A bit about name-servers and DNS...
Here are a few thoughts from someone who's been in the DNS hosting business for several years now and who's been doing DNS since early 1995...
(me
).
You should always set up your NS1 at the first IP#... because by default "bind" (that's the name of the dns server) will always send out answers on the main physical interface for your system (usually eth0). And the first physical interface will be the first IP# set up for the box.
Because the latest versions of bind are secured against hacking, if you don't, unless you include the "allow transfer" clause" in your configuration file, your slave servers will not be able to get transfers from your master server.
Officially the terminology has been changed from "primary/secondary" to "master/slave"; we use master/slave to describe the relationship between servers on which you control the DNS and servers which get transfers of DNS files so they can be automatically authoritative for your domain.
Primary/secondary implies that there's an order in which domain servers are queried and that's just not true. When your client queries DNS her/his coputer queries all the domain servers returned by the one of the GTLD nameservers and accepts and uses the first answer it gets.
Though a few people (including Daniel Bernstein, who wrote both djbdns and tiny dns) say slave servers are unnecessary, the fact remains that if your host fails for any reason and you DO have a slave nameserver, that nameserver will continue to serve DNS for your domain... so mailservers will queue email waiting to be sent to you and not immediately return it as undeliverable, and web-browsers who attempt to visit your domain will get a temporary failure, letting them know they should try back later, instead of a permanent failure telling them you don't exist. If you DON'T have a slave nameserver browsers will get an immediate "domain doesn't exist" error and email will imeediately be returned with a "domain doesn't exist" error.
Until recently all nameservers were required to be on discrete IP#s; if you hosted vanity nameservers on your system (for example, PLESK by default sets up ns1 and ns2 on the same server for each domain), you had to have a separate IP# for each vanity server. That prohibition has been removed, at least for .com/.net/.org domains (will those of you in the .uk and other namespace find out for us if the restriction has been removed for .uk domains as well, please ?
).
Slave nameservers can be used for other purposes as well, including a crude form of load balancing (for relatively static sites only), and for geographic diversity.
Traditionally there are three ways you can get slave DNS...
You can run your own slave nameserver, preferably on a separate network.
You can arrange with another hosting company to slave your domains while you agree to slave domains for them.
You can use a commercial solution.
(Since we're in the DNS hosting business, you know which we'd suggest
.)
And now here's the hard part...
Slave nameservers need more than a copy of the zone file (which they'll get automatically if everything is setup properly); they need an entry in the /etc/named.conf file as well, to tell them to get copies of the zone file.
So what you need is a script (or set of scripts) to regularly check master servers and see if domains have been added/removed, automatically rebuild the /etc/named.conf file on the slave server, and restart DNS, if necessary.
It's also important that your slave nameserver(s) don't automatically remove domain references if they can't find the master during the /etc/named.conf rebuild process, or else they'll stop being slaves just when you need them the most. (We found at least one solution that does it wrong and so is totally unusable; the slaves stop serving DNS just when you need them the most.
So far we've managed to do this for many hosting solutions; it's what's called a "competitive advantage"
.
Perhaps if/when I have some time I can create some specific DNS how-to documents and some scenarios for writing those all-important scripts.
If you disagree with anything I've written here, please let me know; it's still early in the morning, and I can and do make mistakes, which I'll be happy to correct as necessary.
If you have any questions please feel free asking them here.
Jeff