Skip to main content

DNS and BIND Deep Dive

Course

Intro Video

Photo of Cara Nolte

Cara Nolte

Linux Training Architect II

Length

03:14:04

Difficulty

Intermediate

Videos

24

Hands-on Labs

5

Course Details

Welcome to DNS and BIND Deep Dive. This course is intended for students who have a basic understanding of the Linux operating system and are comfortable with basic sysadmin tasks such as moving around the file system structure, basic command line utilities, and installing packages. Students should also have some basic configuration skills.

In this course, we will work with many BIND configurations such as creating a caching name server, configuring zones and domains, and BIND server security.

Syllabus

Introduction

Getting Started

Course Introduction

00:01:16

Lesson Description:

Hello, and welcome to this deep dive course on DNS and BIND. This is a deep dive course, intended for students with a good understanding of the Linux operating system. Students should be able to perform basic tasks, such as running commands, editing text files, moving around in the filesystem structure, and installing packages. Students should also have some basic configuration skills. In this video, we will talk about what to expect from this course as well as the configuration types we'll be creating in the course videos and hands-on labs.

About the Training Architect

00:00:52

Lesson Description:

Hi, my name is Cara. I will be your course author for the course you are about to take. Here is a little bit about me...

How to Use the Cloud Playground for This Course

00:04:37

Lesson Description:

This course walks students through the Cloud Playground feature of their subscriptions. Students will learn how to create cloud lab servers offering multiple Linux distributions and custom images.

DNS Fundamentals

Introduction to DNS and BIND

DNS Types Overview

00:02:48

Lesson Description:

The DNS Types Overview lesson will cover the two main configuration types for BIND, authoritative and recursive. We'll explore the differences between them and discuss how each responds to DNS queries.

DNS Concepts - Terms and Definitions

00:03:00

Lesson Description:

In this video lesson we will we will discuss some of the terms and definitions used in BIND DNS. This will help students become familiar with the different components used to configure a BIND server. We will also review different DNS record, types to familiarize students with the types of data stored in DNS records.

Zones and Domains

00:04:16

Lesson Description:

This video explains the domain namespace and gives a description of each tier in the domain namespace heirarchy. We'll talk about each tier of the domain name system to get a good understanding of what domains are located on each level, as well as touch on familiar examples of each domain type. Students will also learn about the root domain or root servers that are at the top of the namespace tree.

DNS Configuration

Basic DNS Server Configuration

DNS Configuration

00:04:11

Lesson Description:

In this video, we will be walking through some of the files used by BIND. We'll discuss basic DNS configuration and students will become familiar with running DNS queries using the nslookup command.

Configure a Caching Name Server

00:04:44

Lesson Description:

In this video, we walk through the most basic BIND configuration. Students will learn to configure a recursive, or caching-only, name server. We'll look at /etc/named.conf and start the named service. Then we will test DNS queries against our caching name server with the nslookup command. **Please note that due to restrictions on UDP traffic to prevent abuse in the Cloud Playground, this activity must be completed in the lab environment configured for the Create a Caching Name Server lab activity at the end of this video section.

Named Service and RNDC Keys

00:05:56

Lesson Description:

This video is an overview of RNDC. The remote node daemon control utility is used to control the named service. We will learn to run rndc commands and work with the RNDC key that is auto-generated by the named startup process.

RNDC Configuration

00:04:34

Lesson Description:

In this video, students will learn to manually create RNDC key file and the RNDC configuration file using the rndc-confgen command. Then we will link the new key and configuration to the named configuration to enable secure control of the named service.

Using the dig Command

00:06:35

Lesson Description:

The dig command is an essential command for name resolution queries and for troubleshooting name server issues. In this video, we'll learn to write queries for very verbose output, and also customize queries to return short or very specific information about a DNS record.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

00:15:00

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

00:15:00

Working with DNS Zones

Configuring for Zones

00:05:50

Lesson Description:

In this video, we will discuss how to configure the named.conf file for DNS zones. We will discuss the components and the approriate syntax used to configure named.conf to create the zone configuration that is critical for resolving name service queries.

