The key to understanding how Domain Naming Service (DNS) servers work is to realize that the DNS database — that is, the list of all the domains, subdomains, and host mappings — is a massively distributed database. No single DNS server contains the entire DNS database. Instead, authority over different parts of the database is delegated to different servers throughout the Internet.
For example, suppose that a DNS server is set up to handle name resolutions for the LoweWriter.com domain. Then, when someone requests the IP address of doug.LoweWriter.com, the DNS server can provide the answer.
However, the DNS server wouldn’t be responsible for the rest of the Internet. Instead, if someone asks the DNS server for the IP address of some other computer, such as coyote.acme.com, the DNS server will have to pass the request on to another DNS server that knows the answer.
To simplify the management of the DNS database, the entire DNS namespace is divided into zones, and the responsibility for each zone is delegated to a particular DNS server. In many cases, zones correspond directly to domains. For example, if you set up a domain named LoweWriter.com, you can also set up a DNS zone called LoweWriter.com that’s responsible for the entire LoweWriter.com domain.
However, the subdomains that make up a domain can be parceled out to separate zones, as shown in the following illustration. Here, a domain named LoweWriter.com has been divided into two zones. One zone, us.LoweWriter.com, is responsible for the entire us.LoweWriter.com subdomain. The other zone, LoweWriter.com, is responsible for the entire LoweWriter.com domain except for the us.LoweWriter.com subdomain.
Why would you do that? The main reason is to delegate authority for the zone to separate servers. For example, the illustration suggests that part of the LoweWriter.com domain is administered in the United States and that part of it is administered in France. The two zones in the figure allow one server to be completely responsible for the U.S. portion of the domain, and the other server handles the rest of the domain.
The following are the two basic types of zones:
A primary zone is the master copy of a zone. The data for a primary zone is stored in the local database of the DNS server that hosts the primary zone. Only one DNS server can host a particular primary zone. Any updates to the zone must be made to the primary zone.
A secondary zone is a read-only copy of a zone. When a server hosts a secondary zone, the server doesn’t store a local copy of the zone data. Instead, it obtains its copy of the zone from the zone’s primary server by using a process called zone transfer.
Secondary servers must periodically check primary servers to see whether their secondary zone data is still current. If not, a zone transfer is initiated to update the secondary zone.