The Concise Guide to DNS and BIND

Chapter 1: DNS Concepts\ DNS Is a Hierarchic, Distributed Database\ DNS's hierarchy is the result of two things. The most obvious is the domain names, such as www.amazon.com. This is a hierarchic name that is read from left to right. Rightmost is com, which is one of the many hundreds of topleuel domains, or TLDs. Of these TLDs, com, edu, and org are the most wellknown, but many, many others exist-one for each nation and territory on the planet. The International Standards Organization (ISO) has a standard for two-letter country codes called ISO-3166. The Internet authorities simply adopted these codes as names for these national domains. Under each TLD several more domains exist, such as amazon in our example. In addition, within the amazon domain, you find several more domain names, including the name of a machine (or several machines sharing one name), such as www. Together, the domain names make up www. amazon. com, which is called a fully qualified domain name (FQDN) because no part of the name is left out. Both TLD and FQDN are acronyms often found in technical discussions on the Internet.\ However, the hierarchy also comes from one other thing, which is linked with the distribution. Distribution is the way in which the contents of the DNS database are dispensed among servers on the Net. These make a hierarchy, almost in direct relation to the domain name structure. Authorities on the Net, called registrars, have authority over com and the other TLDs.\ They give, or delegate, authority over subdomains to the people who manage those subdomains. For instance, people employed by Amazon manage the amazon. com part of the database with their own set of DNSservers that have authority over the amazon. com domain. It is even possible for Amazon, or any other entity, to have several subdomains with delegated authority. This delegation of authority from com to amazon is a very important feature because it distributes both the administrative and technical responsibilities of managing DNS throughout the Net. Herein lies the point of DNS and the reason it can keep growing while the hosts. txt file could not. The delegation of authority over subdomains ensures that DNS is scalable; no single part of DNS will be bogged down by the weight of its responsibilities.\ What Is a Domain?\ DNS is a hierarchic database. A good analog in computing is a tree data structure as used in programming. Similar to a tree data structure, DNS has a root node, edges, and leaf nodes. Because it's a database, it also has lookup keys and values found by these keys by traversing the tree structure. \ If you examine a DNS name such as www. amazon. com, you'll see that all these parts are represented in the name. But first, it's important to realize that in reality the DNS name is www.amazon.com. (with the trailing period). The period is not normally typed, but it is there and is significant. It represents the root node of DNS. Just as in programming, you must know where the root node is because it cannot be found automatically. However, after you know where the root of the tree is, everything else can be found. The root is also called the root domain. It and each part of the domain name represent a domain, or subdomain, depending on bow you look at it. To get between the nodes, which are nameservers, edges are necessary, and DNS has edges. In fact, the contents of the DNS database are all edges.\ In DNS, each server has a root. hints file that tells it where to look for rootservers (see Figure 1.1)...

