DNS & BIND Advanced

Critical topics that are critical in today’s Internet, such as security.

Course description

DNS & BIND Advanced continues where DNS & BIND Fundamentals (DNSB-F) leaves off. It focuses on critical topics that do not fit into DNSB-F. These include security topics that are critical in today’s Internet. DNS has exotic, out-dated, and rarely implemented features. Those are not covered. Like DNSB-F, this course mixes in-depth lectures and practical hands-on labs, which each student runs on his or her own server, which we provide.

Attending DNSB-A in the same week as DNSB-F is the most popular registration option. If that is appealing, register just once for the combined course, DNS & BIND Week (DNSB-W), which is less expensive than attending DNSB-F and DNSB-A independently.

Topics include:

  • —  Dynamic DNS (DDNS), NOTIFY, & Incremental Zone Transfers
  • —  Extended DNS (EDNS)
  • —  dnstap (Advanced Query & Response Logging)
  • —  Catalog Zones(Automatic Zone Provisioning)
  • —  Security: DNS Threats, Risks, Attacks, and Mitigation (e.g. Spoofed Responses, Spoofed IPs, Reflection, Amplification, DDoS, Cache Poisoning, Hijacking, etc)
  • —  Security: Cryptography in DNS (Symmetric / Asymmetric)
  • —  Security: Response Policy Zones (RPZ)
  • —  Security: Response Rate Limiting
  • —  Security: DNS Cookies
  • —  Security: Transaction Signatures
  • —  Security: Address Match Lists & Access Control Lists (ACLs)
  • —  Security: Implementing a DNSSEC Validating BIND Resolving Server
  • —  Security: Proper Firewall Configuration for DNS
  • —  Security: Minimal ANY
  • —  Security: DNSSEC (DNS SECurity) Introduction
  • —  Views (Split-DNS)
  • —  DNAME
  • —  RDNS: Empty Zones (Preventing Unanswerable Queries)
  • —  RDNS: BIND Authoritative Selection
  • —  RDNS: BIND Prefetch
  • —  The CHAOS Class & its Practical Uses
  • —  Common DNS Misunderstandings
  • —  BIND Configuration for Course Topics
  • —  Additionally: Several topics in DNSB-F are covered in greater detail.

Prerequisites (recommended)

It is strongly recommended to attend DNS & BIND Fundamentals (DNSB-F) before DNSB-A. Even participants with extensive experience tell us that DNSB-F fills in knowledge gaps, helps them understand how topics they know actually work and why, and corrects their misunderstandings. If you would like to attend DNSB-A without first attending DNSB-F, Email us a request for a placement test.

The labs require working on the command-line in a Linux/Unix shell. Without familiarity with basics such as cd, ls, cp, cat, and using a text editor, a participant will face difficulties. While experience is strongly recommended, advanced command-line skills are not needed. For text editing, the labs offer a variety of text editors: nano, joe pico emacs mg and vi/vim are available.

Material requirements

A participant must bring a computer (laptop) which is able to connect to our network. The connection can be with an Ethernet port or via Wi-Fi. In all cases, the computer must have an SSH client (Linux systems and Macs already do. For Windows, PuTTY is free and recommended). The computer must be able to get an IP address via DHCP. A computer with a physical keyboard is strongly recommended. If Wi-Fi cannot be provided for whichever reason, the participant is responsible for accessing the network via a cabled connection, possibly with a USB-Ethernet dongle.

Other information

In some courses, due to time required for other topics and participants’ interests, a topic may be reduced or skipped, or another added (e.g. DNS & IPv6 Fragmentation, DNS Geolocation, or Administrator Defined Resource Records). The decision is made by the instructor with input from the participants.

This is DNS&BIND training, Men&Mice products are not included in the course.

Men&Mice is the exclusive training partner of the ISC, which develops the most widely used DNS software, BIND.