training & consulting |  about the author |  forums |  Mail Me 

If you are comfortable thats OK but your browser may be giving you less than optimum performance on our site. We recommend using a version 5 browser including Mozilla

Pro DNS and BIND

This lists the chapter and sections headings in the book.

PART 1 Principles and Overview

CHAPTER 1 An Introduction to DNS (18 pages)

A Brief History of Name Servers
Name Server Basics
The Internet Domain Name System
Domains and Delegation
Domain Authority
DNS Implementation and Structure
Root DNS Operations
Top-Level Domains
DNS System Components
Zones and Zone Files
Master and Slave DNS Servers
DNS Software
Summary

CHAPTER 2 Zone Files and Resource Records (18 pages)

Zone File Format
Zone File Contents
An Example Zone File
The $TTL Directive
The $ORIGIN Directive
The SOA Resource Record
The NS Resource Record
The MX Resource Record
The A Resource Record
CNAME Resource Record
When CNAME Records Must Be Used
Additional Resource Records
PTR Resource Records
TXT Resource Records
AAAA (A6 and DNAME) Resource Records
NSEC, RRSIG, DS, DNSKEY, and KEY Resource Records
SRV Resource Records
Standard Configuration File Scenarios
Summary

CHAPTER 3 DNS Operations (20 pages)

The DNS Protocol
DNS Queries
Recursive Queries
Iterative (Nonrecursive) Queries
Inverse Queries
DNS Reverse Mapping
IN-ADDR.ARPA Reverse-Mapping Domain
Zone Maintenance
Full Zone Transfer (AXFR)
Incremental Zone Transfer (IXFR)
Notify (NOTIFY)
Dynamic Update
Alternative Dynamic DNS Approaches
Security Overview
Summary

CHAPTER 4 DNS Types (14 pages)

Master (Primary) Name Servers
Slave (Secondary) Name Servers
Slave (Secondary) DNS Behavior
Caching Name Servers
Caching Implications
Forwarding (Proxy) Name Servers
Stealth (DMZ or Split) Name Server
Stealth Servers and the View Clause
Stealth Server Configuration
Authoritative-Only Name Server
Summary

CHAPTER 5 DNS and IPv6 (13 pages)

IPv6
IPv6 Address Notation
IPv6 Address Types
Prefix or Slash Notation
Global Unicast IPv6 Address Allocation
IPv6 Global Unicast Address Format
Status of IPv6 DNS Support
The AAAA vs. A6 Resource Record
Mixed IPv6 and IPv4 Network Support
IPv6 Resource Records
The AAAA Resource Record
Reverse IPv6 Mapping
The IPV6 PTR Resource Record
Summary

PART 2 Get Something Running

CHAPTER 6 Installing BIND (21 pages)

Fedora Core 2 Installation
Upgrading BIND 9
Configuring BIND 9
FreeBSD Installation
BIND 9 Nonbase Install
BIND 9 Base Install
FreeBSD 5.3 Issues
Building BIND from Source
Windows Server 2000 Installation
Summary

CHAPTER 7 BIND Type Samples (32 pages)

Before We Start
Configuration Layout
Configuration Conventions
Zone File Naming Convention
Required Zone Files
BIND named.conf File Format and Style
Standard Zone Files
Common Configuration Elements
Master DNS Server
Master Name Server Configuration
Slave DNS Server
Slave Name Server Configuration
Caching-only DNS Server
Caching-Only Name Server Configuration
Forwarding (a.k.a. Proxy, Client, Remote) DNS Server
Forwarding Name Server Configuration
Stealth (a.k.a. Split or DMZ) DNS Server
Stealth Configuration
Authoritative-only DNS Server
Authoritative-only Name Server Configuration
View-based Authoritative-only DNS Server
View-based Authoritative-only Name Server Configuration
Security and the view Section
Summary

CHAPTER 8 Common DNS Tasks (25 pages)

Delegate a Subdomain (Subzone)
Domain Name Server Configuration
Subdomain Name Server Configuration
Virtual Subdomains
Domain Name Server Configuration
Configure Mail Servers Fail-Over
Delegate Reverse Subnet Maps
Assignee Zone File
Assignor (End-user) Zone File
DNS Load Balancing
Balancing Mail
Balancing Other Services
Balancing Services
Controlling the Round-Robin
Effectiveness of DNS Load Balancing
Define an SPF Record
TXT RR Format
SPF type Values
SPF Record Examples
Supporting http://example.com
Apache Configuration
Out-of-Sequence Serial Numbers
Use of Wildcards in Zone Files
Summary

