DNS and BIND (5th Edition)

The fourth edition is mainly an update: The authors have added coverage of incremental and conditional zone transfer with BIND's new NOTIFY features, as well as of Transaction Signatures (TSIG), and DNS Security Extensions (DNSSEC). Sections on firewalling and DNS for IPv6 addresses have been expanded. Throughout, Albitz and Liu maintain their impeccable style, combining text and illustrative listings into an educational whole. --David Wall

Topics covered: The Domain Naming System (DNS) and how it's implemented by BIND (through versions 8.2.3 and 9.1.0), how to set up BIND, how to configure MX records for mail service, parent and child domains, NOTIFY, and DNS security.

Product Description

DNS and BIND clarifies all the mysteries associated with BIND (named) and DNS. Easy to read. Covers every detail from getting and installing the latest BIND, to configuration and troubleshooting. Has a great chapter on nslookup and another that gives detailed explanations of just about every BIND related error message. The only thing they left out is info on configuring syslog to manipulate in a usable manner the BIND generated messages.

For some reason, DNS seems to be a mystery to so many sysadmins. If it were as simple as people often pretend it is (typical system admin person: "Oh, I already know everything about DNS that I need to know... so why read a book or take a course?"), then why do I see 15,000+ lame server messages and 250+ mail CNAME messages every month? These errors are only the result of DNS configuration errors!

Very few sysadmin people REALLY know as much about BIND and DNS as they should. If you are a sysadmin person, do yourself a favor and buy and read this book. If you are an IT manager, check your system administrator's book shelf. If this book is missing, then buy it for them and make them read it! (You should read it first, then develop some test questions to see if they really did read it!)

This BOOK MUST BE REQUIRED READING for EVERY system administrator on any type of system connected to the Internet. If everyone that administered an Internet site read this book, we could probably reduce the error traffic on the Internet by 50% or more!

This book also should be the basis of a required one-quarter undergraduate CS course at all schools that teach CS, CE, IT, or equivalent.

One of the best written of the O'Reilly books.

Jon R. Kibler, Systems Architect, Advanced Systems Engineering Technology, Inc.


Setting up BIND on a *ix server? Start here.   January 10, 2002
Kip Perkins (Mt Juliet, TN United States)
17 out of 17 found this review helpful

I really needed to understand DNS/BIND; not just know how to start, run, and update it- but really understand DNS. This book was perfect. The authors introduced DNS with a high-level overview and then moved in closer to help you set it up. You can actually read the fist 3 chapters and work through the next 2 while setting up your server and domain. The rest of the book really gets into the nuts and bolts of DNS and BIND. Don't stop after chapter 5, continue reading and pick all the knowledge you will need to be a DNS/BIND admin.


Simple Insight into DNS and BIND!   February 4, 2000
Denard D Springle (VA)
16 out of 16 found this review helpful

It doesn't matter if you're new to Linux/UNIX or if you've been using it for awhile, this book delves into the mysteries behind DNS and BIND and puts the right information in simple, easy to understand format at your fingertips! So easy to follow, I had my basic DNS up and running in a few hours and tweaked to maximum efficiency in a few days! If you're planning on setting up and running a DNS server or if you just need to run it for your internal network this book explains it all! Buy it now... you won't regret it! Kudos to Paul for such a wonderful peice of work!


Most comprehensive book on DNS and Bind   July 8, 2006
calvinnme
16 out of 16 found this review helpful

First off, the most recent edition of this book was published in May 2006, so all reviews prior to that are discussing previous editions of this book.

The domain name system or domain name server (DNS) is a system that stores and associates many types of information with domain names, but, most important, it translates the domain name (computer hostnames) to IP addresses. It also lists mail exchange servers accepting e-mail for each domain. In providing a worldwide keyword-based redirection service, DNS is an essential component of contemporary Internet use. DNS is most well-known for making it possible to attach easy-to-remember domain names to hard-to-remember IP addresses. BIND (Berkeley Internet Name Domain) is the most commonly used DNS server on the Internet, especially on Unix-like systems, where it is a de facto standard. A new version of BIND (BIND 9) was written from scratch in part to address the architectural difficulties with auditing the earlier BIND code bases, and also to support DNSSEC (DNS Security Extensions). Other important features of BIND 9 include: TSIG, DNS notify, nsupdate, IPv6, rndc flush, views, multiprocessor support, and an improved portability architecture. This book was written to address these changes.

DNS is being used for many more applications than in the past. With ENUM (electronic numbering), DNS is used by voice-over-IP gear. With SPF (the Sender Policy Framework), mailers look up information in DNS to check for mail spoofing. This makes DNS more critical than ever, and a target for hackers. To handle these additional applications and increased threats, DNS has had to be extended, adding cryptographic security, for example.

These topics and others are covered in the new edition of DNS and BIND. Security is therefore one of the topics that is deeply covered in this book. The previous editions of this book also described how to secure name servers, but most readers probably felt the likelihood of their name servers coming under attack was remote where today it is probably going to happen. There's been a recent spate of DNS amplification attacks reported in the news, therefore it is necessary for system administrators of Internet name servers to guard against these attacks by limiting access top recursion, which is covered in the chapter entitled "Security".

