3.3 Planning a DNS Strategy

To provide load balancing, fault tolerance, and robustness to your DNS implementation, install and operate a primary name server and at least one secondary name server.

When you configure your zone, the primary name server contains the most up-to-date information about the zone and all the hosts within it.

A secondary name server receives its zone data from the primary name server. When it starts and at periodic intervals, the secondary name server queries the primary name server to determine whether the information it contains has been changed. If the zone information in the secondary name server is older than the zone information in the primary name server, a zone transfer occurs and the secondary name server receives the zone information from the primary name server.

For more information, see the following:

3.3.1 Planning Zones

If you are running a primary name server and providing DNS service for a zone, the size or geography of your network might require that you create subzones within the zone. Although there is no limitation on the size of a zone when you configure DNS, we recommend that you do not create very large zones. An OES DNS server can support very large zones, but the higher the number of resource records in a zone, the greater the impact on DNS query resolution for that zone. Managing small zones is simpler and more efficient. You can divide your zones into smaller subzones based on the geographic locations or organizational structures.

Keep the zone data as a separate partition and replicate the partition to all places on your network where you have a name server for the zone. Doing so enables independent replication of the zone data and also provides a degree of fault tolerance in case of server down time.

3.3.2 Using the OES DNS Server as a Primary Name Server

You must install the OES DNS server as a primary name server to have authoritative control over your zone and to take advantage of Dynamic DNS (DDNS), which is the dynamic updating of DNS by DHCP.

When operating a OES DNS server as a primary name server, you can use the Java Management Console to make configuration changes. When you operate a primary name server, the zone data can receive dynamic updates from DHCP servers. Non-OES secondary name servers can obtain data from the OES primary name server.

3.3.3 Using the OES DNS Server as a Secondary Name Server

If you plan to operate secondary DNS servers that use OES DNS and DHCP Services software and that connect to a non-OES master name server, one OES secondary name server must be specified as the Designated Secondary or zone in server. The Designated Secondary server receives zone transfer information from the non-OES master server and provides updates to eDirectory. Other OES secondary name servers can then access the information within eDirectory.

You might connect a OES secondary name server to a non-OES master name server for the following reasons:

  • You are using a master DNS server and do not want to designate it as a primary name server because of the responsibility it entails.

  • This approach is easy to implement in your existing DNS model.

  • You want to install more secondary name servers to provide better load balancing.

  • You want to gradually make the transition to operating a primary name server.

3.3.4 Configuring a DNS Server to Forward Requests

If a name server cannot answer a query, it must query a remote server. You can configure primary or secondary name servers to act as forwarders. When you designate a server to be a forwarder, all off-site queries are first sent to the forwarder.

Forwarders that handle the off-site queries develop a robust cache of information. The forwarder probably can answer any given query with information from its cache, eliminating the need to make an outside query to a remote server.

When you decide to make a server a forwarder, configure the other servers in your zone to direct their queries through the forwarder. When a forwarder receives a query, it checks its cache for the information. If the information is unavailable, the forwarder issues a query to the root server.

For more information, see:

Forwarding Requests

When you configure your name servers, you must provide information about where to forward requests that the servers cannot answer.

Even if you are using forwarders, a name server that does not receive a timely response from its forwarder eventually attempts to query a root server directly.

Restricting Forwarding (No-Forwarding)

If you have a primary name server with subdomains below it and the primary name server is not aware of the subdomains, the name server sends queries to external name servers.

You can configure your primary name server not to forward queries for specified internal subdomains to external name servers. Instead, the primary name server sends a negative response to any queries for the internal subdomains.

If you want to restrict some external domains, you can use No-Forwarding. You can configure your servers not to forward queries to the specified external domains and the server sends a negative response to queries for those external domain.

3.3.5 Setting Up the Forward Zone Type

If the name server is configured to serve forward zones, all queries for these zones are forwarded to the IP address configured in the Forward list of the zone. For example, if example.com is configured as a Forward Zone and is configured to forward queries to 10.10.10.3, all queries for example.com are forwarded to 10.10.10.3

3.3.6 Setting Up the in-addr.arpa Zone

Just as the data in your name server provides mapping of names to Internet addresses, the in-addr.arpa zone provides mapping of addresses to names. However, in the structure of the in-addr.arpa zone, the IP address appears in reverse. For example, an IP address of 100.20.30.4 in the san-jose.novell.com domain is 4.30.20.100.in-addr.arpa in the in-addr.arpa subdomain.

3.3.7 Registering Your DNS Server with Root Servers

If you plan to operate a primary DNS name server, you must register your name server with your parent domain. Not all name servers need to be registered, but we recommend registering one-third to one-half of your name servers (up to a maximum of 10) with the parent domain. These servers are queried by servers outside your domain. The remaining name servers are queried only by hosts within your domain that are configured to query them.

If you provide DNS service for other domains and provide an authoritative name server for those domains, you must also register those domains.

To register a domain or subdomain, you must contact the network administrators of the parent domain (com, for example) and the in-addr.arpa domain. Provide the administrators with the name of the domain name server and the name of the domain and any subdomains for which it is authoritative. If you are setting up a new domain, you also need to provide the IP address of any server you want to register.

InterNIC is the organization that registers domain names for the root, com, org, net, edu, and gov domains. To obtain the form for domain registration from InterNIC, contact them at InterNIC You can also obtain the form for in-addr.arpa domain registration from the same location.

Detailed information about the registration process is available from the InterNIC Web site. You can also use the InterNIC Web site to research domain names to ensure that the name you want is not already registered and to obtain additional information and help.