Book Image

Managing Mission - Critical Domains and DNS

By : Mark E.Jeftovic
Book Image

Managing Mission - Critical Domains and DNS

By: Mark E.Jeftovic

Overview of this book

Managing your organization's naming architecture and mitigating risks within complex naming environments is very important. This book will go beyond looking at “how to run a name server” or “how to DNSSEC sign a domain”, Managing Mission Critical Domains & DNS looks across the entire spectrum of naming; from external factors that exert influence on your domains to all the internal factors to consider when operating your DNS. The readers are taken on a comprehensive guided tour through the world of naming: from understanding the role of registrars and how they interact with registries, to what exactly is it that ICANN does anyway? Once the prerequisite knowledge of the domain name ecosystem is acquired, the readers are taken through all aspects of DNS operations. Whether your organization operates its own nameservers or utilizes an outsourced vendor, or both, we examine the complex web of interlocking factors that must be taken into account but are too frequently overlooked. By the end of this book, our readers will have an end to end to understanding of all the aspects covered in DNS name servers.

Related Content you might be interested in

Current Title:

Small book image
Managing Mission - Critical Domains and DNS
Mark E.Jeftovic
Jun, 2018 | 368 pages
Small book image
Hands-On Cybersecurity with Blockchain
Rajneesh Gupta
Jun, 2018 | 236 pages
Table of Contents (17 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
Free Chapter
1
The Domain Name Ecosystem
The Domain Name Ecosystem
Why domains are important
Domain names 101
Summary
References
2
Registries, Registrars, and Whois
Registries, Registrars, and Whois
Registries and Registrars
What is Whois?
Summary
3
Intellectual Property Issues
Intellectual Property Issues
Which domains should your organization register?
Rollout phases of a new TLD
The Trademark Clearing House
Transfer Dispute Resolution Procedure (TDRP)
Summary
References
4
Communication Breakdowns
Communication Breakdowns
Domain policies you must be aware of
Summary
References
5
A Tale of Two Nameservers
A Tale of Two Nameservers
Introducing resolvers
Authoritative nameservers
Summary
References
6
DNS Queries in Action
DNS Queries in Action
Top-level domain nameservers
When does DNS use TCP instead of UDP?
Summary
References
7
Types and Uses of Common Resource Records
Types and Uses of Common Resource Records
Format of an RR
Summary
References
8
Quasi-Record Types
Quasi-Record Types
URL Forwards and Redirects
The Zone Apex Alias (ANAME)
POOL records (multiple CNAME RRSet)
DYN (Dynamic DNS records)
Email forwarders
Summary
References
9
Common Nameserver Software
Common Nameserver Software
BIND
BIND-DLZ
PowerDNS
NSD
djbdns/tinydns
Conclusion
References
10
Debugging Without Tears – DNS Diagnostic Tools
Debugging Without Tears – DNS Diagnostic Tools
Command line-based tools
Web-based debugging tools
Summary
References
11
DNS Operations and Use Cases
DNS Operations and Use Cases
Transferring domain names
Summary
References
12
Nameserver Considerations
Nameserver Considerations
Anycast versus Unicast
Debugging under anycast
Summary
References
13
Securing Your Domains and DNS
Securing Your Domains and DNS
Protecting your domains from unauthorized manipulation
Summary
References
14
DNS and DDoS Attacks
DNS and DDoS Attacks
What DNS operators can do to mitigate attacks
What individual domain owners can do
For DNS providers
Summary
References
15
IPv6 Considerations
IPv6 Considerations
IPv6-enabled nameservers
Adding IPv6 to your zones
Summary
References
16
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

Summary

In this chapter, we worked our way through various aspects of securing your naming infrastructure. There are numerous attack vectors to defend against and a blind spot to any one of them can have catastrophic consequences even if everything else is bulletproof.

We now know that there are some cases where we must use third-party vendors, and the issue then is how we can tighten things up on their platforms to protect ourselves.

From there, we looked at DNSSEC, which enables us to securely authenticate DNS responses to queries. We also took a brief glance at DNSCurve, DNSCrypt, and DNS over TLS, to at least show that they are not competitors to DNSSEC per se, but address a different attack surface than DNSSEC does.

In Chapter 14, DNS and DDoS Attacks, we'll look at mitigating DDOS attacks.

Previous Section
End of Section 3
Next Section