Dark Arts
  • index
  • BUY ME A BOOK
  • 🪄Dark Magic
    • Pentesting
      • Industry Methodologies
    • Scopes of Testing
    • Reconnaissance
      • Passive
        • WHOIS
        • DNS
          • nslookup
          • dig
        • WAF
        • Subdomain
        • Google Dork
        • Misc. Techniques
        • Leaked Passwords
      • Active
        • Browser & Plugins
        • ping & traceroute
        • fping
        • telnet & netcat
        • DNS
          • Zone Transfer
          • DNS Amplification DDoS Attack Breakdown
        • Misc. Techniques
    • Vulnerability Assessment
    • Attack Types
  • 🕷️Aragoogs Nest
    • Web Application Overview & Security
      • Security Testing
      • Common Threats & Risks
    • Web Application Architecture
      • Technologies
    • HTTP/S
      • Message
      • Request
      • Response
        • Status Code
    • Crawling/Spidering
  • 🧪Potions
    • Web Browsers
    • Computer Networking
      • Network Protocol
      • Packets
      • OSI Layer
        • Layer 3: Network
        • Layer 4: Transport
      • DNS
        • Primary-Secondary
        • Local Name Resolution
        • Domain Hierarchy
        • FQDN
        • Lookups
        • DNS Resolution
        • DNS Records
        • Security: Attack-Defense (Default)
  • 🎆Spells
    • 📜Linux Scroll
    • 📜WebShell Scroll
    • git
      • Attacks + Vulnerabilities
  • 🖼️Flaws w/ Magical Frameworks
    • Windows
      • In a Nutshell
      • CVE-2019-0708: BlueKeep
      • CVE-2017-0144: EternalBlue: MS17-010
      • Attacking Services
        • MS IIS - WebDAV
        • SMB
        • HTTP File Server (HFS)
        • Apache Tomcat Web Server
        • RDP
        • WinRM
      • File System Vulnerabilities
      • Credential Dumping
        • Password Search in Windows Configuration Files
        • Mimikatz
        • Pass-the-Hash Attack
    • Linux
      • In a Nutshell
      • CVE-2014-6271: Shellshock
      • Attacking Services
        • FTP
        • SSH
        • SAMBA
        • SMTP
        • RSYNC
      • Dumping Hashes
  • 🌼Marauder's Boost
    • Privilege Escalation
    • Windows PrivEsc
      • Windows Kernel Exploit
      • Bypassing UAC
      • Access Token Impersonation
    • Linux PrivEsc
      • Linux Kernel Exploit
      • Misconfigured Cron Jobs
      • Exploiting SUID Binaries
      • shells
      • File Permissions
  • ☠️Death Eaters
    • Post Exploitation
      • Windows
      • Linux
  • 🪄OLLIVANDERS
    • nmap
      • Host Discovery
      • Port Scan
      • Service & OS
      • NSE
      • Firewall/IDS Evasion
      • Scan Optimization
      • Misc. Methods
    • ffuf
    • Hydra
    • Metasploit Framework
      • Architecture
      • Must to Know
      • msfvenom
      • Auxiliary Modules
      • Service Enumeration
      • Vulnerability Scanning
      • Imports
      • Automating
    • Vulnerability Scanners
    • Wireshark
  • 🚂Platform 9(3/4)
    • Auth-Auth
      • Authentication
        • Password-based Authentication
        • Basic Authentication
        • Multi-factor Authentication
        • Access Token
        • Token-based Authentication
          • JWT
          • OAuth 2.0
    • Secure Headers
      • Content-Security-Policy (CSP)
    • Cryptography
      • Caesar Cipher
  • ⛲Port Pensieve
    • Enumeration
      • SMB & NetBIOS
      • SNMP
    • Wordlists
  • 🔆DUELS
    • Pivoting
    • SMB Relay Attack
  • 🗺️Marauder's Map
    • Web Application Pentesting
    • API Pentesting
      • GraphQL
        • Primer
    • Mobile Application Pentesting
  • 🎧SIDE CHANNEL
    • Side Channel Analysis
    • Timing Side-Channel Attacks
      • Vulnerable Login
  • 🥃Sky
    • Cloud Basics
    • Cloud Management
      • Shared Responsibility Model
    • Using Cloud Resources
      • Monitoring & Alerts
      • Identity & Access Management
      • Scalability & Availability
      • Solution Design
    • Cloud Providers
    • Cloud Security & Regulatory Compliance
      • Resource Protection
      • ICCA: Cloud Security & Regulatory Compliance
    • ICCA Preparation
      • Knowledge Tests
      • Lab
  • 🔷Obsidian
    • Pentest Engagement
      • Scoping
    • Pentest Ethics
      • Rules of Engagement
    • Auditing Fundamentals
      • Process/Lifecycle
      • Pentest & Security Auditing
      • GRC
      • Standards, Frameworks & Guidelines
      • From Audit to Pentest
  • 💢Threat Modeling
    • Why Threat Model?
  • 📡THREAT INTEL
    • Threat Intelligence
    • Tool Dump
  • 📱Anything-Mobile-IoT
    • Firmware
    • Firmware Analysis
      • Example: CVE-2016-1555
    • Firmware Installation/Flashing
  • 🎉Mischeif
    • Social Engineering
    • Phishing
      • GoPhish
    • Pretexting
Powered by GitBook
On this page
  • Primary DNS Server
  • Secondary DNS Server
  • Zone Information
  • Zone Transfer
  • Invisibility
  1. Potions
  2. Computer Networking
  3. DNS

Primary-Secondary

Redundant DNS Servers: These are backup DNS servers that ensure continuous availability and reliability by taking over if the primary DNS server fails.

Primary DNS Server

This server holds all the zone information for a domain and is responsible for making and storing updates to the domain's DNS records.

ns1.example.com is the primary DNS server for example.com.

Secondary DNS Server

This server receives a read-only copy of the zone information from the primary DNS server and helps distribute the load and provide redundancy. It gets updates via zone transfers from the primary server.

If ns1.example.com is the primary DNS server, ns2.example.com could be the secondary DNS server for the example.com domain.

Zone Information

This is the data associated with a domain, including DNS records such as A records (IP addresses), MX records (mail servers), and CNAME records (canonical names).

; Zone file for example.com

$TTL 86400 ; Default TTL (Time to Live) of 1 day

; SOA Record
@    IN    SOA    ns1.example.com. admin.example.com. (
              2024091201 ; Serial (YYYYMMDDNN format)
              3600        ; Refresh (1 hour)
              1800        ; Retry (30 minutes)
              1209600     ; Expire (14 days)
              86400       ; Minimum TTL (1 day)
              )

; Name Servers
@    IN    NS     ns1.example.com.
@    IN    NS     ns2.example.com.

; A Records
@                IN    A      192.0.2.1
www              IN    A      192.0.2.1
ftp              IN    A      192.0.2.2

; MX Records
@                IN    MX     10 mail.example.com.

; CNAME Records
blog             IN    CNAME  www.example.com.

; TXT Records
@                IN    TXT    "v=spf1 include:_spf.example.com ~all"

Zone Transfer

This is the process by which a secondary DNS server receives a copy of the zone information from the primary DNS server. It can be a full transfer (AXFR) or incremental transfer (IXFR).

Invisibility

Primary and secondary DNS servers are invisible to end users because they operate in the background to translate domain names into IP addresses automatically. Users interact with domain names and websites directly, while DNS servers handle the resolution process behind the scenes. Local caching on users' devices also reduces the need to frequently query DNS servers, making their role seamless and unnoticed.

PreviousDNSNextLocal Name Resolution

Last updated 9 months ago

🧪