Authoritative DNS: Master-Slave

DNS is a vital network service and so its reliability is critical. This in turn means security and redundancy of DNS servers are key goals. To achieve these goals, the orthodox Best Practice for authoritative DNS is a master-slave architecture.

• The master is hidden securely behind a firewall. It is used to edit DNS records. It holds the original authoritative records, but does not resolve DNS queries
• A minimum of two slaves serve queries, for redundancy. Each slave only carries a copy of zone data, with the original held securely on the master.
• Data on the slave is not propagated to any other device. If a slave somehow became compromised, any amended DNS data could not infect the entire installation. Any damaging results would be more temporary and more contained than if compromises were made to the master authoritative data

 

The DNSBOX range has been designed to maximise the benefits of DNS Best Practice master-slave architectures.

In some situations, where security concerns are lower (eg for purely internal networks), a two-server architecture will still offer the basic level of redundancy. The master is not deployed behind a firewall, and responds to DNS queries alongside a single slave.

---

FIND OUT MORE ABOUT RECURSIVE DNS & CACHING