mail us  |  mail this page

products  |  company  |  support  |  training  |  contact us


Blucat Banner

DNS for Rocket Scientists

This Open Source Guide is about DNS and (mostly) BIND 9.x on Linux (Fedora Core), BSD's (FreeBSD, OpenBSD and NetBSD) and Windows (Win 2K, XP, Server 2003). It is meant for newbies, Rocket Scientist wannabees and anyone in between.

This Guide was born out of our first attempts a number of years ago at trying to install a much needed DNS service on an early Redhat Linux system. We completed the DNS 'rite of passage' and found it a pretty unedifying and pointless experience.

Health Warning: This is still a work-in-progress. If you find errors don't grumble - tell us. Look at our to do list and if you want to contribute something please do so.

<gratuitous publicity> The newly published book Pro DNS and BIND was largely based on this material but significantly extends it - including DNS security (including DNSSEC.bis), IPv6, DNS APIs and complete reference sections on named.conf and RR types. We are outrageously biased but think it is an essential addition to the DNS admin's library. </gratuitious publicity>

Section 1 Overview

What's new in Guide version 0.1.42

1. Boilerplate and Terminology

  1. 1.1 Objectives and Scope
  2. 1.2 How to read this Guide
  3. 1.3 Terminology and Conventions used
  4. 1.4 Acknowledgements
  5. 1.5 Copyright and License

2. DNS - Overview

  1. 2.1 A brief History of Name Servers
  2. 2.2 DNS Concepts & Implementation
    1. 2.2.1 DNS Overview
    2. 2.2.2 Domains and Delegation
    3. 2.2.3 DNS Organization and Structure
    4. 2.2.4 DNS System Components
    5. 2.2.5 Zones and Zone Files
    6. 2.2.6 DNS Queries
      1. Recursive Queries
      2. Iterative Queries
      3. Inverse Queries
    7. 2.2.7 Zone Updates
      1. Full Zone Transfer (AXFR)
      2. Incremental Zone Transfer (IXFR)
      3. Notify (NOTIFY)
      4. Dynamic Zone Updates
      5. Alternative Dynamic DNS Approaches
  3. 2.3 DNS Security Overview
    1. 2.3.1 Security Threats
    2. 2.3.2 Security Types
    3. 2.3.3 Local Security
    4. 2.3.4 Server-Server (TSIG Transactions)
    5. 2.3.5 Server-Client (DNSSEC)

3. DNS Reverse Mapping

  1. 3.1 Reverse Mapping Overview
  2. 3.2 IN-ADDR.ARPA Files
  3. 3.3 Reverse Map Delegation
  4. 3.4 IPv6 Reverse Mapping
  5. 3.5 IPv6 Reverse Mapping Notes
  6. 3.6 IPv4 & IPv6 Reverse Map Generator

4. DNS Types

  1. 4.1 Master (a.k.a. Primary) DNS Server
  2. 4.2 Slave (Secondary) DNS Server
  3. 4.3 Caching (a.k.a. hint) DNS Server
  4. 4.4 Forwarding (a.k.a. Proxy, Client, Remote) DNS Server
  5. 4.5 Stealth (a.k.a. DMZ or Split) DNS Server
  6. 4.6 Authoritative Only DNS Server

Section 2 - Get Something Running

5. BIND (Berkeley Internet Name Daemon)

  1. Installing on FreeBSD (4.x and 5.x+)
  2. Installing on Linux (Fedora Core 2)
  3. Installing on Windows (NT 4.0 and Windows 2000)
  4. BIND Command Line

6. DNS Sample Configurations

  1. 6.1 Sample Configuration Overview
    1. 6.1.1 Zone File Naming Convention
  2. 6.2 Master (Primary) DNS
  3. 6.3 Slave (Secondary) DNS
  4. 6.4 Caching only DNS
  5. 6.5 Forwarding (a.k.a. Proxy, Client, Remote) DNS
  6. 6.6 Stealth (a.k.a. Split or DMZ) DNS
  7. 6.7 Authoritative Only DNS
  8. 6.8 Views based Authoritative Only DNS

Section 3 Mind Numbing Details

7. BIND named.conf Parameters

  1. named.conf format, structure and overview
  2. named.conf all statements
  3. BIND9 Features by Release [9.7 to 9.10]
  4. named.conf required zone files
    1. named.conf acl section (statements)
    2. named.conf controls section (statements)
    3. named.conf include section (statements)
    4. named.conf key section (statements)
    5. named.conf logging section (statements)
    6. named.conf options section (statements)
    7. named.conf server section (statements)
    8. named.conf trusted-keys section (statements)
    9. named.conf views section (statements)
    10. named.conf zone section (statements)
    11. named.conf Response Policy Zone (RPZ) Technology.

