Book Image

Managing Mission - Critical Domains and DNS

By : Mark E.Jeftovic
Book Image

Managing Mission - Critical Domains and DNS

By: Mark E.Jeftovic

Overview of this book

Managing your organization's naming architecture and mitigating risks within complex naming environments is very important. This book will go beyond looking at “how to run a name server” or “how to DNSSEC sign a domain”, Managing Mission Critical Domains & DNS looks across the entire spectrum of naming; from external factors that exert influence on your domains to all the internal factors to consider when operating your DNS. The readers are taken on a comprehensive guided tour through the world of naming: from understanding the role of registrars and how they interact with registries, to what exactly is it that ICANN does anyway? Once the prerequisite knowledge of the domain name ecosystem is acquired, the readers are taken through all aspects of DNS operations. Whether your organization operates its own nameservers or utilizes an outsourced vendor, or both, we examine the complex web of interlocking factors that must be taken into account but are too frequently overlooked. By the end of this book, our readers will have an end to end to understanding of all the aspects covered in DNS name servers.

Related Content you might be interested in

Current Title:

Small book image
Managing Mission - Critical Domains and DNS
Mark E.Jeftovic
Jun, 2018 | 368 pages
Small book image
Hands-On Cybersecurity with Blockchain
Rajneesh Gupta
Jun, 2018 | 236 pages
Table of Contents (17 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
Free Chapter
1
The Domain Name Ecosystem
The Domain Name Ecosystem
Why domains are important
Domain names 101
Summary
References
2
Registries, Registrars, and Whois
Registries, Registrars, and Whois
Registries and Registrars
What is Whois?
Summary
3
Intellectual Property Issues
Intellectual Property Issues
Which domains should your organization register?
Rollout phases of a new TLD
The Trademark Clearing House
Transfer Dispute Resolution Procedure (TDRP)
Summary
References
4
Communication Breakdowns
Communication Breakdowns
Domain policies you must be aware of
Summary
References
5
A Tale of Two Nameservers
A Tale of Two Nameservers
Introducing resolvers
Authoritative nameservers
Summary
References
6
DNS Queries in Action
DNS Queries in Action
Top-level domain nameservers
When does DNS use TCP instead of UDP?
Summary
References
7
Types and Uses of Common Resource Records
Types and Uses of Common Resource Records
Format of an RR
Summary
References
8
Quasi-Record Types
Quasi-Record Types
URL Forwards and Redirects
The Zone Apex Alias (ANAME)
POOL records (multiple CNAME RRSet)
DYN (Dynamic DNS records)
Email forwarders
Summary
References
9
Common Nameserver Software
Common Nameserver Software
BIND
BIND-DLZ
PowerDNS
NSD
djbdns/tinydns
Conclusion
References
10
Debugging Without Tears – DNS Diagnostic Tools
Debugging Without Tears – DNS Diagnostic Tools
Command line-based tools
Web-based debugging tools
Summary
References
11
DNS Operations and Use Cases
DNS Operations and Use Cases
Transferring domain names
Summary
References
12
Nameserver Considerations
Nameserver Considerations
Anycast versus Unicast
Debugging under anycast
Summary
References
13
Securing Your Domains and DNS
Securing Your Domains and DNS
Protecting your domains from unauthorized manipulation
Summary
References
14
DNS and DDoS Attacks
DNS and DDoS Attacks
What DNS operators can do to mitigate attacks
What individual domain owners can do
For DNS providers
Summary
References
15
IPv6 Considerations
IPv6 Considerations
IPv6-enabled nameservers
Adding IPv6 to your zones
Summary
References
16
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

DNS and DDoS Attacks

Because of the pivotal role DNS plays in all things internet, remember absolutely nothing happens without it, the DNS system provides a tempting attack vector to those bad actors who want to knock targets inoperable or offline.

If you take out somebody's authoritative nameservers, you take that somebody right off the internet.

Alas, DNS attacks against nameservers aren't exactly surgical strikes. As a rule, there is a lot of collateral damage.

Given a target domain example.dom using nameservers: dns1.someisp.com and dns2.someisp.com, and someisp happens to have thousands, or even millions of other downstream domains on those same nameservers (and only those same nameservers). If the attackers are successful in knocking over those nameservers, not only will example.dom go offline, so will every other domain using the same nameserver set.

Statistically...

Previous Section
End of Section 1
Next Section