The beginning of this course provides the student with foundational knowledge and skills necessary to deploy, manage and troubleshoot DNS and BIND. In-depth lectures cover DNS concepts in detail, including how DNS is implemented, while real-world experience is gained through practice with hands-on labs. BIND is used as the platform for DNS in this class, however the DNS principles learned are transferrable across any DNS server platform. This course mixes in-depth lectures and practical hands-on labs, which each student runs on his or her own server, which we provide.

DNS has many exotic, outdated, and rarely implemented features. Those are not covered!

This course is for any IT professional who would like a deeper understanding of the Domain Name System (DNS) and BIND. It is ideal for network administrators and engineers, systems administrators, security administrators, application developers and others who need DNS knowledge and skills.

The student should have working experience working within a Linux shell from the command line, with familiarity with cd, ls, cp, cat commands. The student should also have experience using a text editor. While shell experience is required, advanced command-line skills are not needed. For the text editor, working with vi or emacs is not required, as a simple editor, nano, is also available. An understanding of IP addressing is helpful.

After completion of this course, students will be able to…

  • Describe current DNS use and architecture 
  • Explain domain name registration procedures
  • Describe DNS resolution, DNS components, terminology and concepts 
  • Interpret DNS message types and format
  • Demonstrate DNS message flows 
  • Build, install, configure, manage and troubleshoot BIND servers
  • Explore advanced DNS deployment models
  • Configure advanced DNS features
  • Configure DNS to provide network security and secure DNS servers
  • Optimize DNS server performance
  • Use dig options for advanced querying, analysis and debugging 
  • Describe other network device considerations when deploying and securing DNS
  • The DNS Namespace
  • Domain Names, Labels and Nodes
  • The root, TLDs, and Lower Level Domains
  • Zones and Zone Types
  • Delegation
  • Name Resolution and Referrals
  • The DNS Message (DNS Data)
  • Name Servers (Authoritative Masters, Authoritative Slaves, Resolvers)
  • Stub Resolvers
  • Views (Split-DNS)
  • Empty Zones (Preventing Unanswerable Queries from Your Resolver)
  • BIND’s ACLs (Access Control Lists)
  • Cryptography in DNS
  • Transaction Signatures (TSIGs)
  • NOTIFY and IXFR (Incremental Zone Transfer)
  • Dynamic DNS (DDNS)
  • BIND’s DDNS Tool: nsupdate
  • BIND’s rndc commands for DDNS
  • ‘dig‘ing Deeper
  • Automatic Zone Provisioning in BIND (Catalog Zones)
  • BIND Prefetch
  • EDNS (Extended DNS) and the OPT Pseudo Record Type
  • The Practical Uses of the Chaos Class
  • Firewall Knowledge & Configuration for DNS
  • Risks, Threats, Attacks, and Security in DNS
  • The Fundamentals of DNSSEC (DNS SECurity)
  • DNSSEC Key types, The Chain of Trust
  • DNSSEC Resource Record Types (minimally the following are covered: RRSIG, DNSKEY, DS, NSEC)
  • Implementing a DNSSEC Validating BIND Resolving Server
  • BIND cryptography tools: rndc-confgen, ddns-confgen, dnssec-keygen
SLI Main Menu