Menu

DNS & BIND Week (DNSB-W)

ALL SLI DATES ARE GUARANTEED TO RUN!

Check out our full list of training locations and learning formats. Please note that the location you choose may be an Established HD-ILT location.

Overview

Nothing is taken for granted, and the labs begin by downloading, compiling, and installing BIND. Each student creates BIND configuration from scratch for authoritative and recursive servers. They create zone files from scratch for an authoritative masters. DNS tools such as, dig,rndc, named-checkconf, & named-checkzone, are taught in depth and used extensively in the labs. Those with previous DNS and BIND skills report that the start of the course, which assumes nothing, fills in knowledge gaps, corrects misconceptions, and that it moves on to unknown topics and new material. Hands-on and full of laboratory exercises.

Recently, we have added four new sections on DNS Cookies, Response Policy Zones (RPZ), Response Rate Limiting (RRL) and dnstap. Many new labs have been added, including several problem solving and debugging labs along with additional quizzes.

DNS & BIND Week can be taken as two independent courses, DNS & BIND Fundamentals (DNSB-F) and DNS & BIND Advanced (DNSB-A). However, DNSB-W comes at a discount of $150 off the price of the individual courses, and is recommended for most participants.


While, implementation details are specific to BIND, the course's theory, and the practical skills gained in the labs, are applicable to all DNS systems. DNS has many exotic, outdated, and rarely implemented features. Those are not covered!

Target Audience

This course is for any IT professional who would like a deeper understanding of the Domain Name System (DNS) and BIND. It is ideal for network administrators and engineers, systems administrators, security administrators, application developers and others who need DNS knowledge and skills.

It is ideal for anyone starting out. It is most commonly attended by those with previous DNS knowledge, and by administrators with BIND experience.

Prerequisites

The labs require working on the command-line in a Linux shell. Without familiarity with basics such as cd, ls, cp, cat, and using a text editor, a participant will face difficulties. While experience is strongly recommended, advanced command-line skills are not needed. For the text editor, working with vi or emacs is not required, as a simple editor, nano, is also available. An understanding of IP addressing is helpful.

Course Objectives

After completion of this course, students will be able to…

  • Describe current DNS use and architecture 
  • Explain domain name registration procedures
  • Describe DNS resolution, DNS components, terminology and concepts 
  • Interpret DNS message types and format
  • Demonstrate DNS message flows 
  • Build, install, configure, manage and troubleshoot BIND servers
  • Explore advanced DNS deployment models
  • Configure advanced DNS features
  • Configure DNS to provide network security and secure DNS servers
  • Optimize DNS server performance
  • Use dig options for advanced querying, analysis and debugging 
  • Describe other network device considerations when deploying and securing DNS

Full Course Outline

  • The DNS Namespace (Basic DNS Theory)
  • Domain Names, Labels and Nodes
  • The root, TLDs, and Lower Level Domains
  • Zones and Zone Types
  • Delegation
  • Name Resolution and Referrals
  • The DNS Message (DNS Data)
  • Name Servers: Authoritative Masters, Authoritative Slaves, RDNS (Recursive Resolvers)
  • Caching & Negative-Caching
  • Stub Resolvers
  • Forwarding, Forward Zones, and Stub Zones
  • Master File Format, Shortcuts, & Directives
  • Registrants, Registrars, Registries, Registry Operators
  • Classes, Resource Record Types, & Resource Records
  • (minimally, the following are covered in detail: SOA, NS, A, AAAA, MX, SRV, TXT, PTR, CNAME)
  • Pseudo Resource Records (e.g. ANY, AXFR, IXFR, OPT, TSIG, etc)
  • Setting Up & Accessing Remote Name Servers
  • Downloading, Compiling and Installing BIND
  • BIND Configuration Files (minimally):
  • named.conf, rndc.conf, rndc.keys, bind.keys
  • BIND Management Tools (minimally):
  • named-checkconf,named-checkzone, rndc, nsupdate, rndc-confgen, tsig-keygen
  • Generating & Reading BIND Log Files
  • dig, its Output, & the problems with nslookup
  • DNS Debugging & BIND Debugging
  • Dynamic DNS (DDNS), NOTIFY, & Incremental Zone Transfers
  • Extended DNS (EDNS)
  • dnstap (Advanced Query & Response Logging)
  • Catalog Zones(Automatic Zone Provisioning)
  • Security: DNS Threats, Risks, Attacks, and Mitigation
  • (e.g. Spoofed Responses, Spoofed IPs, Reflection, Amplification, DDoS, Cache Poisoning, Hijacking, etc)
  • Security: Cryptography in DNS (Symmetric / Asymmetric)
  • Security: Response Policy Zones (RPZ)
  • Security: Response Rate Limiting
  • Security: DNS Cookies
  • Security: Transaction Signatures
  • Security: Address Match Lists & Access Control Lists (ACLs)
  • Security: Implementing a DNSSEC Validating BIND Resolving Server
  • Security: Proper Firewall Configuration for DNS
  • Security: Minimal ANY
  • Security: DNSSEC (DNS SECurity) Introduction
  • NOTE: DNSSEC is covered in-depth in the course: DNSSEC & BIND (DNSECB)
  • Views (Split-DNS)
  • DNAME
  • RDNS: Empty Zones (Preventing Unanswerable Queries)
  • RDNS: BIND Authoritative Selection
  • RDNS: BIND Prefetch
  • The CHAOS Class & its Practical Uses
  • Common DNS Misunderstandings
  • BIND Configuration for Course Topics
SLI Main Menu