Pro DNS and BIND

This lists the chapter and sections headings in the book.

PART 1 Principles and Overview

CHAPTER 1 An Introduction to DNS (18 pages)

A Brief History of Name Servers
Name Server Basics
The Internet Domain Name System
Domains and Delegation
Domain Authority
DNS Implementation and Structure
Root DNS Operations
Top-Level Domains
DNS System Components
Zones and Zone Files
Master and Slave DNS Servers
DNS Software
Summary

CHAPTER 2 Zone Files and Resource Records (18 pages)

Zone File Format
Zone File Contents
An Example Zone File
The $TTL Directive
The $ORIGIN Directive
The SOA Resource Record
The NS Resource Record
The MX Resource Record
The A Resource Record
CNAME Resource Record

When CNAME Records Must Be Used

Additional Resource Records

PTR Resource Records
TXT Resource Records
AAAA (A6 and DNAME) Resource Records
NSEC, RRSIG, DS, DNSKEY, and KEY Resource Records
SRV Resource Records

Standard Configuration File Scenarios
Summary

CHAPTER 3 DNS Operations (20 pages)

The DNS Protocol
DNS Queries
Recursive Queries
Iterative (Nonrecursive) Queries
Inverse Queries
DNS Reverse Mapping
IN-ADDR.ARPA Reverse-Mapping Domain
Zone Maintenance
Full Zone Transfer (AXFR)
Incremental Zone Transfer (IXFR)
Notify (NOTIFY)
Dynamic Update
Alternative Dynamic DNS Approaches
Security Overview
Summary

CHAPTER 4 DNS Types (14 pages)

Master (Primary) Name Servers
Slave (Secondary) Name Servers
Slave (Secondary) DNS Behavior
Caching Name Servers
Caching Implications
Forwarding (Proxy) Name Servers
Stealth (DMZ or Split) Name Server
Stealth Servers and the View Clause
Stealth Server Configuration
Authoritative-Only Name Server
Summary

CHAPTER 5 DNS and IPv6 (13 pages)

IPv6

IPv6 Address Notation
IPv6 Address Types
Prefix or Slash Notation
Global Unicast IPv6 Address Allocation
IPv6 Global Unicast Address Format

Status of IPv6 DNS Support
The AAAA vs. A6 Resource Record
Mixed IPv6 and IPv4 Network Support
IPv6 Resource Records
The AAAA Resource Record
Reverse IPv6 Mapping
The IPV6 PTR Resource Record
Summary

PART 2 Get Something Running

CHAPTER 6 Installing BIND (21 pages)

Fedora Core 2 Installation

Upgrading BIND 9
Configuring BIND 9

FreeBSD Installation

BIND 9 Nonbase Install
BIND 9 Base Install
FreeBSD 5.3 Issues

Building BIND from Source
Windows Server 2000 Installation
Summary

CHAPTER 7 BIND Type Samples (32 pages)

Before We Start

Configuration Layout
Configuration Conventions
Zone File Naming Convention
Required Zone Files
BIND named.conf File Format and Style
Standard Zone Files
Common Configuration Elements

Master DNS Server
Master Name Server Configuration
Slave DNS Server
Slave Name Server Configuration
Caching-only DNS Server
Caching-Only Name Server Configuration
Forwarding (a.k.a. Proxy, Client, Remote) DNS Server
Forwarding Name Server Configuration
Stealth (a.k.a. Split or DMZ) DNS Server
Stealth Configuration
Authoritative-only DNS Server
Authoritative-only Name Server Configuration
View-based Authoritative-only DNS Server
View-based Authoritative-only Name Server Configuration
Security and the view Section
Summary

CHAPTER 8 Common DNS Tasks (25 pages)

Delegate a Subdomain (Subzone)

Domain Name Server Configuration
Subdomain Name Server Configuration

Virtual Subdomains
Domain Name Server Configuration
Configure Mail Servers Fail-Over
Delegate Reverse Subnet Maps

Assignee Zone File
Assignor (End-user) Zone File

DNS Load Balancing

Balancing Mail
Balancing Other Services
Balancing Services
Controlling the Round-Robin
Effectiveness of DNS Load Balancing

