Skip to content
View in the app

A better way to browse. Learn more.
Gear Crushers

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

DNS Learning Checklist

dennis
in DNS

Featured Replies

Here are some topics/checklist to cover when learning DNS


 


 


1: DNS Theory

  • History of Name Servers
  • DNS Organization
  • The elements of a domain name
  • Authority and Delegation
  • DNS Operational Hierarchy (name servers and resolvers)
  • The DNS protocol
  • DNS Queries (recursive and iterative)
  • Zone transfer (AXFR and IXFR)
  • NOTIFY
2: Domains and Zones

  • Forward Mapping
  • Reverse Mapping
  • Zone File Construction - best practices
  • Resource Records (RRs)
  • SOA RR
  • NS RR
  • MX RR
  • CNAME RR
  • A (IPv4) and AAAA (IPv6) RRs
  • PTR RR
  • TXT RR (SPF)
3: Major DNS Types

  • Master DNS
  • Slave DNS
  • Caching DNS
  • Forwarding (Proxy) DNS
  • Stealth DNS
  • Authoritative Only DNS
4: Installing BIND

  • Installation of BIND on Linux (FreeBSD and Windows)
  • The default chroot installation
  • Starting and stopping BIND
  • RNDC default install
  • DIG/NSLOOKUP basics
5: BIND Configuration

  • BIND's named.conf layout and principles
  • The controls clause
  • The logging clause
  • The options clause
  • The zone clause
  • The ACL clause
  • BINDs view clause
  • Essential zone files
6: DNS and Ipv6

  • Forward mapping - the AAAA RR
  • Reverse mapping - the PTR and DNAME RR
7: Advanced Zone Files

  • Load balancing
  • In-zone and out-of-zone records
  • Parent and child domains
  • Subdomain delegation
  • Glue Records
  • SRV RR
  • NAPTR RR
8: DNS Tools and Diagnostics

  • DIG
  • NSLOOKUP
  • RNDC
  • Validation utilities
  • Log analysis
9: Dynamic DNS (DDNS)

  • DDNS - theory and implications
  • Using nsupdate
  • Disabling and controlling DDNS
  • Exercise
10: Advanced Topics

  • DNS and DHCP (auto-update)
  • Security overview
  • Open and closed DNS
  • DNS uses - DNSBL, ENUM
  • DNS best practise
  • DNS Resources

 


11: DNS Refresher

  • The DNS hierarchy (name servers and resolvers)
  • Authoritative and cached responses
  • Delegation - Parent and child domains
  • Forward and Reverse mapping
  • Zone files - best practice
  • DNS types
  • Diagnostic Tools - DIG, NSLOOKUP
12: DNS Security Basics

  • Security overview
  • Security threat analysis
  • DNS security scope (Zone transfer, DDNS, Zone integrity)
  • Stealth configuration
  • Administrative security (jails, permissions, server configurations)
  • BIND Logs
  • BIND's server clause
  • Cache Poisoning 101
  • RNDC - advanced configuration
  • Mail Anti-SPAM (SPF, DKIM)
13: Stealth Configurations

  • Configuration objectives
  • Authoritative Only servers
  • Hidden Masters
  • BIND's view clause - benefits and limitations
  • BIND and NSD
  • Implications - zone transfer, DDNS, logs
14: Load-Balancing and Failover

  • DNS and other solutions
  • RR type strategies
  • Benefits and limitations
  • rrset-order and sortlist
15: DNS and DHCP

  • DDNS for auto-update of forward maps
  • Reverse maps
  • Securing DDNS
  • IPv6 implications
  • DNS in Heterogeneous environments (Windows/Linux/Unix)

 


16: DNS Security Basics

  • Security overview
  • Security threat analysis
  • DNS security scope (Zone transfer, DDNS, zone integrity)
  • Stealth configuration
  • BIND's view clause
  • Administrative security (jails, permissions, server configurations)
  • BIND Logs
  • BIND's server clause
17: Cryptographic Introduction

  • DNS usage of modern cryptography
  • Symmetric cryptography
  • Asymmetric cryptography
  • Message digests
  • Message authentication codes (MAC)
  • Digital signatures
  • Key Management
  • The KEY RR
  • BIND's key generation tools
18: Securing Zone Transfers

  • Methods - allow-transfer, TSIG, SIG(0) and TKEY
  • The TSIG (symmetric cryptography) process
  • The OPT meta (or pseudo) RR
19: Securing DDNS

  • Methods - allow-update, update-policy, TSIG and SIG(0)
  • The SIG(0) (asymmetric cryptography) process
  • Exercise
  • The SIG RR
20: Zone Integrity

  • The DNS security environment
  • Security-aware and security oblivious
  • Securing zones - zone signing
  • Chains of trust and islands
  • Key rollover and maintenance
  • Current implementation status
  • Alternate chains of trust - DLV
21: Zone signing

  • Zone and key signing keys
  • The DNSKEY, NSEC, NSEC3, RRSIG and DS RRs
  • The dnssec-signzone utility
22: Keyrollover and Maintenance

  • Double signing
  • Pre-publish

DNS_Intro_Course.pdf

  • 2 months later...
  • Author

Here is a DNS Intro that was created in 2007

 

 

 

Create an account or sign in to comment
Go to topic listing

Important Information

By using this site, you agree to our Terms of Use.

I accept

Account

Navigation

Search

Search

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.