Secondary (Backup) DNS – Why use it?
DNS is great! It allows the Internet to exist. Without it, we have no other viable alternative to connect so many devices in one united web. Imagine a text document with all the IP addresses of all the host and connected devices in the world. And somebody that is manually editing each change, just impossible!
We have a DNS for managing this, but often, it experiences problems. If you have just a primary DNS server and no Secondary (backup) DNS servers, you could be in big trouble. If it gets attacked, your site won’t be reachable until it gets up again.
What is Primary DNS (Master DNS)?
The Primary DNS, also known as the Master DNS, is the one that has the original zone file. It has the DNS records, and all the changes happen inside this one. When you add records, you are adding them to the Primary DNS server.
What is Secondary DNS (Backup DNS)?
The Secondary DNS, also known as the Backup DNS or Slave DNS, is a recursive DNS server or servers that has or have a copy of the zone file. It will have a copy of the DNS records, but it will just copy the information from the Primary DNS. If you change any DNS record, you will need to wait until the Secondary DNS servers update. This depends on the values that were set inside the SOA (start of authority) record. Inside the SOA record, you can see the refresh rate and TTL value.
So, in short, the Backup DNS is a system of recursive DNS servers that has a read-only copy of the DNS records. The Secondary DNS will stay on, even if the Primary DNS is down, and will still resolve queries as long as the values inside the SOA record allows it (for a certain time until the data is not current anymore).
It is a good practice to have a Secondary DNS with a different provider. That way, you could have better chances to stay up in case of attack.
Why should you use a Secondary DNS?
There are 3 main reasons to have a Secondary DNS:
- Use Secondary DNS to withstand attacks. The most obvious reason is to have a network of secondary DNS servers that can still respond to queries even if your main DNS server is down. Your potential visitors will still be able to get a normal experience, thanks to this backup, for quite a while until you have the chance to get the Primary DNS up and running again.
- The Secondary DNS could boost network performance. Having multiple points of presence can serve you to create a load balancing network. You can manage the traffic and spread it between the multiple DNS servers. You can provide faster response and has less weight on your Primary DNS server.
- Have a backup copy of the DNS records. If, for some reason, your Primary server gets compromised and you lost all your DNS records there, you could still get them back from the Backup DNS. You won’t need to start creating your DNS records from zero.
Conclusion
Having a Secondary DNS is a great decision. The cost is not very high, and it can really increase redundancy and your DNS security. For as little as a few bucks per month, you could keep your site up, even if your Master DNS is down. Some may say that “it is like giving armor to an armadillo”, but the DDoS attacks have really increased in numbers and strengths during the last years, and it is not good to try our luck.