SolidDNS™ can be deployed as a hidden or stealth server, also known as a “stealth DNS” deployment. Queries for certain DNS data are redirected to authoritative secondary DNS servers that have read-only access permissions. The data provided by the secondary servers comes from a hidden primary server. The hidden primary server also acts as the centralized zone management and data entry point for the DNS infrastructure.

When requests are redirected to the secondary servers, the primary server sends the needed data to the secondary servers using the Full Zone Transfer (AXFR) method. When changes are made to the zone in the primary server (as in when administrators change DNS data), the changes are sent to the secondary servers using the Incremental Zone Transfer (IXFR) method.

This deployment helps prevent attacks on the DNS servers, provides system redundancy, and typically results in faster response times.

The diagram shows a SolidDNS™ E-Series appliance deployed as a stealth DNS server (NS3), and two SolidDNS™ S-Series appliances deployed as secondary servers (NS1 and NS2). NS1 serves as the entry point of data, allows zone management and provides DNS data to the secondary servers. NS1 and NS2 handle the very numerous client queries of the ISP, which require faster processing speeds and higher system capacities.