A DNS name server translates human-memorable domain names and host names into corresponding Internet Protocol (IP) addresses to locate computer systems and resources on the internet. DNS allows for two types of name servers:
- Primary masters; where the name server reads the zone data from a file on the server; and,
- Secondary masters or slave; where the name server gets the zone data from another name server authoritative for the zone, called its master server.
When a secondary master starts, it contacts its master name server and pulls the zone data over—this is called a zone transfer. Once the zone transfer is completed, both the primary master and the slave name servers are authoritative for that zone. There are good operational reasons for using additional DNS servers for zone replication:
Added DNS servers provide zone redundancy, which makes it possible for DNS names in the zone to be resolved for clients if a primary server for the zone stops responding.
Added DNS servers can be placed to reduce DNS network traffic. For example, adding a DNS server to the opposing side of a low-speed, wide area network (WAN) link can be useful in managing and reducing network traffic.
Additional secondary servers can be used to reduce loads on a primary server for a zone.
What is the fTLD Domain Security Requirement for Name Server Host Names?
Name server host names must be in the parent zone. This requirement ensures that authoritative name servers are trusted and reliable
Host Name Deployment for Registrars and Registrants
This is one of the easier Requirements to manage. A Name Server (NS) resource record indicates that a name server is authoritative for a zone. For instance, consider the records below:
- example.bank. IN NS dns1.example.bank. example.bank
- IN NS dns2.example.bank. example.bank
- IN NS backupns.example.bank
These records would state that there are three name servers for example.bank. To help ensure that these three name servers are trusted, the NS records are published in the parent zone. For those organizations configuring and running their own DNS, control over the zone files is simple to arrange. For organizations that outsource DNS and zone management, they will need to work with their third-party provider to ensure that this requirement is met. Operationally, even in situations where a third party is assisting with the configuration and management of the DNS, complying with this requirement is very straightforward.