Introduction.About This Book. The Internet Before DNS. DNS to the Rescue. The Versions of BIND. If It's Worth Doing, It's Worth Doing Right.I. BASIC.1. DNS Concepts.DNS Is a Hierarchic, Distributed Database. What Is a Domain?Zones and Delegation. Reverse Zones. Duplication and Distribution of Zones. How Resolution Works.A Records. Recursion. NS Records. CNAME Records. PTR Records. A Reverse Lookup.DNS as a Tree.2. DNS in Practice.The BIND Software.ISC. Where to Get BIND. Compiling BIND.Configuring BIND.named.conf. root.hints. pz/127.0.0.Testing It All.ndc: Starting, Restarting, and Reloading BIND. Testing the Zone Files. The Details of DNS Caching.Resolver Setup./etc/resolv.conf. Other Files. Client Resolver.A Zone.A Forward Zone. A Reverse Zone. Another Zone.Subdomains and Delegation. Reverse Delegations for Classless Nets. Secondary Servers.Adding a Slave Server. Stealth Servers. NOTIFY.3. Maintenance and Enhancements.More Practical Details. Maintaining and Changing Zones.How SOA Records Controls DNS.DNS Round Robin and Load Distribution. The Trouble with CNAME Records. Wildcard Records.Restrictions on Wildcards. The Problem with Wildcards.Logs and Debugging.BINDs Start, Reload, and Reconfig Logging. Logging Channels. Logging Categories. BINDs Default Logging Configuration. Controlling Debug Logging.Adding More Domains. Contingency Planning.Internal Redundance. External Redundance. Extended Outages.Practical Uses of Forwarding.The Australian Academic and Research Network. Forwarding in Your Network.Maintaining the root.hints File.4. Getting a Domain.Top-Level Domains and Their Owners.Finding the TLD Owners. Finding the Reverse Zone Owners. The whois Database.Getting the Domain.Slave Servers. When Your Domain Is Taken.Paying for Everything.II. ADVANCED.5. Using Dig and nslookup.Dig.Query Type. Query Options. Dig Options. Dig Batch Files. Dig's Output. Using Dig.nslookup.6. Troubleshooting DNS.Staying Out of Trouble. Network Problems. Delegation Problems. Reverse Lookup Problems. Masters, Slaves, and Serial Numbers. Caching and TTLs. Zone Data Mistakes. The Log File(s).Zone File and Configuration Errors. Zone Transfers, Slave Zones. Dynamic DNS. Resolving. Miscellaneous.7. The DNS Tool Chest.The Internet.Internet-Based Tools.Maintenance Tools.h2n. Webmin. Mkrdns.Quality Control.dnswalk. DOC. nslint. nsping.8. Security Concerns.About Security. How Secure Is DNS and BIND?Spoofing DNS. ACLs. Blackholing. Bad Servers.Resource Use.Cache Cleaning. Zone Transfers.chroot and Least Privilege. Query ID Pool. Hiding Your BIND Version. BIND 9 and DNSSEC. DNS on Firewalls. Firewall Rules and DNS. Split DNS, NAT, and Network Hiding.Split DNS on a Firewall. Large Networks and Split DNS.9. Dynamic DNS.Of RRsets. Of Masters and Slaves.Accepting and Doing Updates.The DNS Server. The Dynamic Zone. The Client.Slave Server Issues. Reverse Zones. A One Host Zone. DHCP.Mixing DNS and DHCP Implementations. DHCP and Static DNS Entries. DHCP and Dynamic DNS Entries. Dynamic Updates by the Client.10. DNS and Dial-Up Connections.Moderating BIND. Cutting Off BIND.Pulling the Plug. Killing BIND. Packet Filter Rules. Auto-Dialing. IP Routing and Interfaces.11. DNS on a Closed Network.In a Simple Network. Internal Rootservers.A Traditional Rootserver. Stub Zones Only. A Rootserver with Stub Zones.Slave and Cache Servers. Structuring Your DNS.12. Interfacing DNS in Programs.The UNIX Resolver.gethostbyname and gethostbyaddr. Other Functions in the Resolver.DNS from Perl.The Net::DNS Module.DNS from Python. DNS in Shell Scripts. Asynchronous Resolving.GNU adns. arlib. DNScache Library.13. Resource Records.RRs in Current Use.A (Address). AAAA (IPv6 Address). ATMA (ATM Address). CNAME (Canonical Name of an Alias). HINFO (Host Information). MX (Mail Exchanger). NS (Authoritative Nameserver). NSAP. PTR (Pointer to Other