8. DNS Resource Records

  1. Zone File Format
  2. DNS Binary Record Formats
  3. List of Record Types
  5. $ORIGIN
  7. A - IPv4 Address Record
  8. AAAA - IPv6 Address Record
  9. CNAME - Host Alias Record
  10. DNAME - Delegated Name Record
  11. HINFO - System Information Record
  12. KEY - Public Key Record
  13. MX - Mail Exchanger Record
  14. NAPTR - DDDS Record (ENUM)
  15. NS - Name Server Record
  16. PTR - Pointer Record
  17. SIG(0) - Secure Signature
  18. SOA - Start of Authority Record
  19. SRV - Services Record
  20. TXT - Text Record

Section 4 DNS Operations

Chapter 9 DNS HowTos

  1. HOWTO Use DNS Round Robin for Load Balancing
  2. HOWTO support
  3. HOWTO Configure Sub-domains
  4. HOWTO Delegate a Sub-domain
  5. HOWTO Configure Mail Server Fail-over
  6. HOWTO Fix SOA RR serial numbers
  7. HOWTO Delegate Reverse Maps
  8. HOWTO Define an SPF record
  9. HOWTO Define a DKIM TXT record
  10. HOWTO Update IPv4 and IPv6 Forward and Reverse maps with DHCP
  11. HOWTO Install BIND 9 on FreeBSD
  12. HOWTO Install BIND 9 on Windows
  13. HOWTO Create a DNSBL (email black list)
  14. HOWTO Close your DNS (to protect against DoS attacks and Cache Poisoning)
  15. HOWTO Configure Split-Horizon Systems
  16. HOWTO use the DNAME RR in IPv4 and IPv6 reverse maps
  17. HOWTO configure ENUM
  18. HOWTO test NAPTR RRs for ENUM and other DDDS Applications
  19. HOWTO generate skeleton IPv6 and IPv4 reverse map zone files
  20. HOWTO redirect zones
  21. HOWTO use RPZ Technology
  22. HOWTO build a simple zone blocker with RPZ

Chapter 10 Diagnostics and Tools

  1. 10.1 Introduction
  2. 10.2 nslookup
  3. 10.3 dig

Chapter 11 Trouble and Error Messages

Work in progress

Chapter 12 BIND APIs

Work in progress

Section 5 DNS Security

Chapter 13 DNS Security

  1. 13.1 DNS Security Overview
    1. 13.1.1 Security Threats
    2. 13.1.2 Security Types
    3. 13.1.3 Local Security
    4. 13.1.4 Server-Server (TSIG Transactions)
    5. 13.1.5 Server-Client (DNSSEC)

Section 6 DNS Bits and Bytes

Chapter 15 DNS Message Formats

  1. 15.1 Overview Generic Format
  2. 15.2 The Message Header
  3. 15.3 The DNS Question
  4. 15.4 The DNS Answer
  5. 15.5 Domain Authority
  6. 15.6 Additional Information

Appendices: Resources

  1. Appendix A: DNS & BIND Notes and Explanations
  2. Appendix B: Domains and Registration
  3. Appendix C: DNS Alternate Software and Resources
  4. Appendix D: DNS and Relevant RFCs

Maintenance Information

  1. Change log
  2. To do list - Stuff that still needs to be done

Problems, comments, suggestions, corrections (including broken links) or something to add? Please take the time from a busy life to 'mail us' (at top of screen), the webmaster (below) or info-support at zytrax. You will have a warm inner glow for the rest of the day.

Copyright © 1994 - 2014 ZyTrax, Inc.
All rights reserved. Legal and Privacy
site by zytrax
Hosted by
web-master at zytrax
Page modified: December 10 2013.

Pro DNS and BIND by Ron Aitchison


tech info
guides home
dns articles
1 objectives
big picture
2 concepts
3 reverse map
4 dns types
5 install bind
6 samples
7 named.conf
8 dns records
9 howtos
10 tools
11 trouble
12 bind api's
13 dns security
bits & bytes
15 messages
notes & tips
registration FAQ
dns resources
dns rfc's
change log

Creative Commons License
This work is licensed under a Creative Commons License.

If you are happy it's OK - but your browser is giving a less than optimal experience on our site. You could, at no charge, upgrade to a W3C STANDARDS COMPLIANT browser such as Firefox


Share Page

share page via facebook tweet this page submit page to stumbleupon submit page to

Page Features

Page comment feature Send to a friend feature print this page Decrease font size Increase font size

RSS Feed Icon RSS Feed



Debian Linux


GNU-Free SW Foundation


Open Source Initiative
Creative Commons


Ibiblio - Library
Open Book Project
Open Directory

SPF Resources

Draft RFC
SPF Web Site
SPF Testing
SPF Testing (member only)

Display full width page Full width page

Print this page Print this page

SPF Record Conformant Domain Logo