slave requests then either the complete zone or - better - by incremental zone transfer only the changed resource record. The information, who Slave is, indirectly from the LV resource record of a zone is derived. The master is specified in the SOA resource record. All different in LV-RRs specified server are considered automatically than Slave.
Slave get procedure
The Slave gets the SOA resource record of the zone concerned of the master in certain distances (the Refresh in such a way specified Time, which amounts to typically one hour) and compares the serial numbers. If the serial number of the SOA RRs of the Masters is larger than those of the Slaves, the volume of data does not agree. The Slave requests then either the complete zone or - better - by incremental zone transfer only the changed resource record. The relevant parameters (e.g. Serial number and Refresh timers) are in the SOA-RR. The master specifies these values and forces upon it to the Slaves.
The Notify procedure is clearly superior to the Slave get procedure, since changes are conveyed faster to the Slaves. It is today standard. For the zone transfer in principle TCP is used and not, as with DNS Requests, UDP.
Security
By a secret key (with bind "rndc keys" mentioned) the servers make sure that they really operate with their master/Slave.
Back to topArticles in category "Zone transfer"
We found here 5 articles.
Z» Zone (DNS)» Zone C » Zone file » Zone transfer » Zone Walking |
Related Websites
We found here 5 related websites.
- DNS zone transfer - Wikipedia, the free encyclopedia
DNS zone transfer, also sometimes known by its (commonest) opcode ... Zone transfer comes in two flavours, full (opcode AXFR) and incremental (IXFR). ... - Initiate a zone transfer at a secondary server
In the console tree, right-click the applicable zone and click Transfer from master. ... By default, the DNS server will only allow a zone transfer to ... - Modify zone transfer settings
If you allow any DNS server to perform a zone transfer, you are allowing internal network information to be transferred to any host that can contact your ... - nslookup and DNS Zone Transfers
You can issue a zone transfer request using the nslookup client which is a standard part of unix, NT, Windows 2000 and XP. To dump the DNS records from your ... - Understanding zones and zone transfer
A zone transfer might occur during any of the following scenarios: ... The zone is delivered to the destination server requesting the transfer with its ...
Related articles
Index | Privacy | Terms Of Use | Sitemap | Feedback
