Skip to main content

Linux Domain Name Server (DNS)


Intro Video

Photo of Cara Nolte

Cara Nolte

Linux Training Architect II







Hands-on Labs


Course Details

This is a stand-alone course but is also a learning path in order to prepare you for the LPIC-2 202-450 exam. The material in this course will prepare you for the 207 section of the LPIC-2 202-450 Exam, section 207: Domain Name Server. We will review the basics of DNS, create multiple name server configurations including a caching only name server and an autoritative name server, as well as working with zones and zone files. We will also discuss DND security.



Course Introduction


Lesson Description:

Hello, and welcome to this Certification Prep course, LPIC2: 202-450, Section 207, Domain Name Server. This course is intended for students with a good understanding of the Linux operating system. Students should be able to perform basic tasks, such as running commands, editing text files, moving around in the filesystem structure, and installing packages. Students should also have some basic configuration skills. In this video, we will talk about what to expect from this course as well as the configuration types we'll be creating in the course videos and hands-on labs.

About the Training Architect


Lesson Description:

Hi, my name is Cara. I will be your Training Architect for the LPIC2: 202-450 Certification Preparation course you are about to take. Here is a little bit about me.

207.1 Basic DNS Server Configuration

DNS Overview


Lesson Description:

The DNS Overview will cover the two main configuration types for BIND, authoritative, and recursive name servers. We'll explore the differences between them and discuss how each of these responds to DNS queries.

DNS Fundamentals


Lesson Description:

In this video lesson, we will discuss some of the basic terms and definitions used in BIND DNS. This will help students become familiar with the different components used to configure a BIND server. We will also review different DNS record types to familiarize students with the types of data stored in records.

Basic BIND Configuration


Lesson Description:

In this video, we'll walk through the most basic BIND configuration. Students will learn to configure a recursive, or caching-only, name server. We'll look at /etc/named.conf and start the named service. Then we will test DNS queries against our caching name server with the nslookup command. Please note that due to restrictions on UDP traffic to prevent abuse in the Cloud Playground, this activity must be completed in the lab environment configured for the Create a Caching Name Server lab activity at the end of this video section.

Working with RNDC Keys


Lesson Description:

This video is an overview of RNDC. The remote node daemon control utility is used to control the named service. We will learn to run rndc commands and work with the RNDC key that is auto-generated by the named startup process.

Alternate Name Servers: PowerDNS, Dnsmasq, and Djbdns


Lesson Description:

This course exclusively covers the Berkeley Internet Name Domain (BIND). In this lesson, we'll talk about a few of the other types of DNS servers.

Create and Maintain DNS Zones (207.2)

Zones and Domains Overview


Lesson Description:

This video explains the domain namespace and describes each tier in the domain namespace hierarchy. We'll talk about each tier of the domain name system to get a good understanding of what domains are located on each level, as well as touch on familiar examples of each domain type. Students will also learn about the root domain or root servers that are at the top of the namespace tree.

The Start of Authority (SOA) Record


Lesson Description:

The Start of Authority, or SOA record, is a crucial piece to configuring zone files. The SOA record appears at the top of the zone file and contains information about the zone and other DNS records. In this video, we'll look at the components needed and the syntax required for the SOA record configuration.

Other Common Record Types


Lesson Description:

Configuring zone files for successful name resolution requires configuring many record types. In this video, we'll examine common record types and the syntax for configuring them in a zone file.

Configuring for Zones


Lesson Description:

In this video, we will discuss how to configure the named.conf file for DNS zones. We will discuss the components and the appropriate syntax used to configure named.conf to create the zone configuration that is critical for resolving name service queries.

Create a Forward Zone File


Lesson Description:

Creating forward zone files is crucial to DNS server configuration. In this video, we will learn to configure the Start of Authority record, as well as other records in the forward zone file.

Create a Reverse Zone File


Lesson Description:

Creating reverse zone files crucial to DNS server configuration, and in performing reverse name service lookups. In this video, we will see how to configure the Start of Authority record as well as other records in the reverse zone file.

Zone File Validity Checking


Lesson Description:

When configuring DNS zones, administrators need to be able to manually verify the validity of the files they create, to check for syntax errors. In this video, we will see how to use the named-checkconf and named-checkzone commands to verify there are no syntax errors in configuration files. We will also use the nslookup command to verify that we can resolve the DNS names that we have configured. Next, we will discuss the named-compilezone utility and the masterfile-format configuration options for named.

Master and Slave DNS Configuration


Lesson Description:

In this video, we will talk about the Primary and Secondary, or Master/Slave, zone configuration for BIND. It is important to know how to configure master and slave zones for redundancy and security. In this lesson, we will create two name servers, configuring the first as a master server and the second as a slave, in the named.conf file. We will then create the associated forward and reverse zone files, and pull zone information down to the slave from the master. Finally, we will test the configuration with the nslookup command.

DNS Querying


Lesson Description:

The bind-utils package contains utilities that we can use to query DNS servers for information. nslookup, host, and dig are essential utilities for name resolution queries and for troubleshooting name server issues. In this video, we'll learn to write queries for very verbose output, and also customize queries to return short or very specific information about a DNS record.

Securing a DNS Server (207.3)

Create a chroot Jail


Lesson Description:

In this video, we'll discuss the chroot jail and how to configure the named service to run in the chroot jail both with the bind-chroot package in RHEL 7, as well as manually in RHEL 6. Knowing the steps for manually creating the chroot jail is important so that we can adequately troubleshoot chroot issues.

Split DNS Configuration


Lesson Description:

In this video, we will discuss the split DNS configuration for DNS server security. We look at the private and public domains, and learn which servers to place on either side of the firewall, depending on their intended use and whether they should be accessed by internal clients only or open to the public. We will also discuss how to mask the internal IP address of the internal DNS server when accessing the public DNS servers. The split DNS configuration is necessary for ensuring your name servers are secure and cannot be accessed by unauthorized users on the internet. Then we'll discuss the forwarders option for the named.conf file to enable query forwarding to other DNS servers.

DNSSEC and Transaction Signatures


Lesson Description:

DNSSEC is a utility that offers additional security, such as signing a zone file to ensure zones are coming from trusted sources. In this video, we will talk about DNSSEC and signing a zone file. We will use the dnssec-keygen to create our key files and dnssec-signzone to sign our forward zone file.

DANE TLSA Overview


Lesson Description:

Implementing DANE and TLSA is a security measure we can use to secure a DNS server. Since certificate authorities are often compromised, and trusts are broken, DANE uses a DNS query to associate a web server's certificate with the web server's domain name. This data is stored in the TLSA (Transport Layer Security Authentication) record type. In this video, we'll discuss the components of a DANE TLSA record.


What's Next?


Lesson Description:

In this video, we talk about what comes next for a student who has completed this course. We'll talk about some other recommended courses similar to this one, and how to build on the skills learned here.

Take this course and learn a new skill today.

Transform your learning with our all access plan.

Start 7-Day Free Trial