Primary vs. secondary zones

A DNS zone is a distinct portion or administrative space in the DNS domain name space that is hosted by a DNS server. DNS zones allow the DNS name space to be divided up for administration and for redundancy. The DNS server can be authoritative for multiple DNS zones.

All of the information for a zone is stored in a DNS zone file, which contains the DNS database records for all of the names within that zone. These records contain the mapping between an IP address and a DNS name. DNS Zone files must always start with a Start of Authority (SOA) record, which contains important administrative information about that zone and about other DNS records.

You can implement Edge DNS as your primary or secondary DNS , either replacing or augmenting your existing DNS infrastructure as desired.

Whether primary or secondary, Edge DNS can provide your organization with a scalable and secure DNS network that helps ensure the best possible experience for your users. The available zone modes are:

  • Primary Mode. In primary mode, customers manage zones using Control Center or the Edge DNS API. The Edge DNS zone transfer agent pushes out your zone data to the Edge DNS name servers and provides you a list of name servers that you can register with your domain registrar.
  • Secondary Mode. In secondary mode, customers enable DNS zone transfers from their primary name servers to Akamai. Edge DNS name servers use Authorative transfer (AXFR) as the DNS zone transfer method for secondary zones. If, however, you have configured your own master names servers to support incremental zone transfers (IXFR), the Edge DNS zone transfer agents (ZTAs) will automatically do incremental zone transfer for secondary zones.

In secondary mode, you maintain zone information on your primary (master) name server, and Edge DNS zone ZTAs perform zone transfers from the primary name servers and upload these zones to Akamai name servers. ZTAs conform to the standard protocols described in RFCs 1034 and 1035 and work with most common primary name servers in use, including Internet Systems Consortium’s BIND (version 9 and later), and also Microsoft Windows Server and Microsoft DNS operating systems.

Refresh and retry intervals in the start of authority (SOA) determine the interval between zone transfers. In addition, you can configure the system to accept NOTIFY requests from your primaries to allow almost immediate updates.

ZTAs are deployed in a redundant configuration across multiple physical and network locations throughout the Akamai network. All ZTAs will attempt to perform zone transfers from your master name servers, but only one (usually the first one that receives an update using one transfer) will send any given zone update to the name servers. This process uses a proprietary fault-tolerant data transfer infrastructure, thus providing a fault-tolerant system at every level.