DNS Advanced Topics

The 20th Large Installation System Administration Conferences
December 3-8, 2006 Washington, D.C.
Sponsored by USENIX and [SAGE]


Sunday Morning Half-Day Tutorials

S7 INTRODUCTION TO DOMAIN NAME SYSTEM ADMINISTRATION
William LeFebvre, Consultant
9:00 a.m.–12:30 p.m.

Who should attend: System or network administrators who have been exposed to the Domain Name System only as users. A basic understanding of the IP protocols, TCP and UDP, data encapsulation, and the seven-layer model will be beneficial.

DNS, the primary method the Internet uses to name and number machines, is used to translate names like "www.usenix.org" into addresses like 131.106.3.253. Any site that is serious about joining the Internet community will need to understand how to configure and administer DNS.

This tutorial will describe the basic operation of DNS and will provide instructions and guidelines for the configuration and operation of DNS on UNIX platforms using the BIND software distribution. This class is designed for the beginner and is intended to provide a foundation for the tutorial on "Intermediate Topics in Domain Name System Administration."

Topics include:

DNS and BIND
The DNS name hierarchy
The four components of the DNS protocol
Iterative vs. recursive querying
Essential resource records: SOA, A, PTR, CNAME, NS
Zone transfers and secondaries
Vendor-specific differences
William LeFebvre (S7, S10) is an author, programmer, teacher, and sysadmin expert who has been using UNIX and Internet technologies since 1983. He wrote a monthly column for UNIX Review and has taught since 1989 for such organizations as USENIX, the Sun User Group (SUG), MIS Training Institute, IT Forum, and Great Circle Associates. He has contributed to several widely used UNIX packages, including Wietse Venema's logdaemon package. He is also the primary programmer for the popular UNIX utility top. William is currently an independent consultant. He received his bachelor's degree in 1983 and his master of science degree in 1988, both from Rice University.

Sunday Afternoon Half-Day Tutorials

S10 INTERMEDIATE TOPICS IN DOMAIN NAME SYSTEM ADMINISTRATION
William LeFebvre, Consultant
1:30 p.m.–5:00 p.m.

Who should attend: Network administrators with a basic understanding of DNS and its configuration who need to learn how to create and delegate subdomains, and administrators planning to install BIND8. Attendees are expected either to have prior experience with DNS, including an understanding of basic operation and zone transfers, or to have attended the "Introduction to Domain Name System Administration" tutorial.

Attendees will move beyond the basics into a more thorough understanding of the overall design and implementation of DNS.

Topics include:

Subdomains and delegation
Resource records: NS, RP, MX, TXT, AAAA
BIND views
DNS management tools
DNS design
DNS and firewalls


M5
ADVANCED TOPICS IN DNS ADMINISTRATIONMatt Larson, VeriSign, Inc.9:00 a.m.–5:00 p.m.
Who should attend: DNS administrators who wish to extend their understanding of how to configure and manage name servers running BIND 9. Attendees should have some experience of running a name server and be familiar with DNS jargon, resource records, and the syntax of zone files and named.conf.
This tutorial will answer the question, "I've set up master (primary) and slave (secondary) name servers. What else can I do with the name server?"
Topics include:
The BIND 9 logging subsystem
Getting the most from the name server's logs
Running the name server in debugging mode
Managing the name server with rndc
Configuring split DNS: internal and external versions of a domain
Using the views mechanism of BIND 9 to implement split DNS
Securing the name server
Running it chroot()ed
Using access control lists
Preventing unwanted access
Security
DNS vulnerability overview
Using Transaction Signatures (TSIG) to protect messages: cases and tools
Using DNSSEC to protect DNS data: cases, tools, implications
Dynamic DNS (DDNS)
Secure dynamic updates with nsupdate: policies and usage models
IPv6
Resolving and answering queries over IPv6 transport
Setting up AAAA records to resolve IPv6 addresses
Matt Larson (M5) works in the Advanced Products and Research Group of VeriSign Information Services as a specialist in DNS protocol and operational issues. He is the co-author of the O'Reilly & Associates Nutshell Handbooks DNS on Windows Server 2003, DNS on Windows 2000, and DNS on Windows NT. Matt joined VeriSign in June 2000 from Acme Byte & Wire, a company he started in 1997 with co-author Cricket Liu. Acme Byte & Wire specialized in DNS consulting and training, and its customers included more than 10% of the Fortune 100. Prior to Acme Byte & Wire, Matt worked for five years at Hewlett-Packard, first in the Corporate Network Services group, where he ran hp.com, one of the largest corporate domains in the world. He later joined HP's professional services organization.