Secondary (Backup) DNS – Why use it?
DNS is great! It allows the Internet to exist. Without it, we have no other viable alternative to connect so many devices in one united web. Imagine a text document with all the IP addresses of all the host and connected devices in the world. And somebody that is manually editing each change, just impossible!
We have a DNS for managing this, but often, it experiences problems. If you have just a primary DNS server and no Secondary (backup) DNS servers, you could be in big trouble. If it gets attacked, your site won’t be reachable until it gets up again.
What is Primary DNS (Master DNS)?
The Primary DNS, also known as the Master DNS, is the one that has the original zone file. It has the DNS records, and all the changes happen inside this one. When you add records, you are adding them to the Primary DNS server.
What is Secondary DNS (Backup DNS)?
The Secondary DNS, also known as the Backup DNS or Slave DNS, is a recursive DNS server or servers that has or have a copy of the zone file. It will have a copy of the DNS records, but it will just copy the information from the Primary DNS. If you change any DNS record, you will need to wait until the Secondary DNS servers update. This depends on the values that were set inside the SOA (start of authority) record. Inside the SOA record, you can see the refresh rate and TTL value.
So, in short, the Backup DNS is a system of recursive DNS servers that has a read-only copy of the DNS records. The Secondary DNS will stay on, even if the Primary DNS is down, and will still resolve queries as long as the values inside the SOA record allows it (for a certain time until the data is not current anymore).
It is a good practice to have a Secondary DNS with a different provider. That way, you could have better chances to stay up in case of attack.