DNS & BIND Advanced continues where DNS & BIND Fundamentals (DNSB-F) leaves off. It focuses on critical topics that do not fit into DNSB-F. These include security topics that are critical in today's Internet. DNS has exotic, out-dated, and rarely implemented features. Those are not covered. Like DNSB-F, this course mixes in-depth lectures and practical hands-on labs, which each student runs on his or her own server, which we provide.
Attending DNSB-A in the same week as DNSB-F is the most popular registration option. If that is appealing, register just once for the combined course, DNS & BIND Week (DNSB-W), which is less expensive than attending DNSB-F and DNSB-A independently.
Any IT professional who would like to go beyond the fundamentals of Domain Name System (DNS) and BIND, and dive more deeply into security, optimization, and other advanced features. It is ideal for network administrators and engineers, systems administrators, security administrators, application developers and others who have already taken DNSB-F or have equivalent knowledge and skills.
It is strongly recommended to attend DNS & BIND Fundamentals (DNSB-F) before DNSB-A. Even participants with extensive experience tell us that DNSB-F fills in knowledge gaps, helps them understand how topics they know actually work and why, and corrects their misunderstandings. If you would like to attend DNSB-A without first attending DNSB-F, email us a request for a placement test.
The labs require working on the command-line in a Linux shell. Without familiarity with basics such as cd, ls, cp, cat and using a text editor, a participant will face difficulties. While experience is strongly recommended, advanced command-line skills are not needed. For the text editor, working with vi or emacs is not required, as a simple editor, nano, is also available. An understanding of IP addressing is helpful.
After completion of this course, students will be able to…
- Explore advanced DNS deployment models
- Configure advanced DNS features
- Configure DNS to provide network security and secure DNS servers
- Optimize DNS server performance
- Use dig options for advanced querying, analysis and debugging
- Describe other network device considerations when deploying and securing DNS
- Dynamic DNS (DDNS), NOTIFY, & Incremental Zone Transfers
- Extended DNS (EDNS)
- dnstap (Advanced Query & Response Logging)
- Catalog Zones(Automatic Zone Provisioning)
- Security: DNS Threats, Risks, Attacks, and Mitigation
- (e.g. Spoofed Responses, Spoofed IPs, Reflection, Amplification, DDoS, Cache Poisoning, Hijacking, etc)
- Security: Cryptography in DNS (Symmetric / Asymmetric)
- Security: Response Policy Zones (RPZ)
- Security: Response Rate Limiting
- Security: DNS Cookies
- Security: Transaction Signatures
- Security: Address Match Lists & Access Control Lists (ACLs)
- Security: Implementing a DNSSEC Validating BIND Resolving Server
- Security: Proper Firewall Configuration for DNS
- Security: Minimal ANY
- Security: DNSSEC (DNS SECurity) Introduction
- NOTE: DNSSEC is covered in-depth in the course: DNSSEC & BIND (DNSECB)
- Views (Split-DNS)
- RDNS: Empty Zones (Preventing Unanswerable Queries)
- RDNS: BIND Authoritative Selection
- RDNS: BIND Prefetch
- The CHAOS Class & its Practical Uses
- Common DNS Misunderstandings
- BIND Configuration for Course Topics
- Additionally: Several topics in DNSB-F are covered in greater detail.