DNS for Rocket Scientists

This Open Source Guide is about DNS and (mostly) BIND 9.x on Linux (Fedora Core), BSD's (FreeBSD, OpenBSD and NetBSD) and Windows (Windows 7 and 10). It is meant for newbies, Rocket Scientist wannabees and anyone in between.

This Guide was born out of our first attempts a number of years ago at trying to install a much needed DNS service on an early Redhat Linux system. We completed the DNS 'rite of passage' and found it a pretty unedifying and pointless experience.

Health Warning: This is still a work-in-progress. If you find errors don't grumble - tell us. Look at our to do list and if you want to contribute something please do so.

<gratuitous publicity> The newly published book Pro DNS and BIND was largely based on this material but significantly extends it - including DNS security (including DNSSEC.bis), IPv6, DNS APIs and complete reference sections on named.conf and RR types. We are outrageously biased but think it is an essential addition to the DNS admin's library. </gratuitious publicity>

Section 1 Overview

What's new in Guide version 0.1.47

1. Boilerplate and Terminology

1. 1.1 Objectives and Scope
2. 1.2 How to read this Guide
3. 1.3 Terminology and Conventions used
4. 1.4 Acknowledgements
5. 1.5 Copyright and License

2. DNS - Overview

1. 2.1 A brief History of Name Servers
2. 2.2 DNS Concepts & Implementation
   1. 2.2.1 DNS Overview
   2. 2.2.2 Domains and Delegation
   3. 2.2.3 DNS Organization and Structure
   4. 2.2.4 DNS System Components
   5. 2.2.5 Zones and Zone Files
   6. 2.2.6 DNS Queries
      1. 2.2.6.1 Recursive Queries
      2. 2.2.6.2 Iterative Queries
      3. 2.2.6.3 Inverse Queries
   7. 2.2.7 Zone Updates
      1. 2.2.7.1 Full Zone Transfer (AXFR)
      2. 2.2.7.2 Incremental Zone Transfer (IXFR)
      3. 2.2.7.3 Notify (NOTIFY)
      4. 2.2.7.4 Dynamic Zone Updates
      5. 2.2.7.5 Alternative Dynamic DNS Approaches
3. 2.3 DNS Security Overview
   1. 2.3.1 Security Threats
   2. 2.3.2 Security Types
   3. 2.3.3 Local Security
      
   4. 2.3.4 Server-Server (TSIG Transactions)
   5. 2.3.5 Server-Client (DNSSEC)

3. DNS Reverse Mapping

1. 3.1 Reverse Mapping Overview
2. 3.2 IN-ADDR.ARPA Files
3. 3.3 Reverse Map Delegation
   
4. 3.4 IPv6 Reverse Mapping
5. 3.5 IPv6 Reverse Mapping Notes
6. 3.6 IPv4 & IPv6 Reverse Map Generator

4. DNS Types

1. 4.1 Master (a.k.a. Primary) DNS Server
2. 4.2 Slave (Secondary) DNS Server
3. 4.3 Caching (a.k.a. hint) DNS Server
4. 4.4 Forwarding (a.k.a. Proxy, Client, Remote) DNS Server
5. 4.5 Stealth (a.k.a. DMZ or Split) DNS Server
6. 4.6 Authoritative Only DNS Server

Section 2 - Get Something Running

5. BIND (Berkeley Internet Name Daemon)

1. Installing on FreeBSD (4.x and 5.x+)
2. Installing on Linux (Fedora Core 2)
3. Installing on Windows (NT 4.0 and Windows 2000)
4. BIND Command Line

6. DNS Sample Configurations

1. 6.1 Sample Configuration Overview
   1. 6.1.1 Zone File Naming Convention
2. 6.2 Master (Primary) DNS
3. 6.3 Slave (Secondary) DNS
4. 6.4 Caching only DNS
5. 6.5 Forwarding (a.k.a. Proxy, Client, Remote) DNS
6. 6.6 Stealth (a.k.a. Split or DMZ) DNS
7. 6.7 Authoritative Only DNS
8. 6.8 Views based Authoritative Only DNS

