DNS Servers

There are several kinds of DNS server, each designed to perform a different type of task under the Domain Name Service. The basic kind of DNS server is the master server. Each network must have at least one master server that is responsible for resolving names on the network.Large networks may need several DNS servers. Some of these can be slave servers that can be updated directly from a master server. Others may be alternative master servers that hosts in a network can use. Both are commonly referred to as secondary servers.


  • For DNS requests a DNS server cannot resolve, the request can be forwarded to specific DNS servers outside the network, say on the Internet.

  • DNS servers in a network can be set up to perform this task and are referred to as forwarder servers. Local DNS servers can be setup within a network that operate as caching servers.

  • Such a server merely collects DNS lookups from previous requests it sent to the main DNS server. Any repeated requests can then be answered by the caching server.

  • A server that can answer DNS queries for a given zone with authority is known as an authoritative server. An authoritative server holds the DNS configuration records for hosts in a zone that will associate each host’s DNS name with an IP address.

For example, a master server is an authoritative server. So are slave and stealth servers. A caching server is not authoritative. It only holds whatever associations it picked up from other servers and cannot guarantee that the associations are valid.

  • Master server this is the primary DNS server for a zone.

  • Slave server A DNS server that receives zone information from the master server.

  • Forwarder server that forwards unresolved DNS requests to outside DNS servers.

  • Can be used to keep other servers on a local network hidden from the Internet.

  • Caching only server Caches DNS information it receives from DNS servers and uses it to resolve local requests.

  • Stealth server A DNS server for a zone not listed as a name server by the master DNS server.

The configuration file for the named daemon is named.conf, located in the / etc directory. It uses a flexible syntax similar to C programs. The format enables easy configuration of selected zones, enabling features such as access control lists and categorized logging.

The named.conf file consists of BIND configuration commands with attached blocks within which specific options are listed. A configuration command is followed by arguments and a block that is delimited with braces.

Within the block are lines of option and feature entries. Each entry is terminated with a semicolon. Comments can use the C, C++, or Shell/Perl syntax: enclosing /* */, preceding //, or preceding #.

The following example shows a zone statement followed by the zone name and a block of options that begin with an opening brace,{. Each option entry ends with a semicolon. The entire block ends with a closing brace, also followed by a semicolon. The format for a named.conf entry is show here, along with the different kinds of comments allowed.

// comments /* comments */
# commentsstatements {
options and features; //comments

The following example shows a simple caching server entry. // a caching only name server config

zone "."
{ type hint;
file "named.ca";

Option Description

  • type - Specifies a zone type.

  • file - Specifies the zone file for the zone.

  • directory - Specifies a directory for zone files.

  • forwarders - Lists hosts for DNS servers where requests are to be forwarded.

  • masters - Lists hosts for DNS master servers for a slave server.

Option Description

  • notify - Allows master servers to notify their slave servers when the master zone data changes and updates are needed.

  • allow-transfer - Specifies which hosts are allowed to receive zone transfers.

  • allow-query - Specifies hosts that are allowed make queries.

  • allow-recursion - Specifies hosts that are allowed to perform recursive querieson the server.

The zone statement is used to specify the domains the name server will service. You enter the keyword zone, followed by the name of the domain placed within double quotes. Do not place a period at the end of the domain name.

In the following example, a period is within the domain name, but not at the end, “wst.com”; this differs from the zone file, which requires a period at the end of a complete domain name. After the zone name, you can specify the class in, which stands for Internet. You can also leave it out, in which case in is assumed. The type option is used to specify the zone’s type.

A forward zone directs all queries to name servers specified in a forwarder statement. A hint zone specifies the set of root name servers used by all Internet DNS servers.

The name of its zone file is usually the same as the zone name, in this case,

zone "wst.com" in { type master;
file“wst.com"; };

Type Description

masterPrimary DNS zone slaveSlave DNS server. Controlled by a master DNS server hint Set of root DNS Internet servers

Type Description

forwardForwards any queries in it to other servers stubLike a slave zone, but only holds names of DNS servers

Other statements, such as acl, server, options, and logging, enable you to configure different features for your name server. The server statement defines the characteristics to be associated with a remote name server, such as the transfer method and key ID for transaction security. The control statement defines special control channels.

The key statement defines a key ID to be used in a server statement that associates an authentication method with a particular name server. The logging statement is used to configure logging options for the name server, such as the maximum size of the log file and a severity level for messages.

Statement Description

  • key - Specifies key information for use in authentication and authorization.

  • logging - Specifies what the server logs and where the log messages are sent.

  • Option Global server configuration options and defaults for other statements.

  • controls - Declares control channels to be used by the ndc utility.

  • server - Sets certain configuration options for the specified server basis.

  • sortlists - Gives preference to specified networks based on a queries source.

  • trusted-keys - Defines DNSSEC keys pre configured into the server and implicitlytrusted.zoneDefines a zone. viewDefines a view.

The option statement defines global options and can be used only once in the configuration file. An extensive number of options cover such components as forwarding, name checking, directory path names, access control, and zone transfers, among others. A complete listing can be found in the BIND documentation. A critically important option found in most configuration files is the directory option, which holds the location of the name server’s zone and cache files on your system.

Subscribe For More Content