Zone Files and Record Types - Start of Authority

00:02:36

Lesson Description:

The Start of Authority, or SOA record, is a crucial piece to configuring zone files. The SOA record appears at the top of zone file and contains information about the zone and other DNS records. In this video, we'll look at the components needed and the syntax required fr the SOA record configuration.

Zone Files and Record Types - Common Record Types

00:02:11

Lesson Description:

Configuring zone files for successful name resolution requires configuring many record types. In this video, we'll examine common record types and the syntax for configuring them in a zone file.

Creating Forward Zone Files

00:07:37

Lesson Description:

Creating forward zone files is crucial to DNS server configuration. In this video, we will learn to configure the Start of Authority record, as well as other records in the forward zone file.

Creating Reverse Zone Files

00:04:44

Lesson Description:

Creating reverse zone files crucial to DNS server configuration, and in performing reverse name service lookups. In this video, we will see how to configure the Start of Authority record as well as other records in the reverse zone file.

Zone File Validity Checking

00:02:39

Lesson Description:

When configuring DNS zones, administrators need to be able to manually verify the validity of the files they create, to check for syntax errors. In this video, we will see how to use the named-checkconf and named-checkzone commands to verify there are no syntax errors in configuration files. We will also use the nslookup command to verify that we can resolve the DNS names that we have configured.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

00:15:00

Advanced DNS Configuration

Configuring Multiple Domains

00:06:33

Lesson Description:

In this video, we will add a second domain to our name server configuration. This allows us to host multiple domains on the same name server. We'll edit the named.conf file and create the forward zone file. Then we will check our configuration with the named-checkconf and named-checkzone commands, restart the named service, and test our configuration using nslookup.

DNS Master and Replication Slave

00:09:45

Lesson Description:

In this video, we will talk about the Primary and Secondary, or Master/Slave, zone configuration for BIND. It is important to know how to configure master and slave zones for redundancy and security. In this lesson, we will create two name servers, configuring the first as a master server and the second as a slave, in the named.conf file. We will then create the associated forward and reverse zone files, and pull zone information down to the slave from the master. Finally, we will test the configuration with the nslookup command.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

00:30:00

DNS Server Security

Securing a DNS Server

Split DNS Configuration for Security

00:04:46

Lesson Description:

In this video, we will discuss the split DNS infrastructure configuration for DNS server security. We will look at the private and public domains, and learn which servers to place on either side of the firewall, depending on their intended use and whether they should be accessed by internal clients only or open to the public. We will also discuss how to mask the internal IP address of the internal DNS server when accessing the public DNS servers. The split DNS configuration is necessary for ensuring your name servers are secure and cannot be accessed by unauthorized users on the internet.

Running BIND in a Chroot Jail

00:04:49

Lesson Description:

In this video, we'll discuss the chroot jail and how to configure the named service to run in the chroot jail manually. Knowing the steps for manually creating the chroot jail is important, so that we can adequately troubleshoot chroot issues. For this exercise, we'll configure the named service to /chroot/named.

DNS Security Tools - Keys and Signing a Zone File

00:05:30

Lesson Description:

DNSSEC is a utility that offers additional security, such as signing a zone file to ensure zones are coming from trusted sources. In this video, we will talk about DNSSEC and signing a zone file. We will use the dnssec-keygen to create our key files and dnssec-signzone to sign our forward zone file.

DANE and TLSA Records

00:03:00

Lesson Description:

Implementing DANE and TLSA is a security measure we can use to secure a DNS server. Since certificate authorities are often compromised, and trusts are broken, DANE uses a DNS query to associate a web server's certificate with the web server's domain name. This data is stored in the TLSA (Transport Layer Security Authentication) record type. In this video, we'll discuss the components of a DANE TLSA record.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.

00:15:00

Final Steps

What's Next?

00:01:06

Lesson Description:

In this video, we will talk about what comes next for a student at Linux Academy who has completed this course. We'll talk about some other recommended courses, similar to this one, and how to build on the skills learned here.