Book Image

Managing Mission - Critical Domains and DNS

By : Mark E.Jeftovic
Book Image

Managing Mission - Critical Domains and DNS

By: Mark E.Jeftovic

Overview of this book

Managing your organization's naming architecture and mitigating risks within complex naming environments is very important. This book will go beyond looking at “how to run a name server” or “how to DNSSEC sign a domain”, Managing Mission Critical Domains & DNS looks across the entire spectrum of naming; from external factors that exert influence on your domains to all the internal factors to consider when operating your DNS. The readers are taken on a comprehensive guided tour through the world of naming: from understanding the role of registrars and how they interact with registries, to what exactly is it that ICANN does anyway? Once the prerequisite knowledge of the domain name ecosystem is acquired, the readers are taken through all aspects of DNS operations. Whether your organization operates its own nameservers or utilizes an outsourced vendor, or both, we examine the complex web of interlocking factors that must be taken into account but are too frequently overlooked. By the end of this book, our readers will have an end to end to understanding of all the aspects covered in DNS name servers.

Related Content you might be interested in

Current Title:

Small book image
Managing Mission - Critical Domains and DNS
Mark E.Jeftovic
Jun, 2018 | 368 pages
Small book image
Hands-On Cybersecurity with Blockchain
Rajneesh Gupta
Jun, 2018 | 236 pages
Table of Contents (17 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
Free Chapter
1
The Domain Name Ecosystem
The Domain Name Ecosystem
Why domains are important
Domain names 101
Summary
References
2
Registries, Registrars, and Whois
Registries, Registrars, and Whois
Registries and Registrars
What is Whois?
Summary
3
Intellectual Property Issues
Intellectual Property Issues
Which domains should your organization register?
Rollout phases of a new TLD
The Trademark Clearing House
Transfer Dispute Resolution Procedure (TDRP)
Summary
References
4
Communication Breakdowns
Communication Breakdowns
Domain policies you must be aware of
Summary
References
5
A Tale of Two Nameservers
A Tale of Two Nameservers
Introducing resolvers
Authoritative nameservers
Summary
References
6
DNS Queries in Action
DNS Queries in Action
Top-level domain nameservers
When does DNS use TCP instead of UDP?
Summary
References
7
Types and Uses of Common Resource Records
Types and Uses of Common Resource Records
Format of an RR
Summary
References
8
Quasi-Record Types
Quasi-Record Types
URL Forwards and Redirects
The Zone Apex Alias (ANAME)
POOL records (multiple CNAME RRSet)
DYN (Dynamic DNS records)
Email forwarders
Summary
References
9
Common Nameserver Software
Common Nameserver Software
BIND
BIND-DLZ
PowerDNS
NSD
djbdns/tinydns
Conclusion
References
10
Debugging Without Tears – DNS Diagnostic Tools
Debugging Without Tears – DNS Diagnostic Tools
Command line-based tools
Web-based debugging tools
Summary
References
11
DNS Operations and Use Cases
DNS Operations and Use Cases
Transferring domain names
Summary
References
12
Nameserver Considerations
Nameserver Considerations
Anycast versus Unicast
Debugging under anycast
Summary
References
13
Securing Your Domains and DNS
Securing Your Domains and DNS
Protecting your domains from unauthorized manipulation
Summary
References
14
DNS and DDoS Attacks
DNS and DDoS Attacks
What DNS operators can do to mitigate attacks
What individual domain owners can do
For DNS providers
Summary
References
15
IPv6 Considerations
IPv6 Considerations
IPv6-enabled nameservers
Adding IPv6 to your zones
Summary
References
16
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

For DNS providers

All of this applies to DNS providers as well: registrars, web hosts, ISPs, managed DNS operators, and so on. What changes is the scale one is operating at and the mechanics of effecting step 3, that of adjusting your DNS setup in response to outages or degraded conditions.

Here, we refer back to our Chapter 12, Nameserver Considerations, when it comes to selecting address space for numbering your nameservers. Ideally, you control its address space so that you can easily move traffic around, using routing announcements if you have to.

This is what I was alluding to Chapter 12, Nameserver Considerations, about moving traffic into DDoS scrubbing centers during an attack using BGP.

One model we used for awhile with great success was a combined anycast/unicast architecture, where under normal course operations, a particular nameserver entity was an anycast-deployed...

Previous Section
End of Section 4
Next Section