Book Image

Managing Mission - Critical Domains and DNS

By : Mark E.Jeftovic

Book Image

Managing Mission - Critical Domains and DNS

By: Mark E.Jeftovic

Overview of this book

Managing your organization's naming architecture and mitigating risks within complex naming environments is very important. This book will go beyond looking at “how to run a name server” or “how to DNSSEC sign a domain”, Managing Mission Critical Domains & DNS looks across the entire spectrum of naming; from external factors that exert influence on your domains to all the internal factors to consider when operating your DNS. The readers are taken on a comprehensive guided tour through the world of naming: from understanding the role of registrars and how they interact with registries, to what exactly is it that ICANN does anyway? Once the prerequisite knowledge of the domain name ecosystem is acquired, the readers are taken through all aspects of DNS operations. Whether your organization operates its own nameservers or utilizes an outsourced vendor, or both, we examine the complex web of interlocking factors that must be taken into account but are too frequently overlooked. By the end of this book, our readers will have an end to end to understanding of all the aspects covered in DNS name servers.

Preface

Who this book is for

What this book covers

To get the most out of this book

Free Chapter

The Domain Name Ecosystem

The Domain Name Ecosystem

Why domains are important

Domain names 101

Registries, Registrars, and Whois

Registries, Registrars, and Whois

Registries and Registrars

Intellectual Property Issues

Intellectual Property Issues

Which domains should your organization register?

Rollout phases of a new TLD

The Trademark Clearing House

Transfer Dispute Resolution Procedure (TDRP)

Communication Breakdowns

Communication Breakdowns

Domain policies you must be aware of

A Tale of Two Nameservers

A Tale of Two Nameservers

Introducing resolvers

Authoritative nameservers

DNS Queries in Action

DNS Queries in Action

Top-level domain nameservers

When does DNS use TCP instead of UDP?

Types and Uses of Common Resource Records

Types and Uses of Common Resource Records

Format of an RR

Quasi-Record Types

Quasi-Record Types

URL Forwards and Redirects

The Zone Apex Alias (ANAME)

POOL records (multiple CNAME RRSet)

DYN (Dynamic DNS records)

Email forwarders

Common Nameserver Software

Common Nameserver Software

Debugging Without Tears – DNS Diagnostic Tools

Debugging Without Tears – DNS Diagnostic Tools

Command line-based tools

Web-based debugging tools

DNS Operations and Use Cases

DNS Operations and Use Cases

Transferring domain names

Nameserver Considerations

Nameserver Considerations

Anycast versus Unicast

Debugging under anycast

Securing Your Domains and DNS

Securing Your Domains and DNS

Protecting your domains from unauthorized manipulation

DNS and DDoS Attacks

DNS and DDoS Attacks

What DNS operators can do to mitigate attacks

What individual domain owners can do

For DNS providers

IPv6 Considerations

IPv6 Considerations

IPv6-enabled nameservers

Adding IPv6 to your zones

Other Books You May Enjoy

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Summary

In this chapter, we looked at the exigencies of handling Distributed Denial-of-Service (DDoS) attacks against your DNS infrastructure. We examined several aspects of what you can do when they happen, at both the individual domain holder and aggregate provider level.

I can never say it too often, so I'll say it again here: DDoS mitigation is an arms race, and you are usually fighting the last war. The next attack will be bigger, and the next attack will be harder to mitigate, so if you absolutely, positively must have 100% DNS availability all the time, the way to achieve that is to use multiple DNS providers or systems and have a coherent methodology for deploying your zone data across them and have the ability to switch between them as the need arises.