Guruhowtos

A Master DNS contains one or more zone files for which this DNS is Authoritative (’type master’). The zone has been delegated (via an NS Resource Record) to this DNS.

The term ‘master’ was introduced in BIND 8.x and replaced the term ‘primary’.

Master status is defined in BIND by including ‘type master’ in the zone declaration section of the named.conf file) as shown by the following fragment.

// example.com fragment from named.conf
// defines this server as a zone master
zone "example.com" in{
	type master;
	file "pri.example.com";
};

otes:

The terms Primary and Secondary DNS entries in Windows TCP/IP network properties mean nothing, they may reflect the ‘master’ and ’slave’ name-server or they may not – you decide this based on operational need, not BIND configuration.

It is important to understand that a zone ‘master’ is a server which gets its zone data from a local source as opposed to a ’slave’ which gets its zone data from an external (networked) source (the ‘master’). This apparently trivial point means that you can have any number of ‘master’ servers for any zone if it makes operational sense. You have to ensure (by a manual or other process) that the zone files are synchronised but apart from this there is nothing to prevent it.

Just to confuse things still further you may run across the term ‘Primary Master’ this has a special meaning in the context of dynamic DNS updates and is defined to be the name server that appears in the SOA RR record.

When a master DNS receives Queries for a zone for which it is authoritative then it will respond as ‘Authoritative’ (AA bit is set in a query response).

When a DNS server receives a query for a zone which it is neither a Master nor a Slave then it will act as configured (in BIND this behaviour is defined in the named.conf file):

If caching behaviour is permitted and recursive queries are allowed the server will completely answer the request or return an error.
If caching behaviour is permitted and Iterative (non-recursive) queries are allowed the server can respond with the complete answer (if it is already in the cache because of another request), a referral or return an error.
If caching behaviour NOT permitted (an ‘Authoritative Only’ DNS server) the server will return a referral or return an error.
A master DNS server can export (NOTIFY) zone changes to defined (typically slave) servers. This ensures zone changes are rapidly propagated to the slaves (interrupt driven) rather than rely on the slave server polling for changes. The BIND default is to notify the servers defined in NS records for the zone.

If you are running Stealth Servers and wish them to be notified you will have to add an also-notify parameter as shown in the BIND named.conf file fragment below:

// example.com fragment from named.conf
// defines this server as a zone master
// 192.168.0.2 is a stealth server NOT listed in a NS record
zone "example.com" in{
	type master;
	also-notify {192.168.0.2;};
	file "pri/pri.example.com";
};