Book Image

Managing Mission - Critical Domains and DNS

By : Mark E.Jeftovic

Book Image

Managing Mission - Critical Domains and DNS

By: Mark E.Jeftovic

Overview of this book

Managing your organization's naming architecture and mitigating risks within complex naming environments is very important. This book will go beyond looking at “how to run a name server” or “how to DNSSEC sign a domain”, Managing Mission Critical Domains & DNS looks across the entire spectrum of naming; from external factors that exert influence on your domains to all the internal factors to consider when operating your DNS. The readers are taken on a comprehensive guided tour through the world of naming: from understanding the role of registrars and how they interact with registries, to what exactly is it that ICANN does anyway? Once the prerequisite knowledge of the domain name ecosystem is acquired, the readers are taken through all aspects of DNS operations. Whether your organization operates its own nameservers or utilizes an outsourced vendor, or both, we examine the complex web of interlocking factors that must be taken into account but are too frequently overlooked. By the end of this book, our readers will have an end to end to understanding of all the aspects covered in DNS name servers.

Preface

Who this book is for

What this book covers

To get the most out of this book

Free Chapter

The Domain Name Ecosystem

The Domain Name Ecosystem

Why domains are important

Domain names 101

Registries, Registrars, and Whois

Registries, Registrars, and Whois

Registries and Registrars

Intellectual Property Issues

Intellectual Property Issues

Which domains should your organization register?

Rollout phases of a new TLD

The Trademark Clearing House

Transfer Dispute Resolution Procedure (TDRP)

Communication Breakdowns

Communication Breakdowns

Domain policies you must be aware of

A Tale of Two Nameservers

A Tale of Two Nameservers

Introducing resolvers

Authoritative nameservers

DNS Queries in Action

DNS Queries in Action

Top-level domain nameservers

When does DNS use TCP instead of UDP?

Types and Uses of Common Resource Records

Types and Uses of Common Resource Records

Format of an RR

Quasi-Record Types

Quasi-Record Types

URL Forwards and Redirects

The Zone Apex Alias (ANAME)

POOL records (multiple CNAME RRSet)

DYN (Dynamic DNS records)

Email forwarders

Common Nameserver Software

Common Nameserver Software

Debugging Without Tears – DNS Diagnostic Tools

Debugging Without Tears – DNS Diagnostic Tools

Command line-based tools

Web-based debugging tools

DNS Operations and Use Cases

DNS Operations and Use Cases

Transferring domain names

Nameserver Considerations

Nameserver Considerations

Anycast versus Unicast

Debugging under anycast

Securing Your Domains and DNS

Securing Your Domains and DNS

Protecting your domains from unauthorized manipulation

DNS and DDoS Attacks

DNS and DDoS Attacks

What DNS operators can do to mitigate attacks

What individual domain owners can do

For DNS providers

IPv6 Considerations

IPv6 Considerations

IPv6-enabled nameservers

Adding IPv6 to your zones

Other Books You May Enjoy

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Securing Your Domains and DNS

Over the next two chapters, we'll take a look at a wider scope of domain security:

Protecting your domains from unauthorized manipulation via a required vendor, such as a registrar or managed DNS provider platform
Ensuring the validity of your zone data (DNSSEC)
Mitigating brute-force attacks, such as Denial-of-Service (DDoS)

We'll also briefly touch on approaches to secure the transport between authoritative servers and resolvers, such as DNSCurve.

By the end of this chapter, you should have a set of basic principles that will enhance the security of your domains. You will also understand DNSSEC, what it is, why you may want to use it, and what is involved in doing so.

Then, in the following chapter, we'll continue the discussion with a look at DDoS mitigation strategies.