Section 3 Mind Numbing Details

7. BIND named.conf Parameters

1. named.conf format, structure and overview
2. named.conf all statements
3. BIND9 Features by Release [9.7 to 9.10]
4. named.conf required zone files
   1. named.conf acl section (statements)
   2. named.conf controls section (statements)
   3. named.conf include section (statements)
   4. named.conf key section (statements)
   5. named.conf logging section (statements)
   6. named.conf options section (statements)
   7. named.conf server section (statements)
   8. named.conf trusted-keys section (statements)
   9. named.conf views section (statements)
   10. named.conf zone section (statements)
   11. named.conf Response Policy Zone (RPZ) Technology.

8. DNS Resource Records

1. Zone File Format
2. DNS Binary Record Formats
3. List of Record Types
4. $INCLUDE
5. $ORIGIN
6. $GENERATE
7. A - IPv4 Address Record
8. AAAA - IPv6 Address Record
9. CNAME - Host Alias Record
10. DNAME - Delegated Name Record
11. HINFO - System Information Record
12. KEY - Public Key Record
13. MX - Mail Exchanger Record
14. NAPTR - DDDS Record (ENUM)
    
15. NS - Name Server Record
16. PTR - Pointer Record
17. SIG(0) - Secure Signature
18. SOA - Start of Authority Record
19. SRV - Services Record
20. TXT - Text Record

Section 4 DNS Operations

Chapter 9 DNS HowTos

1. HOWTO Use DNS Round Robin for Load Balancing
2. HOWTO support http://mydomain.com
3. HOWTO Configure Sub-domains
4. HOWTO Delegate a Sub-domain
5. HOWTO Configure Mail Server Fail-over
6. HOWTO Fix SOA RR serial numbers
7. HOWTO Delegate Reverse Maps
8. HOWTO Define an SPF record
9. HOWTO Define a DKIM TXT record
10. HOWTO Update IPv4 and IPv6 Forward and Reverse maps with DHCP
11. HOWTO Install BIND 9 on FreeBSD
12. HOWTO Install BIND 9 on Windows
13. HOWTO Create a DNSBL (email black list)
14. HOWTO Close your DNS (to protect against DoS attacks and Cache Poisoning)
15. HOWTO Configure Split-Horizon Systems
16. HOWTO use the DNAME RR in IPv4 and IPv6 reverse maps
17. HOWTO configure ENUM
18. HOWTO test NAPTR RRs for ENUM and other DDDS Applications
19. HOWTO generate skeleton IPv6 and IPv4 reverse map zone files
20. HOWTO redirect zones
21. HOWTO use RPZ Technology
22. HOWTO build a simple zone blocker with RPZ

Chapter 10 Diagnostics and Tools

1. 10.1 Introduction
2. 10.2 nslookup
3. 10.3 dig

Chapter 11 Trouble and Error Messages

Work in progress

Chapter 12 BIND APIs

Work in progress

Section 5 DNS Security

Chapter 13 DNS Security

1. 13.1 DNS Security Overview
   1. 13.1.1 Security Threats
   2. 13.1.2 Security Types
   3. 13.1.3 Local Security
   4. 13.1.4 Server-Server (TSIG Transactions)
   5. 13.1.5 Server-Client (DNSSEC)

Section 6 DNS Bits and Bytes

Chapter 15 DNS Message Formats

1. 15.1 Overview Generic Format
2. 15.2 The Message Header
3. 15.3 The DNS Question
4. 15.4 The DNS Answer
5. 15.5 Domain Authority
6. 15.6 Additional Information

Appendices: Resources

1. Appendix A: DNS & BIND Notes and Explanations
2. Appendix B: Domains and Registration
3. Appendix C: DNS Alternate Software and Resources
4. Appendix D: DNS and Relevant RFCs

Maintenance Information

1. Change log
2. To do list - Stuff that still needs to be done

---

Problems, comments, suggestions, corrections (including broken links) or something to add? Please take the time from a busy life to 'mail us' (at top of screen), the webmaster (below) or info-support at zytrax. You will have a warm inner glow for the rest of the day.