If you are comfortable thats OK but your browser may be giving you less than optimum performance on our site. We recommend using a version 5 browser including Mozilla
This is the Introduction to the book with a quick overview of the contents of each chapter.
Every time you get e-mail, every time you access a web page, you use the Domain Name System (DNS). In fact, over 2 billion such requests hit the DNS root-servers alone every day. Every one of those 2 billion requests originate from a DNS that supports a group of local users, and every one of them is finally answered by a DNS server that may support a high-volume commercial web site or a modest, but much loved, family web site. This book is about understanding, configuring, diagnosing, and securing these local DNS servers that do the vital work. Many years ago when I set up my first pair of DNS servers, I wasted my time looking for some practical advice and some sensible description of the theory involved. I found neither. I completed the DNS rite-of-passage—this book was born from that experience.
DNS is a complex subject, but it is also unnecessarily cloaked in mystery and mythology. This book, I hope, is a sensible blend of practical advice and theory. You can treat it as a simple paint-by-numbers guide to everything from a simple caching DNS to the most complex secure DNS (DNSSEC) implementations. But the background information is there for those times when you not only need to know what to do, but you also need to know why you are doing it, and how you can modify the process to meet your unique needs.
This book is about running DNS systems based on BIND 9.3.0—the first stable release that includes support for the latest DNSSEC (DNSSEC.bis) standards and a major functional upgrade from previous BIND 9 releases. If you run or administer a DNS system, are thinking about running a DNS system, need to upgrade to support IPv6 DNS, need to secure a DNS for zone transfer, dynamic update, or other reasons, need to implement DNSSEC, or simply want to understand the DNS system, then this book is designed to provide you with a single point of reference. The book progressively builds up from simple concepts to full security-aware DNSSEC configurations. The various features, parameters, and Resource Records that you will need are all described and in the majority of cases illustrated with one or more examples. The book contains a complete reference on zone files, Resource Records, and BIND's named.conf configuration file parameters. Programmers and the insatiably curious will find BIND's Simple Database API, resolver library interfaces, and the gory details of DNS wire-format messages compelling reading.
This book is about the Domain Name System. Most of the examples used throughout the book are based on the Berkeley Internet Name Domain, universally known as BIND, which is the most widely deployed name server software in current use. BIND version 9.3.0—a major functional upgrade to support the latest DNSSEC standards—was used as the baseline version for all the examples. During the course of writing the book, version 9.3.1 — a bug clearance–only version - was released. While the book references 9.3.0 throughout, the majority of, but not all, tests were rerun on the new version—the only difference noted was the change to the configure variable used when building a base version for FreeBSD, which is related to FreeBSD, not BIND. Readers are advised to always obtain and use the latest stable BIND version. Like most technical books, this is a mixture of descriptive text, reference material, and samples. For those completely unfamiliar with the subject, Part 1 (Chapters 1 to 5) is designed to introduce DNS in a progressive manner and could be read as a classic text on the subject. For those of a hands-on disposition, Part 2 provides an alternative entry point, with the various earlier chapters to be read as needed. Experienced readers would typically head straight for the meat in either Parts 3, 4, or 5, depending on their area of interest. As well as providing help and guidance during your initial endeavors, it is my fervent hope that this book will also provide you with an indispensable reference work for years to come.
Chapter 1 provides introductory and background material to the DNS as a specific implementation of the general name server concept. The key concepts introduced are the domain name hierarchy, delegation, DNS operational organization, the role of ICANN, and the various components that comprise a DNS system including zones and zone files. The chapter is for those who are unfamiliar with the topic or the changes that have occurred in the recent past.
Here you are introduced to the basic Resource Records and directives used to construct zone files. An example forward-mapping zone file is introduced that is used throughout the book and illustrates key DNS operational concepts such as resilience and location diversity. Those with little or no knowledge of zone files and their construction will find this chapter a gentle introduction to the topic.
This chapter describes the basic operation of a DNS system including queries, referrals, reverse mapping, zone transfers, and dynamic updates. A brief overview of DNS security is presented to familiarize readers with the potential threats posed when running DNS systems. This chapter is intended to give the reader a thorough grounding in the theory and background to these topics.
The text in this chapter breaks down configuring a DNS into a number of types such as master, slave, caching only, forwarding, Stealth, and authoritative only with the objective of giving the reader a set of building blocks from which more complex configurations can be constructed. This chapter will be useful to those unfamiliar with the range of possibilities offered by the DNS and its BIND implementation, including the new view clause introduced with the BIND 9 series.
Chapter 5 focuses on IPv6 and the DNS features that support this increasingly widespread protocol. A brief overview of IPv6 address structure and notation is provided for those currently unfamiliar with this topic.
This chapter covers the installation of BIND on Linux (Fedora Core 2), FreeBSD, and Windows 2000 from binary packages. For those cases where a package is not available, building from a tarball is also described.
The zone and named.conf sample files for each of the DNS types introduced in Chapter 4 are provided. While these samples can be used as simple paint-by-number implementations, explanations are included to allow the configurations to be tailored to user requirements.
A number of standard DNS configurations are described and illustrated with sample files and implementation notes. The items covered include delegation of subdomains, load balancing, fixing sequence errors, delegation of reverse subnets, SPF records, and the use of wildcards.
The major utilities supplied with a BIND distribution including those used for security operations are covered with multiple use examples. The reader, however, is encouraged—especially with dig and nslookup—to get out and explore the Internet using these tools. A practical example is used to illustrate to some diagnostics techniques and procedures.
DNS security is broken into four parts: administrative security, securing zone transfers, securing dynamic update, and DNSSEC. An overview of general cryptographic processes including symmetric and asymmetric encryption, digital signatures, and MACs, which form the basis of DNS security implementations, is provided for readers unfamiliar with this topic.
This chapter deals exclusively with the latest DNSSEC.bis security standards and covers both the theory and implementation. Zone signing, chains of trust, Zone Signing Keys and Key Signing Keys, DNSSEC Lookaside Validation (DLV), and key-rollover procedures are all covered with practical examples.
As suggested by the title, this is purely a reference section, and it catalogues and describes with one or more examples the clauses and statements used in BIND's named.conf file. The chapter is organized in a manner that allows the reader to easily find appropriate statements to control specific BIND behaviors.
This is purely a reference section that describes each Resource Record in the current IANA list—normally with one or more examples to illustrate usage.
Designed more for programmers and designers, you will need a reasonable understanding of C to make sense of this chapter. The new BIND Simple Database API and the original BIND RES library are covered, together with an overview of the current status of DNS-related POSIX interfaces.
This chapter covers the gory details of DNS wire-format messages and RR formats. A reasonable working knowledge of decimal, hex, and binary notations are required to make sense of the chapter. Essential reading if you are developing DNS applications, when RRs are not supported by your sniffer application or you are insatiably curious about how this stuff works.
This appendix is a collection of material, presented in FAQ format, that may help to answer questions about registering domains in a variety of situations.
This appendix presents a list of RFCs that define the DNS and DNS-related topics.
In addition, the author maintains a web site about the book (www.netwidget.net/books/ apress/dns) that covers additional material, including links to alternative DNS software, resolver language bindings, and background reading on various topics covered in the book, which may be of use to the reader.
Problems, comments, suggestions, corrections (including broken links) or some thing to add? Please take the time from a busy life to 'mail me' (at top of screen), the webmaster (below) or info-support at netwidget. You will have a warm inner glow for the rest of the day.