17. DNS: The Domain Name System
17.1 Who Needs DNS?
Managing your DNS
17.2 How DNS Works
Resource records
Delegation
Caching and efficiency
Multiple answers
17.3 DNS for the Impatient
Adding a new machine to DNS
Configuring a DNS client
17.4 Name Servers
Authoritative and caching-only servers
Recursive and norecursive servers
17.5 The DNS Namespace
Registering a second-level domain name
Creating your own subdomains
17.6 Designing your DNS Environment
Namespace management
Authoritative servers
Caching servers
Hardware requirements
Security
Summing up
17.7 What's New in DNS
17.8 The DNS Database
Commands in zone files
Resource records
The SOA record
NS records
A records
PTR records
MX records
CName records
The CName hack
SRV records
TXT records
IPv6 resource records
SPF records
DKIM and ADSP records
SSHFP resource records
DNSSEC resource records
Glue records: links between zones
17.9 The BIND Software
Version determination
Components of BIND
Configuration files
The include statement
The options statement
The acl statement
The (TSIG) key statement
The trusted-keys statement
The Server statement
The masters statement
The logging statement
The statistics-channels statement
The zone statement
The controls statement for rndc
Split DNS and the view statement
17.10 BIND Configuration Examples
The localhost zone
A small security company
The Internet Systems Consortium, isc.org
17.11 The NSD/UNBOUND Software
Installing and configuring NSD
Running nsd
Install and configuring Unbound
17.12 Updating Zone Files
Zone transfers
BIND dynamic updates
17.13 Security Issues
Access control lists in BIND, revisited
Open resolvers
Running in a chrooted jail
Secure server-to-server communication with TSIG and TKEY
Setting up TSIG for BIND
TSIG in NSD
DNSSEC
DNSSEC policy
DNSSEC resource records
Tunning on DNSSEC
Key pair generation
Zone signing
The DNSSEC chain of trust
DLV: domain lookaside validation
DNSSEC key rollover
DNSSEC tools
Debugging DNSSEC
17.14 Microsoft and DNS
17.15 Testing and Debugging
Logging in BIND
Logging in NSD/Unbound
Name server control programs
Name server statistics
Debugging with dig
Lame delegations
DNS sanity checking tools
Performance issues
17.16 Vendor Specifics
Specifics for Linux
Specifics for Solaris
Specifics for HP-UX
Specifics for AIX
17.17 Recommended Reading
17.18 Exercises