DNS and Bind Advanced (DNSB-A)

Overview

This 2-day course continues where DNS & BIND Fundamentals (DNSB-F) leaves off, focusing on critical topics that do not fit into DNSB-F. DNS has many exotic, outdated, and rarely implemented features. Those are not covered. Like DNSB-F, this course mixes in-depth lectures and practical hands-on labs, which each student runs on his or her own server, which we provide.

Any IT professional who would like to go beyond the fundamentals of Domain Name System (DNS) and BIND, and dive more deeply into security, optimization, and other advanced features. It is ideal for network administrators and engineers, systems administrators, security administrators, application developers and others who have already taken DNSB-F or have equivalent knowledge and skills.

It is strongly recommended to attend DNS & BIND Fundamentals (DNSB-F) before attending DNSB-A. Students wishing to attend DNSB-A without attending DNSB-F first can request a pre-course assessment test to ensure their readiness for this advanced course. 

The student should have working experience working within a Linux shell from the command line, with familiarity with cd, ls, cp, cat commands. The student should also have experience using a text editor. While shell experience is required, advanced command-line skills are not needed. For the text editor, working with vi or emacs is not required, as a simple editor, nano, is also available. An understanding of IP addressing is helpful.

After completion of this course, students will be able to…

  • Explore advanced DNS deployment models
  • Configure advanced DNS features
  • Configure DNS to provide network security and secure DNS servers
  • Optimize DNS server performance
  • Use dig options for advanced querying, analysis and debugging 
  • Describe other network device considerations when deploying and securing DNS
  • Views (Split-DNS)
  • Empty Zones (Preventing Unanswerable Queries from Your Resolver)
  • BIND’s ACLs (Access Control Lists)
  • Cryptography in DNS
  • Transaction Signatures (TSIGs)
  • NOTIFY and IXFR (Incremental Zone Transfer)
  • Dynamic DNS (DDNS)
  • BIND’s DDNS Tool: nsupdate
  • BIND’s rndc commands for DDNS
  • ‘dig‘ing Deeper
  • Automatic Zone Provisioning in BIND (Catalog Zones)
  • BIND Prefetch
  • EDNS (Extended DNS) and the OPT Pseudo Record Type
  • The Practical Uses of the Chaos Class
  • Firewall Knowledge & Configuration for DNS
  • Risks, Threats, Attacks, and Security in DNS
  • The Fundamentals of DNSSEC (DNS SECurity)
  • DNSSEC Key types, The Chain of Trust
  • DNSSEC Resource Record Types (minimally the following are covered: RRSIG, DNSKEY, DS, NSEC)
  • Implementing a DNSSEC Validating BIND Resolving Server
  • BIND cryptography tools: rndc-confgen, ddns-confgen, dnssec-keygen
SLI Main Menu