Define an SPF Record

TXT RR Format
SPF type Values
SPF Record Examples

Supporting http://example.com
Apache Configuration
Out-of-Sequence Serial Numbers
Use of Wildcards in Zone Files
Summary

CHAPTER 9 DNS Diagnostics and Tools (47 pages)

DNS Utilities
The nslookup Utility

nslookup Command Format
Quick Examples
Options
Examples: Command Line
Example: Interactive Mode

BIND dig Utility

Quick Examples
dig Syntax
dig Options
dig Examples
dig Output
dig Response Values

BIND named-checkconf Utility

named-checkconf Syntax
named-checkconf Options

BIND named-checkzone Utility

named-checkzone Syntax
named-checkconf Options

RNDC

rndc Syntax
rndc Options
rndc.conf Clauses and Statements
rndc Configuration Examples
rndc Commands
rndc-confgen Utility
rndc-confgen Syntax
rndc-confgen Options

BIND nsupdate Utility

nsupdate Syntax
nsupdate Options
nsupdate Command Format
nsupdate Example

dnssec-keygen Utility

dnssec-keygen Syntax
dnssec-keygen Options
dnssec-keygen Examples

dnssec-signzone Utility

dnssec-signzone Syntax
dnssec-signzone Options
dnssec-signzone Examples

Diagnosing DNS Problems

Before the Problem Happens
When the Problem Occurs

Summary

PART 3 DNS Security

CHAPTER 10 DNS Secure Configurations (41 pages)

Security Overview and Audit
DNS Normal Data Flow
Security Classification
Administrative Security

Up-to-Date Software
Limit Functionality
Limit Permissions
Running BIND As Nonroot
BIND in a Chroot Jail
Stream the Log
Software Diversity

A Cryptographic Overview

Symmetric Cryptography
Asymmetric Cryptography
Message Digests
Message Authentication Codes
Digital Signatures
DNS Cryptographic Use

Securing Zone Transfers

Authentication and Integrity of Zone Transfers
TSIG Configuration

Securing Dynamic Updates

TSIG DDNS Configuration
SIG(0) Configuration

Summary

CHAPTER 11 DNSSEC (44 pages)

The DNSSEC Environment
3 Islands of Security
Chains of Trust
Securing or Signing the Zone
Secure Zone Maintenance
Secure Delegation
Dynamic DNS and DNSSEC
DNSSEC Implementation

Securing the example.com Zone
Establishing a Trusted Anchor
Signing the sub.example.com Zone
Creating the Chain of Trust
Key Rollover

DNSSEC Lookaside Validation

DLV Configuration
DLV Service

Summary

PART 4 Reference

CHAPTER 12 BIND Configuration Reference (72 pages)

BIND Command Line
BIND Debug Levels
BIND Signals
BIND Configuration Overview

Layout Styles
named-checkconf Is Your Friend

BIND Clauses

BIND address_match_list Definition
BIND acl Clause
BIND controls Clause
BIND include Statement
BIND key Clause
BIND logging Clause
BIND lwres Clause
BIND masters Clause
BIND options Clause
BIND server Clause
BIND trusted-keys Clause
BIND view Clause
BIND zone Clause

BIND Statements

BIND controls Statements

inet Statement

BIND logging Statements

channel Statement
category Statement

BIND Resolver Statements

view
search
ndots

BIND Transfer Statements

allow-notify
allow-transfer
allow-update
allow-update-forwarding
also-notify
alt-transfer-source, alt-transfer-source-v6
ixfr-from-differences
max-journal-size
max-refresh-time, min-refresh-time
max-retry-time, min-retry-time
max-transfer-idle-in
max-transfer-idle-out
max-transfer-time-in
max-transfer-time-out
multi-master
notify
notify-source, notify-source-v6
provide-ixfr
request-ixfr
serial-query-rate
transfer-format
transfer-source, transfer-source-v6
transfers-in
transfers-per-ns
transfers-out
update-policy
use-alt-transfer-source

