Book Image

Managing Mission - Critical Domains and DNS

By : Mark E.Jeftovic
Book Image

Managing Mission - Critical Domains and DNS

By: Mark E.Jeftovic

Overview of this book

Managing your organization's naming architecture and mitigating risks within complex naming environments is very important. This book will go beyond looking at “how to run a name server” or “how to DNSSEC sign a domain”, Managing Mission Critical Domains & DNS looks across the entire spectrum of naming; from external factors that exert influence on your domains to all the internal factors to consider when operating your DNS. The readers are taken on a comprehensive guided tour through the world of naming: from understanding the role of registrars and how they interact with registries, to what exactly is it that ICANN does anyway? Once the prerequisite knowledge of the domain name ecosystem is acquired, the readers are taken through all aspects of DNS operations. Whether your organization operates its own nameservers or utilizes an outsourced vendor, or both, we examine the complex web of interlocking factors that must be taken into account but are too frequently overlooked. By the end of this book, our readers will have an end to end to understanding of all the aspects covered in DNS name servers.

Related Content you might be interested in

Current Title:

Small book image
Managing Mission - Critical Domains and DNS
Mark E.Jeftovic
Jun, 2018 | 368 pages
Small book image
Hands-On Cybersecurity with Blockchain
Rajneesh Gupta
Jun, 2018 | 236 pages
Table of Contents (17 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
Free Chapter
1
The Domain Name Ecosystem
The Domain Name Ecosystem
Why domains are important
Domain names 101
Summary
References
2
Registries, Registrars, and Whois
Registries, Registrars, and Whois
Registries and Registrars
What is Whois?
Summary
3
Intellectual Property Issues
Intellectual Property Issues
Which domains should your organization register?
Rollout phases of a new TLD
The Trademark Clearing House
Transfer Dispute Resolution Procedure (TDRP)
Summary
References
4
Communication Breakdowns
Communication Breakdowns
Domain policies you must be aware of
Summary
References
5
A Tale of Two Nameservers
A Tale of Two Nameservers
Introducing resolvers
Authoritative nameservers
Summary
References
6
DNS Queries in Action
DNS Queries in Action
Top-level domain nameservers
When does DNS use TCP instead of UDP?
Summary
References
7
Types and Uses of Common Resource Records
Types and Uses of Common Resource Records
Format of an RR
Summary
References
8
Quasi-Record Types
Quasi-Record Types
URL Forwards and Redirects
The Zone Apex Alias (ANAME)
POOL records (multiple CNAME RRSet)
DYN (Dynamic DNS records)
Email forwarders
Summary
References
9
Common Nameserver Software
Common Nameserver Software
BIND
BIND-DLZ
PowerDNS
NSD
djbdns/tinydns
Conclusion
References
10
Debugging Without Tears – DNS Diagnostic Tools
Debugging Without Tears – DNS Diagnostic Tools
Command line-based tools
Web-based debugging tools
Summary
References
11
DNS Operations and Use Cases
DNS Operations and Use Cases
Transferring domain names
Summary
References
12
Nameserver Considerations
Nameserver Considerations
Anycast versus Unicast
Debugging under anycast
Summary
References
13
Securing Your Domains and DNS
Securing Your Domains and DNS
Protecting your domains from unauthorized manipulation
Summary
References
14
DNS and DDoS Attacks
DNS and DDoS Attacks
What DNS operators can do to mitigate attacks
What individual domain owners can do
For DNS providers
Summary
References
15
IPv6 Considerations
IPv6 Considerations
IPv6-enabled nameservers
Adding IPv6 to your zones
Summary
References
16
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

The Zone Apex Alias (ANAME)

This is the Big Kahuna of protocol violations. If there were just one rule in the DNS most people wish they could break with impunity, it would be the dreaded "CNAME can't contain other data" rule, which we also examined in the CNAME section of Chapter 7, Types and Uses of Common Resource Records.

Once you create a record as a CNAME, it can't exist next to other data of the same name. The only exception to this rule being DNSSEC RRs (see Chapter 13, Securing Your Domains and DNS).

It precludes being able to do this:

$ORIGIN example.com.
example.com. IN CNAME example.com.cdn-networks-r-us.dom.

Why? Because example.com is the domain's apex, which means there must also be present both an SOA record and accompanying NS records:

; this will not work.
$ORIGIN example.com.
IN SOA dns0.example.com. ops.example.com. 2015040113 16384 2048...
Previous Section
End of Section 3
Next Section