Name). PX (X.400 Mapping). RP (Responsible Person). RT (Route Through). SOA (Start Of Authority). SRV (Service Locator). TXT (Text Information). X25 (X25 Routing Information).Experimental RRs.AFSDB (AFS Database Location). ISDN. KEY (Public Key). LOC (Location). KX (Key Exchange). NULL. NAPTR (Name Authority Pointer). NXT (Next Valid Name). SIG (Signature). SINK (The Kitchen Sink Record).Obsolete RRs.EID (Endpoint Identifier). GPOS (Geographical Position). ISDN (ISDN Address). MB (Mailbox). MD (Mail Destination). MF (Mail Forwarder 883). MG (Mail Group Member). MINFO (Mailbox or Mail-List Info). MR (Mail Rename). NIMLOC (NIMROD Locator). NSAP_PTR (NSAP Variant of PTR Record). WKS (Well Known Service).III. ABOUT BIND.14. A Guide to BIND.Migrating from BIND 4 to BIND.Configuration File Conversion. CNAME. Query Source. Name Checking.ndc in BIND.Configuring BIND.Zones. Glue Fetching. Forwarders. Recursive Servers. Query Logging. Zone Transfers. Resource Limits. Address Sorting. Bogus Nameservers. Inverse Query. Query Domain. Name Checking.Miscellaneous.Debugging. Reloading Zones. Zone Access Lists.15. Compiling and Maintaining BIND.About BIND. Getting BIND. Keeping It Current. Compiling BIND. Installing BIND. Customizing for Chrooted Environments.The Chroot Environment. The Scripts.16. BIND.The Goals of BIND. Why Use BIND. Compiling BIND. The Documentation.Administrator Reference Manual. New Configuration Options.Running BIND.named. rndc. lwresd.New Resource Limits. Views. New RRs.DNAME, Domain Alias. A6, IPv6 Address.Scalability. Security Enhancements.TSIG. DNSSEC.IPv6 Support.17. Miscellany.How ncd Works.status.Address Sorting.Sortlist. Topology. Sorting Is Out of Band.Checknames, Legal Hostnames. The Limits of BIND. The Housekeeping of BIND.Interface Scanning. Zone Transfers. Statistics. Memory Statistics.The Rest of the Options.fake-iquery. treat-cr-as-space. min-roots. has-old-clients. auth-nxdomain. rfc2308-type1.IV. APPENDIXES.Appendix A. named.conf Man Page.NAMED.CONF(5) System Programmer's Manual NAMED.CONF(5). NAME. named.conf-configuration file for named(8).Overview. General Syntax.Converting from BIND 4.9.x.Documentation Definitions.Address Match Lists.Syntax. Definition and Usage.The Logging Statement.Syntax. Definition and Usage. The Channel Phrase. The Category Phrase.The Options Statement.Syntax. Definition and Usage. Pathnames. Boolean Options. Resource Limits. Periodic Task Intervals. Topology. Resource Record Sorting. RRset Ordering. Tuning.The Zone Statement.Syntax. Definition and Usage. Classes. Options.The acl Statement.Syntax. Definition and Usage.The key Statement.Syntax. Definition and Usage.The trusted-keys Statement.Syntax. Definition and Usage.The server Statement.Syntax. Definition and Usage.The controls Statement.Syntax. Definition and Usage.The include Statement.Syntax. Definition and Usage.Examples. Files. See Also.Appendix B. Bibliography.Books. RFCs.Notes. Current. Related. Historical Documents.Index.

\ From Barnes & NobleSimply the most authoritative coverage of DNS and BIND you'll find -- by the author of the Linux Documentation Project's DNS How-To! In-depth solutions for implementation and support, including upgrades from BIND 4, new BIND 8 and 9 features, dynamic DNS, security, and much more. For the serious Unix/Linux network administrator!\ \ \ \ \ BooknewsLangfeldt (a consultant in a private firm) provides advanced users with the foundation and knowledge needed to understand, manipulate, and administer DNS and BIND. This book explains how DNS works and offers solutions for implementing and supporting DNS and BIND. Chapters address specific DNS concepts, its uses, maintenance and enhancement, Dig and nslookup, security, dial-up connections, interfacing, resource records, BIND 4, and BIND 9. Annotation c. Book News, Inc., Portland, OR (booknews.com)\ \