Linux Domain Name Server (DNS)
Linux Training Architect II
This is a stand-alone course but is also a learning path in order to prepare you for the LPIC-2 202-450 exam. The material in this course will prepare you for the 207 section of the LPIC-2 202-450 Exam, section 207: Domain Name Server. We will review the basics of DNS, create multiple name server configurations including a caching only name server and an autoritative name server, as well as working with zones and zone files. We will also discuss DND security.
Hello, and welcome to this Certification Prep course, LPIC2: 202-450, Section 207, Domain Name Server. This course is intended for students with a good understanding of the Linux operating system. Students should be able to perform basic tasks, such as running commands, editing text files, moving around in the filesystem structure, and installing packages. Students should also have some basic configuration skills. In this video, we will talk about what to expect from this course as well as the configuration types we'll be creating in the course videos and hands-on labs.
About the Training Architect
Hi, my name is Cara. I will be your Training Architect for the LPIC2: 202-450 Certification Preparation course you are about to take. Here is a little bit about me.
207.1 Basic DNS Server Configuration
The DNS Overview will cover the two main configuration types for BIND, authoritative, and recursive name servers. We'll explore the differences between them and discuss how each of these responds to DNS queries.
In this video lesson, we will discuss some of the basic terms and definitions used in BIND DNS. This will help students become familiar with the different components used to configure a BIND server. We will also review different DNS record types to familiarize students with the types of data stored in records.
Basic BIND Configuration
In this video, we'll walk through the most basic BIND configuration. Students will learn to configure a recursive, or caching-only, name server. We'll look at
/etc/named.conf and start the
named service. Then we will test DNS queries against our caching name server with the
Please note that due to restrictions on UDP traffic to prevent abuse in the Cloud Playground, this activity must be completed in the lab environment configured for the Create a Caching Name Server lab activity at the end of this video section.
Working with RNDC Keys
This video is an overview of RNDC. The remote node daemon control utility is used to control the
named service. We will learn to run
rndc commands and work with the RNDC key that is auto-generated by the
named startup process.
Alternate Name Servers: PowerDNS, Dnsmasq, and Djbdns
This course exclusively covers the Berkeley Internet Name Domain (BIND). In this lesson, we'll talk about a few of the other types of DNS servers.
Create and Maintain DNS Zones (207.2)
Zones and Domains Overview
This video explains the domain namespace and describes each tier in the domain namespace hierarchy. We'll talk about each tier of the domain name system to get a good understanding of what domains are located on each level, as well as touch on familiar examples of each domain type. Students will also learn about the root domain or root servers that are at the top of the namespace tree.
The Start of Authority (SOA) Record
The Start of Authority, or SOA record, is a crucial piece to configuring zone files. The SOA record appears at the top of the zone file and contains information about the zone and other DNS records. In this video, we'll look at the components needed and the syntax required for the SOA record configuration.
Other Common Record Types
Configuring zone files for successful name resolution requires configuring many record types. In this video, we'll examine common record types and the syntax for configuring them in a zone file.
Configuring for Zones
In this video, we will discuss how to configure the
named.conf file for DNS zones. We will discuss the components and the appropriate syntax used to configure
named.conf to create the zone configuration that is critical for resolving name service queries.
Create a Forward Zone File
Creating forward zone files is crucial to DNS server configuration. In this video, we will learn to configure the Start of Authority record, as well as other records in the forward zone file.
Create a Reverse Zone File
Creating reverse zone files crucial to DNS server configuration, and in performing reverse name service lookups. In this video, we will see how to configure the Start of Authority record as well as other records in the reverse zone file.
Zone File Validity Checking
When configuring DNS zones, administrators need to be able to manually verify the validity of the files they create, to check for syntax errors. In this video, we will see how to use the
named-checkzone commands to verify there are no syntax errors in configuration files. We will also use the
nslookup command to verify that we can resolve the DNS names that we have configured. Next, we will discuss the
named-compilezone utility and the
masterfile-format configuration options for named.
Master and Slave DNS Configuration
In this video, we will talk about the Primary and Secondary, or Master/Slave, zone configuration for BIND. It is important to know how to configure master and slave zones for redundancy and security.
In this lesson, we will create two name servers, configuring the first as a master server and the second as a slave, in the
named.conf file. We will then create the associated forward and reverse zone files, and pull zone information down to the slave from the master. Finally, we will test the configuration with the
bind-utils package contains utilities that we can use to query DNS servers for information.
dig are essential utilities for name resolution queries and for troubleshooting name server issues. In this video, we'll learn to write queries for very verbose output, and also customize queries to return short or very specific information about a DNS record.
Securing a DNS Server (207.3)
Create a chroot Jail
In this video, we'll discuss the chroot jail and how to configure the
named service to run in the chroot jail both with the
bind-chroot package in RHEL 7, as well as manually in RHEL 6. Knowing the steps for manually creating the chroot jail is important so that we can adequately troubleshoot chroot issues.
Split DNS Configuration
In this video, we will discuss the split DNS configuration for DNS server security. We look at the private and public domains, and learn which servers to place on either side of the firewall, depending on their intended use and whether they should be accessed by internal clients only or open to the public.
We will also discuss how to mask the internal IP address of the internal DNS server when accessing the public DNS servers. The split DNS configuration is necessary for ensuring your name servers are secure and cannot be accessed by unauthorized users on the internet. Then we'll discuss the
forwarders option for the
named.conf file to enable query forwarding to other DNS servers.
DNSSEC and Transaction Signatures
DNSSEC is a utility that offers additional security, such as signing a zone file to ensure zones are coming from trusted sources. In this video, we will talk about DNSSEC and signing a zone file. We will use the
dnssec-keygen to create our key files and
dnssec-signzone to sign our forward zone file.
DANE TLSA Overview
Implementing DANE and TLSA is a security measure we can use to secure a DNS server. Since certificate authorities are often compromised, and trusts are broken, DANE uses a DNS query to associate a web server's certificate with the web server's domain name. This data is stored in the TLSA (Transport Layer Security Authentication) record type. In this video, we'll discuss the components of a DANE TLSA record.
In this video, we talk about what comes next for a student who has completed this course. We'll talk about some other recommended courses similar to this one, and how to build on the skills learned here.
Take this course and learn a new skill today.
Transform your learning with our all access plan.Start 7-Day Free Trial