Book Image

Managing Mission - Critical Domains and DNS

By : Mark E.Jeftovic
Book Image

Managing Mission - Critical Domains and DNS

By: Mark E.Jeftovic

Overview of this book

Managing your organization's naming architecture and mitigating risks within complex naming environments is very important. This book will go beyond looking at “how to run a name server” or “how to DNSSEC sign a domain”, Managing Mission Critical Domains & DNS looks across the entire spectrum of naming; from external factors that exert influence on your domains to all the internal factors to consider when operating your DNS. The readers are taken on a comprehensive guided tour through the world of naming: from understanding the role of registrars and how they interact with registries, to what exactly is it that ICANN does anyway? Once the prerequisite knowledge of the domain name ecosystem is acquired, the readers are taken through all aspects of DNS operations. Whether your organization operates its own nameservers or utilizes an outsourced vendor, or both, we examine the complex web of interlocking factors that must be taken into account but are too frequently overlooked. By the end of this book, our readers will have an end to end to understanding of all the aspects covered in DNS name servers.

Related Content you might be interested in

Current Title:

Small book image
Managing Mission - Critical Domains and DNS
Mark E.Jeftovic
Jun, 2018 | 368 pages
Small book image
Hands-On Cybersecurity with Blockchain
Rajneesh Gupta
Jun, 2018 | 236 pages
Table of Contents (17 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
Free Chapter
1
The Domain Name Ecosystem
The Domain Name Ecosystem
Why domains are important
Domain names 101
Summary
References
2
Registries, Registrars, and Whois
Registries, Registrars, and Whois
Registries and Registrars
What is Whois?
Summary
3
Intellectual Property Issues
Intellectual Property Issues
Which domains should your organization register?
Rollout phases of a new TLD
The Trademark Clearing House
Transfer Dispute Resolution Procedure (TDRP)
Summary
References
4
Communication Breakdowns
Communication Breakdowns
Domain policies you must be aware of
Summary
References
5
A Tale of Two Nameservers
A Tale of Two Nameservers
Introducing resolvers
Authoritative nameservers
Summary
References
6
DNS Queries in Action
DNS Queries in Action
Top-level domain nameservers
When does DNS use TCP instead of UDP?
Summary
References
7
Types and Uses of Common Resource Records
Types and Uses of Common Resource Records
Format of an RR
Summary
References
8
Quasi-Record Types
Quasi-Record Types
URL Forwards and Redirects
The Zone Apex Alias (ANAME)
POOL records (multiple CNAME RRSet)
DYN (Dynamic DNS records)
Email forwarders
Summary
References
9
Common Nameserver Software
Common Nameserver Software
BIND
BIND-DLZ
PowerDNS
NSD
djbdns/tinydns
Conclusion
References
10
Debugging Without Tears – DNS Diagnostic Tools
Debugging Without Tears – DNS Diagnostic Tools
Command line-based tools
Web-based debugging tools
Summary
References
11
DNS Operations and Use Cases
DNS Operations and Use Cases
Transferring domain names
Summary
References
12
Nameserver Considerations
Nameserver Considerations
Anycast versus Unicast
Debugging under anycast
Summary
References
13
Securing Your Domains and DNS
Securing Your Domains and DNS
Protecting your domains from unauthorized manipulation
Summary
References
14
DNS and DDoS Attacks
DNS and DDoS Attacks
What DNS operators can do to mitigate attacks
What individual domain owners can do
For DNS providers
Summary
References
15
IPv6 Considerations
IPv6 Considerations
IPv6-enabled nameservers
Adding IPv6 to your zones
Summary
References
16
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

References

The following points give further insight into the topics we have covered in this chapter, including internet addresses where you can find out more about domain names and related topics:

  1. One example that springs to mind was a Canadian bitcoin exchange where the CEO used a purely fictitious name in the WHOIS record because both the exchange and himself personally were constantly under various forms of attack. The problem manifested through a unique combination of unfortunate events (don't they always?). The company lost access to their registrar account at roughly the same time that a hostile third party was attempting to hijack the same account, causing the then-registrar to put the account into "lockdown." The exchange had no means to prove its legitimate claim to a domain name that was, at the time, handling millions of dollars in bitcoin exchange volumes and was registered to a nonexistent person. They operated for over a year in a state of limbo, having no access to the account controlling their prime domain name and in constant dread that some third party would successfully hijack it at any moment.
  2. ICANN maintains a complete list of EPP status codes and meanings at https://www.icann.org/epp.
  3. Some sections of this book were hard to write because I feared veering off into "infomercial" territory. There is a service that exists solely to monitor various aspects of your domain names, including expiry dates and those windows when your registrar's interests are opposed to yours. It's called https://domainsure.com. But here's the thing - we created it. Sorry if that's self-promotion, but it's the only service of its kind that exists at the time of writing.
  4. This applies mainly to gTLD and new TLD domains. Many ccTLD registries tightly control the expiry process and this is not possible. For example, CIRA runs the "To Be Released" (TBR) process and .CA registrars cannot "direct transfer" .CA domains or otherwise auction expiring names.
  5. Even my company operates web.to as a pseudo-TLD for "Toronto," but it's really the ccTLD for the Kingdom of Tonga.
  6. .aero, .biz, .coop, .info, .museum, .name, and .pro in 2000 and then .asia, .cat, .jobs, .mobi, .post, .tel, and .xxx in 2004.
  7. See Victor Mayer's Danger + Opportunity != Crisis (http://pinyin.info/chinese/crisis.html).
  1. I added this section after a high-school friend from my hometown contacted me asking for advice on getting his business's domain name back up and running. It turned out he had paid for his domain renewal to his Canada-based reseller, who had gone bankrupt years earlier. The defunct reseller still had a server online somewhere which was on autopilot, sending out renewal invoices which would never be actioned when somebody actually paid them. The registrar was in India and took 24 hours or more to respond to email support requests, to which they initially replied, "Please speak to your reseller." They never did rectify the situation and we ended up transferring his domain over to our system, which took another seven days under that TLD. All told, his business website was down for over two weeks.
  2. NameCheap was sued by a Dutch company for alleged "cybersquatting" because their offending domains were using their WhoisGuard service - see http://www.domainnamenews.com/featured/namecheap-sued-domain-whois-privacy-service/5198.
  3. For a long period of time easyDNS refused to offer WHOIS privacy for these reasons, but people really seemed to want it, so we did an "official flip-flop" and started offering it.
  4. We submitted public comments recommending against changing the current policy until WHOIS could be redesigned from the ground up.
  5. Via Wikipedia (http://en.wikipedia.org/wiki/Domain_name).
Previous Section
End of Chapter 1
Next Chapter