DNS BIND Operations

avoid-v4-udp-ports, avoid-v6-udp-ports
check-names
cleaning-interval
coresize
database
datasize
dialup
directory
dual-stack-server
dump-file
edns-udp-size
files
heartbeat-interval
hostname
interface-interval
lame-ttl
listen-on
listen-on-v6
match-mapped-addresses
max-cache-size
max-cache-ttl
max-ncache-ttl
memstatistics-file
pid-file
port
preferred-glue
querylog
recursing-file
server-id
stacksize
statistics-file
tcp-listen-queue
tcp-clients
version
zone-statistics

DNS BIND Query Statements

additional-from-auth, additional-from-cache
allow-query
allow-recursion
auth-nxdomain
blackhole
delegation-only
forward
forwarders
minimal-responses
query-source, query-source-v6
recursion
recursive-clients
root-delegation-only
rrset-order
sortlist

DNS BIND Security Statements

algorithm
disable-algorithms
dnssec-enable
dnssec-lookaside
dnssec-must-be-secure
key-directory
random-device
secret
sig-validity-interval
tkey-dhkey
tkey-domain
tkey-gssapi-credential

DNS BIND server Statements

bogus
edns
keys
transfers

DNS BIND view Statements

match-clients
match-destinations
match-recursive-only

DNS BIND zone Statements

check-names
file
masters
type

Summary

CHAPTER 13 Zone File Reference (66 pages)

DNS Zone File Structure
DNS Directives

The $ORIGIN Directive
The $INCLUDE Directive
The $TTL Directive
The $GENERATE Directive

DNS Resource Records

Resource Record Common Format
RRsets

Resource Record Descriptions

IPv4 Address (A) Record
Experimental IPv6 Address (A6) Record
IPv6 Address (AAAA) Record
AFS Database (AFSDB) Record
Address Prefix List (APL) Record
ATM Address (ATMA) Record
Certificate (CERT) Record
Canonical Name (CNAME) Record
Delegation of Reverse Names (DNAME) Record
DNSKEY Record
Delegation Signer (DS) Record
System Information (HINFO) Record
Integrated Services Digital Network (ISDN) Record
IPSEC Key (IPSECKEY) Record
Public Key (KEY) Record
Key Exchanger (KX) Record
Location (LOC) Record
Mailbox (MB) Record
Mail Group (MG) Record
Mailbox Renamed (MR) Record
Mailbox Mail List Information (MINFO) Record
Mail Exchange (MX) Record
Naming Authority Pointer (NAPTR) Record
Name Server (NS) Record
Network Service Access Point (NSAP) Record
Next Secure (NSEC) Record
Pointer (PTR) Record
X.400 to RFC 822 E-mail (PX) Record
Responsible Person (RP) Record
Resource Record Signature (RRSIG) Record
Route Through (RT) Record
Signature (SIG) Record
Start of Authority (SOA) Record
Services (SRV) Record
SSH Key Fingerprint (SSHFP) Record
Text (TXT) Record
Well-Known Service (WKS) Record
X.25 Address (X25) Record

Alternative Cryptographic Algorithms
User-Defined RRs
Summary

PART 5 Programming

CHAPTER 14 BIND APIs and Resolver Libraries (31 pages)

BIND API Overview

Advanced Database API (adb)
Simple Database API (sdb)

The Simple Database API (sdb)

Callback Overview
Registering the Callbacks
Adding the Driver to BIND
The Callback Functions
Returning RRs
Memory Management for Drivers
Logging for Drivers
Testing the Driver
sdb Sample Driver

Resolver Libraries

POSIX Library Status
The RES Library Set

Invoking the RES Library
The _res Structure
RES Library Functions

Summary

CHAPTER 15 DNS Messages and Records (23 pages)

DNS Message Formats
DNS Message Overview
DNS Message Format

DNS Message Header
DNS QUESTION SECTION
DNS ANSWER, AUTHORITY, and ADDITIONAL SECTIONS
EDNS0 Transactions
OPT Pseudo RR Format

DNS Binary RR Format
Security Algorithm Formats
NSEC Bitmap Format
Summary

PART 6 Appendixes

APPENDIX A Domain Name Registration (8 pages)

APPENDIX B DNS RFCs (3 pages)

---

Problems, comments, suggestions, corrections (including broken links) or some thing to add? Please take the time from a busy life to 'mail me' (at top of screen), the webmaster (below) or info-support at netwidget. You will have a warm inner glow for the rest of the day.