DNS For Rocket Scientists
From: https://www.zytrax.com/books/dns/
DNS for Rocket Scientists
This Open Source Guide is about DNS and (mostly) BIND 9.x on Linux (Fedora Core), BSD's (FreeBSD, OpenBSD and NetBSD) and Windows (Windows 7 and 10). It is meant for newbies, Rocket Scientist wannabees and anyone in between.
This Guide was born out of our first attempts a number of years ago at trying to install a much needed DNS service on an early Redhat Linux system. We completed the DNS 'rite of passage' and found it a pretty unedifying and pointless experience.
Health Warning: This is still a work-in-progress. If you find errors don't grumble - tell us. Look at our to do list and if you want to contribute something please do so.
The newly published book Pro DNS and BIND was largely based on this material but significantly extends it - including DNS security (including DNSSEC.bis), IPv6, DNS APIs and complete reference sections on named.conf and RR types. We are outrageously biased but think it is an essential addition to the DNS admin's library.
Section 1 Overview
What's new in Guide version 0.1.47
1. Boilerplate and Terminology
1.1 Objectives and Scope
1.2 How to read this Guide
1.3 Terminology and Conventions used
1.4 Acknowledgements
1.5 Copyright and License
2. DNS - Overview
2.1 A brief History of Name Servers
2.2 DNS Concepts & Implementation
2.2.1 DNS Overview
2.2.2 Domains and Delegation
2.2.3 DNS Organization and Structure
2.2.4 DNS System Components
2.2.5 Zones and Zone Files
2.2.6 DNS Queries
2.2.6.1 Recursive Queries
2.2.6.2 Iterative Queries
2.2.6.3 Inverse Queries
2.2.7 Zone Updates
2.2.7.1 Full Zone Transfer (AXFR)
2.2.7.2 Incremental Zone Transfer (IXFR)
2.2.7.3 Notify (NOTIFY)
2.2.7.4 Dynamic Zone Updates
2.2.7.5 Alternative Dynamic DNS Approaches
2.3 DNS Security Overview
2.3.1 Security Threats
2.3.2 Security Types
2.3.3 Local Security
2.3.4 Server-Server (TSIG Transactions)
2.3.5 Server-Client (DNSSEC)
3. DNS Reverse Mapping
3.1 Reverse Mapping Overview
3.2 IN-ADDR.ARPA Files
3.3 Reverse Map Delegation
3.4 IPv6 Reverse Mapping
3.5 IPv6 Reverse Mapping Notes
3.6 IPv4 & IPv6 Reverse Map Generator
4. DNS Types
4.1 Master (a.k.a. Primary) DNS Server
4.2 Slave (Secondary) DNS Server
4.3 Caching (a.k.a. hint) DNS Server
4.4 Forwarding (a.k.a. Proxy, Client, Remote) DNS Server
4.5 Stealth (a.k.a. DMZ or Split) DNS Server
4.6 Authoritative Only DNS Server
Section 2 - Get Something Running
5. BIND (Berkeley Internet Name Daemon)
Installing on FreeBSD (4.x and 5.x+)
Installing on Linux (Fedora Core 2)
Installing on Windows (NT 4.0 and Windows 2000)
BIND Command Line
6. DNS Sample Configurations
6.1 Sample Configuration Overview
6.1.1 Zone File Naming Convention
6.2 Master (Primary) DNS
6.3 Slave (Secondary) DNS
6.4 Caching only DNS
6.5 Forwarding (a.k.a. Proxy, Client, Remote) DNS
6.6 Stealth (a.k.a. Split or DMZ) DNS
6.7 Authoritative Only DNS
6.8 Views based Authoritative Only DNS
Section 3 Mind Numbing Details
7. BIND named.conf Parameters
named.conf format, structure and overview
named.conf all statements
BIND9 Features by Release [9.7 to 9.10]
named.conf required zone files
named.conf acl section (statements)
named.conf controls section (statements)
named.conf include section (statements)
named.conf key section (statements)
named.conf logging section (statements)
named.conf options section (statements)
named.conf server section (statements)
named.conf trusted-keys section (statements)
named.conf views section (statements)
named.conf zone section (statements)
named.conf Response Policy Zone (RPZ) Technology.
8. DNS Resource Records
Zone File Format
DNS Binary Record Formats
List of Record Types
$INCLUDE
$ORIGIN
$GENERATE
A - IPv4 Address Record
AAAA - IPv6 Address Record
CNAME - Host Alias Record
DNAME - Delegated Name Record
HINFO - System Information Record
KEY - Public Key Record
MX - Mail Exchanger Record
NAPTR - DDDS Record (ENUM)
NS - Name Server Record
PTR - Pointer Record
SIG(0) - Secure Signature
SOA - Start of Authority Record
SRV - Services Record
TXT - Text Record
Section 4 DNS Operations
Chapter 9 DNS HowTos
HOWTO Use DNS Round Robin for Load Balancing
HOWTO support http://mydomain.com
HOWTO Configure Sub-domains
HOWTO Delegate a Sub-domain
HOWTO Configure Mail Server Fail-over
HOWTO Fix SOA RR serial numbers
HOWTO Delegate Reverse Maps
HOWTO Define an SPF record
HOWTO Define a DKIM TXT record
HOWTO Update IPv4 and IPv6 Forward and Reverse maps with DHCP
HOWTO Install BIND 9 on FreeBSD
HOWTO Install BIND 9 on Windows
HOWTO Create a DNSBL (email black list)
HOWTO Close your DNS (to protect against DoS attacks and Cache Poisoning)
HOWTO Configure Split-Horizon Systems
HOWTO use the DNAME RR in IPv4 and IPv6 reverse maps
HOWTO configure ENUM
HOWTO test NAPTR RRs for ENUM and other DDDS Applications
HOWTO generate skeleton IPv6 and IPv4 reverse map zone files
HOWTO redirect zones
HOWTO use RPZ Technology
HOWTO build a simple zone blocker with RPZ
Chapter 10 Diagnostics and Tools
10.1 Introduction
10.2 nslookup
10.3 dig
Chapter 11 Trouble and Error Messages
Work in progress
Chapter 12 BIND APIs
Work in progress
Section 5 DNS Security
Chapter 13 DNS Security
13.1 DNS Security Overview
13.1.1 Security Threats
13.1.2 Security Types
13.1.3 Local Security
13.1.4 Server-Server (TSIG Transactions)
13.1.5 Server-Client (DNSSEC)
Section 6 DNS Bits and Bytes
Chapter 15 DNS Message Formats
15.1 Overview Generic Format
15.2 The Message Header
15.3 The DNS Question
15.4 The DNS Answer
15.5 Domain Authority
15.6 Additional Information
Appendices: Resources
Appendix A: DNS & BIND Notes and Explanations
Appendix B: Domains and Registration
Appendix C: DNS Alternate Software and Resources
Appendix D: DNS and Relevant RFCs
Maintenance Information
Change log
To do list - Stuff that still needs to be done
Problems, comments, suggestions, corrections (including broken links) or something to add? Please take the time from a busy life to 'mail us' (at top of screen), the webmaster (below) or info-support at zytrax. You will have a warm inner glow for the rest of the day.