CHAPTER 9 DNS Diagnostics and Tools (47 pages)

DNS Utilities
The nslookup Utility
nslookup Command Format
Quick Examples
Options
Examples: Command Line
Example: Interactive Mode
BIND dig Utility
Quick Examples
dig Syntax
dig Options
dig Examples
dig Output
dig Response Values
BIND named-checkconf Utility
named-checkconf Syntax
named-checkconf Options
BIND named-checkzone Utility
named-checkzone Syntax
named-checkconf Options
RNDC
rndc Syntax
rndc Options
rndc.conf Clauses and Statements
rndc Configuration Examples
rndc Commands
rndc-confgen Utility
rndc-confgen Syntax
rndc-confgen Options
BIND nsupdate Utility
nsupdate Syntax
nsupdate Options
nsupdate Command Format
nsupdate Example
dnssec-keygen Utility
dnssec-keygen Syntax
dnssec-keygen Options
dnssec-keygen Examples
dnssec-signzone Utility
dnssec-signzone Syntax
dnssec-signzone Options
dnssec-signzone Examples
Diagnosing DNS Problems
Before the Problem Happens
When the Problem Occurs
Summary

PART 3 DNS Security

CHAPTER 10 DNS Secure Configurations (41 pages)

Security Overview and Audit
DNS Normal Data Flow
Security Classification
Administrative Security
Up-to-Date Software
Limit Functionality
Limit Permissions
Running BIND As Nonroot
BIND in a Chroot Jail
Stream the Log
Software Diversity
A Cryptographic Overview
Symmetric Cryptography
Asymmetric Cryptography
Message Digests
Message Authentication Codes
Digital Signatures
DNS Cryptographic Use
Securing Zone Transfers
Authentication and Integrity of Zone Transfers
TSIG Configuration
Securing Dynamic Updates
TSIG DDNS Configuration
SIG(0) Configuration
Summary

CHAPTER 11 DNSSEC (44 pages)

The DNSSEC Environment
3 Islands of Security
Chains of Trust
Securing or Signing the Zone
Secure Zone Maintenance
Secure Delegation
Dynamic DNS and DNSSEC
DNSSEC Implementation
Securing the example.com Zone
Establishing a Trusted Anchor
Signing the sub.example.com Zone
Creating the Chain of Trust
Key Rollover
DNSSEC Lookaside Validation
DLV Configuration
DLV Service
Summary

PART 4 Reference

CHAPTER 12 BIND Configuration Reference (72 pages)

BIND Command Line
BIND Debug Levels
BIND Signals
BIND Configuration Overview
Layout Styles
named-checkconf Is Your Friend
BIND Clauses
BIND address_match_list Definition
BIND acl Clause
BIND controls Clause
BIND include Statement
BIND key Clause
BIND logging Clause
BIND lwres Clause
BIND masters Clause
BIND options Clause
BIND server Clause
BIND trusted-keys Clause
BIND view Clause
BIND zone Clause
BIND Statements
BIND controls Statements
inet Statement
BIND logging Statements
channel Statement
category Statement
BIND Resolver Statements
view
search
ndots
BIND Transfer Statements
allow-notify
allow-transfer
allow-update
allow-update-forwarding
also-notify
alt-transfer-source, alt-transfer-source-v6
ixfr-from-differences
max-journal-size
max-refresh-time, min-refresh-time
max-retry-time, min-retry-time
max-transfer-idle-in
max-transfer-idle-out
max-transfer-time-in
max-transfer-time-out
multi-master
notify
notify-source, notify-source-v6
provide-ixfr
request-ixfr
serial-query-rate
transfer-format
transfer-source, transfer-source-v6
transfers-in
transfers-per-ns
transfers-out
update-policy
use-alt-transfer-source
DNS BIND Operations
avoid-v4-udp-ports, avoid-v6-udp-ports
check-names
cleaning-interval
coresize
database
datasize
dialup
directory
dual-stack-server
dump-file
edns-udp-size
files
heartbeat-interval
hostname
interface-interval
lame-ttl
listen-on
listen-on-v6
match-mapped-addresses
max-cache-size
max-cache-ttl
max-ncache-ttl
memstatistics-file
pid-file
port
preferred-glue
querylog
recursing-file
server-id
stacksize
statistics-file
tcp-listen-queue
tcp-clients
version
zone-statistics
DNS BIND Query Statements
additional-from-auth, additional-from-cache
allow-query
allow-recursion
auth-nxdomain
blackhole
delegation-only
forward
forwarders
minimal-responses
query-source, query-source-v6
recursion
recursive-clients
root-delegation-only
rrset-order
sortlist
DNS BIND Security Statements
algorithm
disable-algorithms
dnssec-enable
dnssec-lookaside
dnssec-must-be-secure
key-directory
random-device
secret
sig-validity-interval
tkey-dhkey
tkey-domain
tkey-gssapi-credential
DNS BIND server Statements
bogus
edns
keys
transfers
DNS BIND view Statements
match-clients
match-destinations
match-recursive-only
DNS BIND zone Statements
check-names
file
masters
type
Summary

