DNS Training Course

Course Summary

Reliable and robust operation of the DNS hierarchy - from the root servers to an individual domain name server - is critical to all Internet operations.

The course covers the configuration and operation of DNS systems used for a variety of purposes from high availability Zone Masters and Slaves running mission critical sites to caching servers used to speed up Internet access. While the primary focus of the course is BIND other DNS software will be discussed. BIND supports Linux, BSD and Windows platforms - installation procedures for each platform are covered.

 

Duration [top]

2 days.

Objectives [top]

Students will learn the theory behind the DNS hierarchy, the DNS protocol, forward and reverse mapping zone files. The major Zone file Resource Records (SOA, NS, MX, CNAME, A, PTR, TXT, SRV and NAPTR) are described and explained in detail. A number of DNS types are introduced - including Master/Slave, Caching Only, Authoritative Only, Forwarding and Stealth - and the detailed zone files and BIND configuration files (named.conf) to control operational behavior are presented. Dynamic DNS, (DDNS), integration with DHCP, Zone Transfer, Diagnostic tools and simple security models are also covered. The course includes a number of hands on configuration exercises.

Audience [top]

The course is designed for DNS administrators, Network and System Administrators and those who need a thorough understanding of the DNS.

Outline [top]

DNS Theory

  • History of Name Server
  • DNS Organization
  • The elements of a domain name
  • Authority and Delegation
  • DNS Operational Hierarchy (name servers and resolvers)
  • The DNS protocol
  • DNS Queries (recursive and iterative)
  • Zone transfer (AXFR and IXFR)
  • NOTIFY

Domains and Zones

  • Forward Mapping
  • Reverse Mapping
  • Zone File Construction - best practices
  • Resource Records (RRs)
  • SOA RR
  • NS RR
  • MX RR
  • CNAME RR
  • A (IPv4) and AAAA (IPv6) RRs
  • PTR RR
  • TXT RR (SPF)

Major DNS Types

  • Master DNS
  • Slave DNS
  • Caching DNS
  • Forwarding (Proxy) DNS
  • Stealth DNS
  • Authoritative Only DNS

Installing BIND

  • Installation of BIND on Linux (FreeBSD and Windows)
  • The default chroot installation
  • Starting and stopping BIND
  • RNDC default install
  • DIG/NSLOOKUP basics

BIND Configuration

  • BIND's named.conf layout and principles
  • The controls clause
  • The logging clause
  • The options clause
  • The zone clause
  • The ACL clause
  • BINDs view clause
  • Essential zone files
  • Configuration exercise

DNS and Ipv6

  • Forward mapping - the AAAA RR
  • Reverse mapping - the PTR and DNAME RR

Advanced Zone Files

  • Load balancing
  • In-zone and out-of-zone records
  • Parent and child domains
  • Subdomain delegation
  • Glue Records
  • SRV RR
  • NAPTR RR
  • Configuration exercise

DNS Tools and Diagnostics

  • DIG
  • NSLOOKUP
  • RNDC
  • Validation utilities
  • Log analysis
  • Exercises

Dynamic DNS (DDNS)

  • DDNS - theory and implications
  • Using nsupdate
  • Disabling and controlling DDNS
  • Exercise

Advanced Topics

  • DNS and DHCP (auto-update)
  • Security overview
  • Open and closed DNS
  • DNS uses - DNSBL, ENUM
  • DNS best practise
  • DNS Resources