Articles

The ABC's of DNS - Part 5

Continuing our glossary of DNS tips & tricks, we’re covering the letters M, N, and O this time.

Sep 20th, 2019

Continuing our glossary of DNS tips & tricks, we’re covering the letters M, N, and O this time.

M is for “master DNS zone”

A.k.a. the Primary Zone. Informally, The Zone Of All That Is Good and Pure. (May have made that one up.)

Simply put, the master DNS zone resides on the server which is authoritative for the zone’s data. (As opposed to a slave zone; more on that in a bit.) When you make changes to the master DNS zone, such as adding, editing, or deleting a record, those changes will be replicated to the slave DNS zones.

Slave (or secondary) DNS zones are read-only copies of the master DNS zone, used to relieve the primary zone of query load or as a backup in case of failure. Data from the master DNS zone to the slave zone(s) is done through zone transfer.

N is for “named-check*”

Namely (:-)) named-checkzone and named-checkconf. These two are helpful commands in BIND (we’ve talked about it before) to check a configuration file’s validity before pushing it live.

The neat feature of these two commands is that not only do they report any errors in their respective configuration files, but also let you know the line number of the errors. When dealing with large files, this can save a lot of time and headache.

Use them freely.

O is for “OpCode”

A DNS opcode is a four-bit field that identifies the type of query being sent to the DNS server.

The opcode can be, per IANA’s (the Internet Assigned Numbers Authority, we’ve also talked about them before) designations:

OpCode Name
0 Query (see RFC1035)
1 IQuery (Inverse Query, obsolete; see RFC3425)
2 Status (see RFC1035)
3 Unassigned
4 Notify (see RFC1996)
5 Update (see RFC2136)
6 DNS Stateful Operations (DSO) (see RFC8490)
7-15 Unassigned

OpCodes show up when you examine a query. (Like with dig.)

Want to learn more?

This series is byte-sized (that joke just never gets old) — but a lot more can be said and done. To learn more in-depth about DNS specifically, we offer a comprehensive DNS training program.

You can enroll in different groups depending on your skill level:

  • If you’re new to DNS, we offer the DNS & BIND Fundamentals (DNSB-F) course. It’s part of the DNS & BIND Week (DNSB-W) and serves as a shorter introduction to the world of DNS and BIND.
  • If you’re already familiar with the basics, the full five-day DNS & BIND Week (DNSB-W) course takes you deeper into DNS, including a heavy emphasis on security, stopping just short of DNSSEC (for which we offer a separate course).
  • And if you're looking for even more, we offer the DNS & BIND Advanced (DNSB-A) program, getting into the deep end of things.

To check if you can get on board with one of the remaining courses this year, check out our training calendar, and reach out to us with any questions.