The new and fifth edition of this old standard covers BIND 9.3.2, the most recent release of the BIND 9 series, as well as BIND 8.4.7. Beginning with an introduction to DNS and what it does, the book guides administrators through all aspects of setting up, configuring, and working with the distributed host information database. Other topics include using MX records to route mail, subdividing domains, the DNS Security Extensions (DNSSEC) and Transaction Signatures (TSIG), dynamic updates, troubleshooting, and DNS programming using the resolver library and Perl's Net::DNS module. All of the programming examples in the book can be downloaded from the website of the latest edition of the book. Anyone who works with DNS regularly or wants to be more informed about the Internet and how it works will find this book useful. There are other books on this subject that are easier to read, but none that are as complete as this one. I highly recommend it. The following is the table of contents:

Chapter 1. BACKGROUND
A Brief History of the Internet; On the Internet and Internets;
The Domain Name System, in a Nutshell; The History of BIND; Must I Use DNS?;

Chapter 2. HOW DOES DNS WORK?
The Domain Namespace; The Internet Domain Namespace; Delegation; Nameservers and Zones; Resolvers; Resolution; Caching;

Chapter 3. WHERE DO I START?
Getting BIND; Choosing a Domain Name;

Chapter 4. SETTING UP BIND
Our Zone; Setting Up Zone Data; Setting Up a BIND Configuration File; Abbreviations; Hostname Checking; Tools; Running a Primary Nameserver; Running a Slave Nameserver; Adding More Zones; What's Next? ;

Chapter 5. DNS AND ELECTRONIC MAIL
MX Records; Movie.edu's Mail Server; What's a Mail Exchanger, Again? ; The MX Algorithm; DNS and Email Authentication;

Chapter 6. CONFIGURING HOSTS
The Resolver; Resolver Configuration; Sample Resolver Configurations; Minimizing Pain and Suffering; Additional Configuration Files; The Windows XP Resolver;

Chapter 7. MAINTAINING BIND
Controlling the Nameserver; Updating Zone Datafiles; Organizing Your Files; Changing System File Locations; Logging; Keeping Everything Running Smoothly;

Chapter 8. GROWING YOUR DOMAIN
How Many Nameservers? ; Adding More Nameservers; Registering Nameservers; Changing TTLs; Planning for Disasters; Coping with Disaster;

Chapter 9. PARENTING
When to Become a Parent; How Many Children? ; What to Name Your Children; How to Become a Parent: Creating Subdomains; Subdomains of Domains; Good Parenting; Managing the Transition to Subdomains; The Life of a Parent;

Chapter 10. ADVANCED FEATURES
Address Match Lists and ACLs; DNS Dynamic Update; DNS NOTIFY (Zone Change Notification); Incremental Zone Transfer (IXFR); Forwarding; Views; Round-Robin Load Distribution Nameserver; Address Sorting; Preferring Nameservers on Certain Networks; A Nonrecursive Nameserver; Avoiding a Bogus Nameserver; System Tuning; Compatibility; The ABCs of IPv6 Addressing; Addresses and Ports;

Chapter 11. SECURITY
TSIG; Securing Your Nameserver; DNS and Internet Firewalls; The DNS Security Extensions ;

Chapter 12. NSLOOKUP AND DIG
Is nslookup a Good Tool? ;Interactive Versus Noninteractive; Option Settings; Avoiding the Search List; Common Tasks; Less Common Tasks; Troubleshooting nslookup Problems; Best of the Net; Using dig;

Chapter 13. READING BIND DEBUGGING OUTPUT
Debugging Levels; Turning On Debugging; Reading Debugging Output; The Resolver Search Algorithm and Negative Caching (BIND 8); The Resolver Search Algorithm and Negative; Caching (BIND 9); Tools;

Chapter 14. TROUBLESHOOTING DNS AND BIND
Is NIS Really Your Problem? ; Troubleshooting Tools and Techniques; Potential Problem List; Transition Problems; Interoperability and Version Problems; TSIG Errors; Problem Symptoms;

Chapter 15. PROGRAMMING WITH THE RESOLVER AND NAMESERVER LIBRARY ROUTINES
Shell Script Programming with nslookup; C Programming with the Resolver Library Routines; Perl Programming with Net::DNS;

Chapter 16. ARCHITECTURE
External, Authoritative DNS Infrastructure; Forwarder Infrastructure; Internal DNS Infrastructure; Operations; Keeping Up with DNS and BIND;

Chapter 17. MISCELLANEOUS
Using CNAME Records; Wildcards; A Limitation of MX Records; Dial-up Connections; Network Names and Numbers; Additional Resource Records; ENUM; Internationalized Domain Names; DNS and WINS; DNS, Windows, and Active Directory;

APPENDIX A- DNS MESSAGE FORMAT AND RESOURCE RECORDS
Master File Format; DNS Messages; Resource Record Data;
APPENDIX B- BIND COMPATIBILITY MATRIX
APPENDIX C- COMPILING AND INSTALLING BIND ON LINUX
Instructions for BIND 8; Instructions for BIND 9
APPENDIX D- TOP LEVEL DOMAINS
APPENDIX E- BIND NAMESERVER AND RESOLVER CONFIGURATION
BIND Nameserver Boot File Directives and Configuration File Statements; BIND 8 Configuration File Statements; BIND 9 Configuration File Statements; BIND Resolver Statements
Section; BIND 9 Options Statement