CHAPTER 13 Zone File Reference (66 pages)

DNS Zone File Structure
DNS Directives
The $ORIGIN Directive
The $INCLUDE Directive
The $TTL Directive
The $GENERATE Directive
DNS Resource Records
Resource Record Common Format
RRsets
Resource Record Descriptions
IPv4 Address (A) Record
Experimental IPv6 Address (A6) Record
IPv6 Address (AAAA) Record
AFS Database (AFSDB) Record
Address Prefix List (APL) Record
ATM Address (ATMA) Record
Certificate (CERT) Record
Canonical Name (CNAME) Record
Delegation of Reverse Names (DNAME) Record
DNSKEY Record
Delegation Signer (DS) Record
System Information (HINFO) Record
Integrated Services Digital Network (ISDN) Record
IPSEC Key (IPSECKEY) Record
Public Key (KEY) Record
Key Exchanger (KX) Record
Location (LOC) Record
Mailbox (MB) Record
Mail Group (MG) Record
Mailbox Renamed (MR) Record
Mailbox Mail List Information (MINFO) Record
Mail Exchange (MX) Record
Naming Authority Pointer (NAPTR) Record
Name Server (NS) Record
Network Service Access Point (NSAP) Record
Next Secure (NSEC) Record
Pointer (PTR) Record
X.400 to RFC 822 E-mail (PX) Record
Responsible Person (RP) Record
Resource Record Signature (RRSIG) Record
Route Through (RT) Record
Signature (SIG) Record
Start of Authority (SOA) Record
Services (SRV) Record
SSH Key Fingerprint (SSHFP) Record
Text (TXT) Record
Well-Known Service (WKS) Record
X.25 Address (X25) Record
Alternative Cryptographic Algorithms
User-Defined RRs
Summary

PART 5 Programming

CHAPTER 14 BIND APIs and Resolver Libraries (31 pages)

BIND API Overview
Advanced Database API (adb)
Simple Database API (sdb)
The Simple Database API (sdb)
Callback Overview
Registering the Callbacks
Adding the Driver to BIND
The Callback Functions
Returning RRs
Memory Management for Drivers
Logging for Drivers
Testing the Driver
sdb Sample Driver
Resolver Libraries
POSIX Library Status
The RES Library Set
Invoking the RES Library
The _res Structure
RES Library Functions
Summary

CHAPTER 15 DNS Messages and Records (23 pages)

DNS Message Formats
DNS Message Overview
DNS Message Format
DNS Message Header
DNS QUESTION SECTION
DNS ANSWER, AUTHORITY, and ADDITIONAL SECTIONS
EDNS0 Transactions
OPT Pseudo RR Format
DNS Binary RR Format
Security Algorithm Formats
NSEC Bitmap Format
Summary

PART 6 Appendixes

APPENDIX A Domain Name Registration (8 pages)

APPENDIX B DNS RFCs (3 pages)



Problems, comments, suggestions, corrections (including broken links) or some thing to add? Please take the time from a busy life to 'mail me' (at top of screen), the webmaster (below) or info-support at netwidget. You will have a warm inner glow for the rest of the day.

Copyright © 2003 - 2017 NetWidget, Inc.
All rights reserved. Legal and Privacy
 
site by zytrax
Questions to web-master at netwidget
Page modified: July 11 2011.

Stuff

training courses

book stuff

home
short contents
full contents
notes & errata
files (1.1) zip
files (1.1) tarball

where to buy

Apress
amazon.com
barnes & noble
bookpool.com

book links

governance
dns software
libraries
security
dnssec
ipv6
dns telephony

articles

index
death of hope
Open DNS
DNSBLs
DLV
commercial DNSSEC
why DNSSEC?
short TTLs

Failover Strategies
TTLs revisited
DNSSEC Adds Value?

useful stuff

zytrax dns info
dnssec.net
bind9.net