If you are comfortable thats OK but your browser may be giving you less than optimum performance on our site. We recommend using a version 5 browser including Mozilla
These pages are provided for readers of Pro DNS and BIND, published by Apress, my first foray into the world of book, rather than web, writing.
The book started from DNS for Rocket Scientists which has been available for about nine years on the web as a free resource to help users understand and configure BIND9 based DNS systems. I am committed to keeping this resource available and updated. But times are changing.
The world of DNS is on the verge of three significant changes - IPv6, VoIP and DNSSEC - that will add significant complexity to a subject that is already both complex and shrouded in mystery. Certain studies suggest that up to a staggering 98% of all traffic arriving a root-servers is unnecessary - due largely to a combination of badly configured name servers and firewalls. With this in mind I felt it was important to collect into one place information that would base-line the current insecure, IPv4 oriented DNS world and then add the complexity of IPv6, VoIP and DNSSEC (DNSSEC.bis).
Why a book? Why another book on DNS?
The majority of the suggestions and enhancements requests I receive about DNS for Rocket Scientists are for PDF versions. It is clear that in spite of the so-called paper-less world of computing many people still need or prefer (I count myself among them) a paper version of information. Web based material is great for checking specific topics or doing highly specialised tasks and hyper-links add significant power to tutorial material but when it comes to understanding something paper still seems to be the natural medium.
So the idea for the book was born with the lofty goals of bringing together in a single document - a book - all the required information for both immediate tactical use and by adding IPv6 and DNSSEC provide something that would last some time into the future. And to try and cover the material in a way that is as comprehensive as possible not just cherry-pick the normal stuff. So you will find every named.conf directive and every RR type documented - in most cases with examples. I will freely admit that as a consequence of the research for this book I discovered new RR types that I now regularly use but which I either never knew about or in other cases was vaguely aware of but would not spend the couple of hours necessary to verify the operational details since the actual applicability was not guaranteed.
Whether the book achieves its goals is for you the reader to determine. I welcome any feedback, comments or suggestions. I will write to you in the same spirit you write to me. Hopefully with a mutual interest in making the world a simpler place and shining the light onto those areas that have become cloaked in mystery for absolutely no good reason.
The problem with any endeavour is that there are limits, mostly time and resources, which means I can already see places that I would like to have done more. Here is my list - I'm sure you have others:
NSD - I think NSD (Name Server Daemon) is an extremely interesting application to add to the arsenal of the DNS administrator. While having nothing like the breath of functionality of BIND - though version 2+ fully supports DNSSEC.bis - it has an important role to play in DNS architectures both within a stealth configuration and as part of a normal DNS setup. With a performance of 2 - 3 times that of BIND and released under GPL it really invites us to look at it more closely. I plan to run a trial implementation in the next couple of months and to document the results and installation/user guide.
DNS and Telephony - the book briefly covers NAPTR RRs with an ENUM example. I would like to have done a lot more. ENUM and SIP should be covered in significant detail since VoIP makes extensive use of DNS (mostly SRV RRs) and ENUM particularly illustrates the power - and complexity - of the NAPTR RR.
DHCP and DNS integration. While DHCP on its own is a significant topic there should be something in the book on securely auto-updating the DNS from a DHCP service - especially in the context of IPv6.
Windows DNS integration and inter-working. There are significant differences in architecture between the Windows DNS implementation and the software (BIND) used by majority of us! It is important, at the very least, that DNS administrators understand what is happening in the Windows environment, how it is configured to provide certain results and with a worked example for, say, a mixed platform stealth name server configuration.
Miscellaneous uses of DNS. Since the DNS is a simple database with well known methods for interrogating data maintained within zone files is has been used for many purposes. The book should cover some of these. This short article describes the use and configuration of DNSBLs for maintaining black - and even white - lists for use by email software.
Finally it is my hope that this book provides its readers with a practical quide, theoretical explanations and a point of reference for years to come.